How do I setup my credentials for static-website-from-folder?

Hiya,

A rookie question. I just installed freckles and tried the example setup of static-website-from-folder. I get the following error, and wasn’t sure how to provide my password or publickey to freckles.

ubuntu@ip-172-30-0-213:~/freckles$ freckles -t jun@server.howtoeatcheeseburgers.com static-site.frecklet

╭╼ starting run
│  ├╼ running frecklet: /home/ubuntu/freckles/static-site.frecklet (on: server.howtoeatcheeseburgers.com)
│  │  ├╼ starting Ansible run
│  │  │  ├╼ remove vault key file
│  │  │  │  ├ msg: Failed to connect to the host via ssh: jun@server.howtoeatcheeseburgers.com: Permission denied (publickey,password).
│  │  │  │  ╰╼ failed
│  │  │  ╰╼ failed
│  │  ╰╼ failed
│  ╰╼ failed
╰╼ failed

Thanks!

Hiya, welcome!

Thanks for bringing this to my attention, definitely need to document this… (will update with a link later, once that is done).

So, there are a few scenarios that require different actions on behalf of the user. In cases where it’s possible, freckles will figure out what is necessary and prompt the user for it (e.g. running on localhost and needing sudo credentials will prompt for a sudo password). But in some cases that is not possible, so the user need to take appropriate steps.

If the machine you want to run on is localhost, the ‘-t jun@server…’ cli argument is not necessary (since ‘localhost’ is the default target). In this case the user who runs the job needs to be in the ‘sudoers’ group, and freckles will prompt for the sudo password if necessary.

If you want to run on a remote target, depending on how the remote ssh daemon is configured, and the permissions of the user you log in as (the part before the ‘@’) and whether passwordless sudo is configured for it, you might or might not have to use the --ask-login-pass commandline-flag, like so:

frecklecute --ask-login-pass --target jun@server.domain.tld static-site.frecklet

The --ask-login-pass option requires the ‘sshpass’ application to be installed. You can either do that manually via the package manager of your choice, or, as freckles will prompt you, via:

frecklecute sshpass-installed

(the latter is only supported on Debian/Ubuntu & Redhat-based systems though)

Let me know if you still have problems after this!

EDIT: here’s the link to the relevant documentation page (work in progess): https://freckles.io/doc/running_frecklets

Thank you Markus,

Removing -t jun@… option fixed the issue.

After that I was getting timeout from Last Encrypt while connecting to my server, then I realised Ubuntu firewall was blocking port 80 and 443. Using ufw to add http and https resolved this issue.

However I am getting a different error now. It fails the LastEncrypt as seen below, but it proceeds with the installation and finishes everything else successfully. I can even connect to the freckles installed server on both http and https.

│  │  │  ├╼ Attempt to get the certificate using the webroot authenticator
│  │  │  │  ├ msg:
│  │  │  │  │   stdout:
│  │  │  │  │     IMPORTANT NOTES:
│  │  │  │  │      - The following errors were reported by the server:
│  │  │  │  │
│  │  │  │  │        Domain: server.howtoeatcheeseburgers.com
│  │  │  │  │        Type:   connection
│  │  │  │  │        Detail: Fetching
│  │  │  │  │        http://server.howtoeatcheeseburgers.com/.well-known/acme-challenge/6xSK7-39a3Wwq0wPUbRBOMaBHDbAHULJ_j88Ulug0ZU:
│  │  │  │  │        Connection refused
│  │  │  │  │
│  │  │  │  │        To fix these errors, please make sure that your domain name was
│  │  │  │  │        entered correctly and the DNS A/AAAA record(s) for that domain
│  │  │  │  │        contain(s) the right IP address. Additionally, please check that
│  │  │  │  │        your computer has a publicly routable IP address and that no
│  │  │  │  │        firewalls are preventing the server from communicating with the
│  │  │  │  │        client. If you're using the webroot plugin, you should also verify
│  │  │  │  │        that you are serving files from the webroot path you provided.
│  │  │  │  ├ error:
│  │  │  │  │   stderr:
│  │  │  │  │     Saving debug log to /var/log/letsencrypt/letsencrypt.log
│  │  │  │  │     Plugins selected: Authenticator webroot, Installer None
│  │  │  │  │     Obtaining a new certificate
│  │  │  │  │     Performing the following challenges:
│  │  │  │  │     http-01 challenge for server.howtoeatcheeseburgers.com
│  │  │  │  │     Using the webroot path /var/www/html for all unmatched domains.
│  │  │  │  │     Waiting for verification...
│  │  │  │  │     Challenge failed for domain server.howtoeatcheeseburgers.com
│  │  │  │  │     http-01 challenge for server.howtoeatcheeseburgers.com
│  │  │  │  │     Cleaning up challenges
│  │  │  │  │     Some challenges have failed.
│  │  │  │  ╰╼ failed (ignored)

Any thoughts on the implications of above error?

Thanks.

Hi. Sorry for the delay, didn’t get a notification about your post. Did you setup you dns record correctly? When trying to ping server.howtoeatcheesburgers.com it resolves to: 54.89.173.224 Is that correct?

Ah, sorry. Forget what I said before. What you see is actually not an error. The underlying Ansible role tries to get the https certificate two different ways: using a potentially existing webserver and the .well-known/acme-challenge folder, and, should that fail, it tries to run a temporary webserver itself and do the certificate challenge dance. So, what you see is the error message of one of the methods not working. Since your website is setup including https, all should be fine. There also should be a cron job setup which will re-new the certificate before it expires. I haven’t tested that under all circumstances, so it might fail in some special cases, but it worked without issue for me for the servers I’ve used this on.

1 Like

Thanks! Yeah that makes sense. Installation did work, and redirects to https.

Screenshot below:

frecklesserver