Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > thread for when you have computer problems
«252 »
 
  • Post
  • Reply
Flat Daddy
Dec 3, 2014

by Nyc_Tattoo
my balls hurt

* # ? Feb 1, 2015 08:50
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 17, 2024 09:05
  • Quote
cinci zoo sniper
Mar 15, 2013

Flat Daddy posted:

my balls hurt
remove them from computer

* # ? Feb 1, 2015 09:03
  • Quote
spankmeister
Jun 15, 2008

kalstrams posted:

if i need vps to host a website with small tool, i take i have no reasons to looks past amazon's ec2 or whatever was it called, right?

you could also use heroku

* # ? Feb 1, 2015 09:44
  • Quote
Dodoman
Feb 26, 2009



A moment of laxity
A lifetime of regret
Lipstick Apathy
lithium hosting is pretty good, they had some good goon only deal dunno if they do anymore

* # ? Feb 1, 2015 10:04
  • Quote
Migishu
Oct 22, 2005

I'll eat your fucking eyeballs if you're not careful

Grimey Drawer

saucepanman posted:

lithium hosting is pretty good, they had some good goon only deal dunno if they do anymore

they still do the discounts yeah, you go to their SAMart page and use the link

lithium are good

* # ? Feb 2, 2015 19:19
  • Quote
Beeftweeter
Jun 28, 2005

OFFICIAL #1 GNOME FAN
i have 2 identical disks connected to a mac, one is failing so i want to clone it to the other one. whats the best way to do this (the failing disk is ntfs, both are 1.5 tb)

i was thinking about using dd but i dont really know how to use it without it taking absolutely forever

* # ? Feb 6, 2015 03:39
  • Quote
Beeftweeter
Jun 28, 2005

OFFICIAL #1 GNOME FAN
also after reading a bit about dd it looks like this should do what i want?

dd if=/dev/rdisk2 of=/dev/rdisk3 bs=8m conv=noerror,sync

i dont really care about the data on the target disk (its ancient backups from leopard lol) so i'm going to try that but if someone has a better idea i'll stop it and do whatever

e: to be completely clear i dont really care about the data on the dying disk either, its just my windows install. i'd just rather not have to reinstall everything on a new disk

Beeftweeter fucked around with this message at 03:53 on Feb 6, 2015

* # ? Feb 6, 2015 03:43
  • Quote
spankmeister
Jun 15, 2008






 ya dd is good for that

* # ? Feb 6, 2015 09:20
  • Quote
Raluek
Nov 3, 2006

WUT.
looks like there is a mac version of ddrescue, which is designed such that it will retry bad sectors n times or until it gets a good read. takes awhile longer, but might get a better copy of your data. that said, there are like 3 versions of ddrescue and im not sure which version this is a port of. ive used gddrescue (gnu ddrescue) in the past with success off a linux live environment

* # ? Feb 6, 2015 09:37
  • Quote
cinci zoo sniper
Mar 15, 2013
is there some simple trink to convince yum on my centos 7 to do a favour for me?
i have a package that by default installs to
code:
/usr/share/package/
which i get through 'yum install package'. what i want it to do is to be installed into
code:
/var/www/test.example.com/
and most stuff ive found so far requires copying yum configuration to that folder and then doing some shamanistic stuff, which may as well work but sounds like a half-assed solution to the issue :confused:

* # ? Feb 6, 2015 12:34
  • Quote
spankmeister
Jun 15, 2008

kalstrams posted:

is there some simple trink to convince yum on my centos 7 to do a favour for me?
i have a package that by default installs to
code:
/usr/share/package/
which i get through 'yum install package'. what i want it to do is to be installed into
code:
/var/www/test.example.com/
and most stuff ive found so far requires copying yum configuration to that folder and then doing some shamanistic stuff, which may as well work but sounds like a half-assed solution to the issue :confused:

Install it in the regular location then symlink the dir there.

Better even is to use the config file it probably drops in /etc/httpd/sites-available. This is the intended way of doing things.

* # ? Feb 6, 2015 12:55
  • Quote
cinci zoo sniper
Mar 15, 2013

spankmeister posted:

Install it in the regular location then symlink the dir there.

Better even is to use the config file it probably drops in /etc/httpd/sites-available. This is the intended way of doing things.
eh, i just wanted folders to look nice :effort:
thanks for advice, made it work through nginx virtual host file

* # ? Feb 6, 2015 13:47
  • Quote
Beeftweeter
Jun 28, 2005

OFFICIAL #1 GNOME FAN

Raluek posted:

looks like there is a mac version of ddrescue, which is designed such that it will retry bad sectors n times or until it gets a good read. takes awhile longer, but might get a better copy of your data. that said, there are like 3 versions of ddrescue and im not sure which version this is a port of. ive used gddrescue (gnu ddrescue) in the past with success off a linux live environment

if i decide to redo it i'll try this but it took about 15 hours using the command i posted before lol

it looks like it worked (even though it was clicking 98% of the time it was copying) although strangely the disk isnt bootable. i'll have to dig out a windows dvd to test it

* # ? Feb 6, 2015 18:14
  • Quote
Beeftweeter
Jun 28, 2005

OFFICIAL #1 GNOME FAN
also lol
code:
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
  1 Raw_Read_Error_Rate     POSR--   115   099   006    -    84601291
  3 Spin_Up_Time            PO----   099   091   000    -    0
  4 Start_Stop_Count        -O--CK   083   083   020    -    18026
  5 Reallocated_Sector_Ct   PO--CK   100   100   036    -    0
  7 Seek_Error_Rate         POSR--   079   060   030    -    88726637
  9 Power_On_Hours          -O--CK   061   061   000    -    34983
 10 Spin_Retry_Count        PO--C-   100   100   097    -    112
 12 Power_Cycle_Count       -O--CK   100   100   020    -    579
184 End-to-End_Error        -O--CK   100   100   099    -    0
187 Reported_Uncorrect      -O--CK   100   100   000    -    0
188 Command_Timeout         -O--CK   100   001   000    -    60134261203
189 High_Fly_Writes         -O-RCK   068   068   000    -    32
190 Airflow_Temperature_Cel -O---K   046   039   045    Past 54 (Min/Max 25/56 #737)
194 Temperature_Celsius     -O---K   054   061   000    -    54 (0 25 0 0 0)
195 Hardware_ECC_Recovered  -O-RC-   040   023   000    -    84601291
197 Current_Pending_Sector  -O--C-   100   100   000    -    0
198 Offline_Uncorrectable   ----C-   100   100   000    -    0
199 UDMA_CRC_Error_Count    -OSRCK   200   200   000    -    1
240 Head_Flying_Hours       ------   100   253   000    -    18881 (47 216 0)
241 Total_LBAs_Written      ------   100   253   000    -    3267839384
242 Total_LBAs_Read         ------   100   253   000    -    122607372
e: and thats the good disk

Beeftweeter fucked around with this message at 18:50 on Feb 6, 2015

* # ? Feb 6, 2015 18:30
  • Quote
anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

Beeftweeter posted:

also lol
code:
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
  1 Raw_Read_Error_Rate     POSR--   115   099   006    -    84601291
  3 Spin_Up_Time            PO----   099   091   000    -    0
  4 Start_Stop_Count        -O--CK   083   083   020    -    18026
  5 Reallocated_Sector_Ct   PO--CK   100   100   036    -    0
  7 Seek_Error_Rate         POSR--   079   060   030    -    88726637
  9 Power_On_Hours          -O--CK   061   061   000    -    34983
 10 Spin_Retry_Count        PO--C-   100   100   097    -    112
 12 Power_Cycle_Count       -O--CK   100   100   020    -    579
184 End-to-End_Error        -O--CK   100   100   099    -    0
187 Reported_Uncorrect      -O--CK   100   100   000    -    0
188 Command_Timeout         -O--CK   100   001   000    -    60134261203
189 High_Fly_Writes         -O-RCK   068   068   000    -    32
190 Airflow_Temperature_Cel -O---K   046   039   045    Past 54 (Min/Max 25/56 #737)
194 Temperature_Celsius     -O---K   054   061   000    -    54 (0 25 0 0 0)
195 Hardware_ECC_Recovered  -O-RC-   040   023   000    -    84601291
197 Current_Pending_Sector  -O--C-   100   100   000    -    0
198 Offline_Uncorrectable   ----C-   100   100   000    -    0
199 UDMA_CRC_Error_Count    -OSRCK   200   200   000    -    1
240 Head_Flying_Hours       ------   100   253   000    -    18881 (47 216 0)
241 Total_LBAs_Written      ------   100   253   000    -    3267839384
242 Total_LBAs_Read         ------   100   253   000    -    122607372
your Raw_Read_Error_Rate is a POSR

* # ? Feb 6, 2015 18:44
  • Quote
A Wheezy Steampunk
Jul 16, 2006

High School Grads Eligible!

anthonypants posted:

your Raw_Read_Error_Rate is a POSR

his "high fly" writes are a rock lol

* # ? Feb 6, 2015 18:46
  • Quote
cinci zoo sniper
Mar 15, 2013
ERR_CONNECTION_RESET if use openssl with nginx, any ideas? this is how my virtual host file looks
code:
  [...]

server {
  listen 80;
  server_name test.example.com;
  # enforce https
  return 301 [url]https://[/url]$server_name$request_uri;
  }

server {
  listen 443 ssl;
  server_name test.example.com;

  ssl on;
  ssl_certificate_key /path/certificate_key.pem;
  ssl_certificate /path/certificate.pem;

  ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache shared:SSL:10m;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.4.4 8.8.8.8 valid=300s;
  resolver_timeout 10s;

  ssl_prefer_server_ciphers on;
  ssl_dhparam /path/dhparam.pem;

  add_header Strict-Transport-Security max-age=63072000;
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  [...]
  fastcgi_param HTTPS on;
  [...]
if i comment out all ssl stuff from second server block, comment out whole first server block, and put listen 80; into second block, then it works - but, obviously, no ssl
code:
OpenSSL 1.0.1e-fips 11 Feb 2013
nginx version: nginx/1.6.2
e: firewall is open, nginx is running perfectly otherwise

cinci zoo sniper fucked around with this message at 00:40 on Feb 7, 2015

* # ? Feb 7, 2015 00:16
  • Quote
kitten emergency
Jan 13, 2008

get meow this wack-ass crystal prison
something's jacked with your cert maybe

* # ? Feb 7, 2015 01:00
  • Quote
spankmeister
Jun 15, 2008

kalstrams posted:

ERR_CONNECTION_RESET if use openssl with nginx, any ideas? this is how my virtual host file looks
code:
  [...]

server {
  listen 80;
  server_name test.example.com;
  # enforce https
  return 301 [url]https://[/url]$server_name$request_uri;
  }

server {
  listen 443 ssl;
  server_name test.example.com;

  ssl on;
  ssl_certificate_key /path/certificate_key.pem;
  ssl_certificate /path/certificate.pem;

  ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache shared:SSL:10m;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.4.4 8.8.8.8 valid=300s;
  resolver_timeout 10s;

  ssl_prefer_server_ciphers on;
  ssl_dhparam /path/dhparam.pem;

  add_header Strict-Transport-Security max-age=63072000;
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  [...]
  fastcgi_param HTTPS on;
  [...]
if i comment out all ssl stuff from second server block, comment out whole first server block, and put listen 80; into second block, then it works - but, obviously, no ssl
code:
OpenSSL 1.0.1e-fips 11 Feb 2013
nginx version: nginx/1.6.2
e: firewall is open, nginx is running perfectly otherwise

you can't just offer those 2 ciphers, the TLS spec requires some algo's to be turned on in order for it to be in spec and handshake correctly. I don't know offhand but i'd say the problem is your ciphersuite

* # ? Feb 7, 2015 01:03
  • Quote
cinci zoo sniper
Mar 15, 2013

uncurable mlady posted:

something's jacked with your cert maybe
hm, this reminded me that i could try to connect and see whats up through openssl itself
code:
[user@pos ~]$ sudo openssl s_client -connect test.example.com:443
[sudo] password for user:
CONNECTED(00000003)
140240617965472:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
well gently caress, back into google

e: seems like broken version, assuming this is not ubungu specific

in that case, i need to upgraade which brings me to centos repos, ugh

e2: oh, just noticed

spankmeister posted:

you can't just offer those 2 ciphers, the TLS spec requires some algo's to be turned on in order for it to be in spec and handshake correctly. I don't know offhand but i'd say the problem is your ciphersuite

alright, ill check that out too

cinci zoo sniper fucked around with this message at 01:47 on Feb 7, 2015

* # ? Feb 7, 2015 01:07
  • Quote
du -hast
Mar 12, 2003

BEHEAD THOSE WHO INSULT GENTOO
b/c i am a computer janitor ive done probably 500 centos install / troubleshoots, if u need help or whatever

* # ? Feb 7, 2015 01:49
  • Quote
cinci zoo sniper
Mar 15, 2013
idk i went on to post on serverfault since ive been busy with this crap for some 8 hours already, maybe, and im running out of ideas that would be near what little competence i pretend to have

* # ? Feb 7, 2015 03:12
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
what happens when you just, on the command line, do an "openssl ciphers" and see what you've got?

does what's in your list in the config match with entries there?

do you have any logs from the server side that detail the hits that are causing the error?

* # ? Feb 7, 2015 03:14
  • Quote
cinci zoo sniper
Mar 15, 2013

Sniep posted:

what happens when you just, on the command line, do an "openssl ciphers" and see what you've got?

does that match what's in your list in the config?
so

sudo openssl ciphers posted:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-IDEA-CBC-MD5:KRB5-DES-CBC3-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5
and my config
code:
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
so i'm not even sure, actually.

* # ? Feb 7, 2015 03:16
  • Quote
cinci zoo sniper
Mar 15, 2013

Sniep posted:

do you have any logs from the server side that detail the hits that are causing the error?
actually i do, apparently

quote:

2015/02/07 03:18:34 [error] 27951#0: *17 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: my.computers.ip.address, server: 0.0.0.0:443

e: wtf :lol:

quote:

2015/02/07 00:33:08 [error] 25969#0: *39 open() "/usr/share/nginx/html/ljlj/ljl/lj.php" failed (2: No such file or directory), client: bad.dude.ip.2, server: localhost, request: "GET /ljlj/ljl/lj.php HTTP/1.1", host: "my.server"
2015/02/07 00:33:08 [error] 25969#0: *40 open() "/usr/share/nginx/html/phpMyAdmin/scripts/setup.php" failed (2: No such file or directory), client: bad.dude.ip.2, server: localhost, request: "GET /phpMyAdmin/scripts/setup.php HTTP/1.1", host: "my.server"
2015/02/07 00:33:09 [error] 25969#0: *41 open() "/usr/share/nginx/html/pma/scripts/setup.php" failed (2: No such file or directory), client: bad.dude.ip.2, server: localhost, request: "GET /pma/scripts/setup.php HTTP/1.1", host: "80.85.86.34"
2015/02/07 00:33:09 [error] 25969#0: *42 open() "/usr/share/nginx/html/myadmin/scripts/setup.php" failed (2: No such file or directory), client: bad.dude.ip.2, server: localhost, request: "GET /myadmin/scripts/setup.php HTTP/1.1", host: "my.server"
2015/02/07 02:46:06 [error] 27951#0: *7 open() "/usr/share/nginx/html/hmhm/hmh/hm.php" failed (2: No such file or directory), client: bad.dude.ip.1, server: localhost, request: "GET /hmhm/hmh/hm.php HTTP/1.1", host: "my.server"
2015/02/07 02:46:06 [error] 27951#0: *8 open() "/usr/share/nginx/html/phpMyAdmin/scripts/setup.php" failed (2: No such file or directory), client: bad.dude.ip.1, server: localhost, request: "GET /phpMyAdmin/scripts/setup.php HTTP/1.1", host: "my.server4"
2015/02/07 02:46:07 [error] 27951#0: *9 open() "/usr/share/nginx/html/pma/scripts/setup.php" failed (2: No such file or directory), client: bad.dude.ip.1, server: localhost, request: "GET /pma/scripts/setup.php HTTP/1.1", host: "my.server"
2015/02/07 02:46:07 [error] 27951#0: *10 open() "/usr/share/nginx/html/myadmin/scripts/setup.php" failed (2: No such file or directory), client: 130.211.253.141, server: localhost, request: "GET /myadmin/scripts/setup.php HTTP/1.1", host: "my.server"

cinci zoo sniper fucked around with this message at 03:24 on Feb 7, 2015

* # ? Feb 7, 2015 03:20
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
post "/path/certificate.pem" that you ref in the link you posted (not the private key dont be a dummy)

e: or just send me a message here with it if you dont want everyone to be able to see the subject material (CN) or SANs if applicable

* # ? Feb 7, 2015 03:27
  • Quote
cinci zoo sniper
Mar 15, 2013
it's a dummy cert i generated to sort stuff out before i get into getting decent cert

quote:

-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIJAOTYZOgLu4HYMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV
BAYTAlNFMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxEjAQBgNVBAoMCUthbHN0cmFt
czEMMAoGA1UECwwDU1NMMRUwEwYDVQQDDAxrYWxzdHJhbXMuZXUwHhcNMTUwMjA3
MDEwNTU4WhcNMTYwMjA3MDEwNTU4WjBdMQswCQYDVQQGEwJTRTEVMBMGA1UEBwwM
RGVmYXVsdCBDaXR5MRIwEAYDVQQKDAlLYWxzdHJhbXMxDDAKBgNVBAsMA1NTTDEV
MBMGA1UEAwwMa2Fsc3RyYW1zLmV1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvVwblvm8RScjgMh+lINSJ+3S18rDOC0bRpmjxdVIxzZdKA4JQyDZJB22
+miBPajUubF6YA17pqXx9o6UJRXsemKen1HlsuCeVjtgTk8wMhOqfVYke6MevN0N
QdFmVjKpheclB80d1y4QtWNVngMJMNiu1Jx/uwkY1+lreTxPqRPvI+ioRjmv1QtV
7VOPvUbr37d7gfzGgtkq8H4vOs9JX13wYcJASbkPQfP5S/tLHojM7hNcUOx5X64W
xLIT/K4X1g9Q12DqwXEpeOhf2Mmcw/qF4roCNrzSnxLfUEtJHueirLhs0iqRQzYV
vJlWJApTl/42a3djtlN3K09UzGxFDwIDAQABo1AwTjAdBgNVHQ4EFgQUsus9gFml
fdlhf0dxeHpaSk4YzaYwHwYDVR0jBBgwFoAUsus9gFmlfdlhf0dxeHpaSk4YzaYw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAo17JuOYT/aqaPnVYs55a
IR9fxordXfbw5PTwU76vW2bY7aSmMEtnykV7cFzmpaCXls6Dyp0PzavHHrG2S6dI
zsNJBS0q18R1asWBuo4HzS8F+emw8EZG3+unezJprfaGaooc67npRSCRx9EKw1io
jYo3lKEsYeeLynMjnHVjk7U7vSm30WnoVDF2k+vA0rhjq/3gTncG4aQIJntYhysu
9M1k2Y6ciBVteoYqw+zU+OIPM7qYJA8n+qbC1hEDJeVRFgJXxzXkx8h+xScSIkbM
XLdYtVtNv5BsokA7N+YLrVjcGDT66rOwTzmdvfIS6g3TTKmTTrdi/qfIm4t6gMtb
Dg==
-----END CERTIFICATE-----
* # ? Feb 7, 2015 03:29
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
k the cert looks fine.

does the CN match the hostname youre trying to access this via?

i still lean ciphers since none show up when you did the s_client against it. are you testing from localhost? are you certain the openssl ciphers on your test platform support what you have nginx limited down to? (extremely limited down to?)

i mean i run apache, so the formatting is a little different but here's my personal cipher list:

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA ECDH+3DES DH+3DES RSA+3DES !EECDH+aRSA+RC4 !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS"

* # ? Feb 7, 2015 03:33
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
which is pretty sloppy now that i look at it, but regardless, i have a few in there for compatibility, not just the limited ones you specified

* # ? Feb 7, 2015 03:35
  • Quote
cinci zoo sniper
Mar 15, 2013
i have also tried this one

quote:

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
and the issue persisted too, so im not sure if my ciphers are bad

cn is example.com, hostname is test.example.com - is that fine or should i remake cert for test.example.com?

* # ? Feb 7, 2015 03:41
  • Quote
Shaggar
Apr 26, 2006
 upgrade to windows and IIS. it just works.

* # ? Feb 7, 2015 03:42
  • Quote
Shaggar
Apr 26, 2006

kalstrams posted:

i have also tried this one

and the issue persisted too, so im not sure if my ciphers are bad

cn is example.com, hostname is test.example.com - is that fine or should i remake cert for test.example.com?

if the cn was *.example.com then test.example.com would work but if its just example.com then no. Either way the server shouldn't give a poo poo about the cn, only the client will complain.

* # ? Feb 7, 2015 03:43
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast

kalstrams posted:

i have also tried this one

and the issue persisted too, so im not sure if my ciphers are bad

cn is example.com, hostname is test.example.com - is that fine or should i remake cert for test.example.com?

that's not what you posted above when you pasted in the certificate pem

but swr you need it to be a wildcard if you are using a subdomain off of it (or at least SAN in the specific subdomain)

Sniep fucked around with this message at 03:47 on Feb 7, 2015

* # ? Feb 7, 2015 03:44
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast

Shaggar posted:

if the cn was *.example.com then test.example.com would work but if its just example.com then no. Either way the server shouldn't give a poo poo about the cn, only the client will complain.

yeah chasing the CN isn't fruitful, but its just another thing that doesnt line up

either way it fails to handshake and i still wonder what client he is using to do the s_client with and if it supports his fancy ciphers, or if nginx itself isnt properly listening

* # ? Feb 7, 2015 03:46
  • Quote
cinci zoo sniper
Mar 15, 2013

Sniep posted:

that's not what you posted above when you pasted in the certificate pem
but does it matter? i did just generate another cert where cn matches hostname and nothing has changed

* # ? Feb 7, 2015 03:50
  • Quote
Shaggar
Apr 26, 2006
 idk nginx but try removing everything but the bare minimum ssl config and see if it works. also make sure w/e user nginx is running as can access your key (both file permissions + password if it has one)

* # ? Feb 7, 2015 03:52
  • Quote
cinci zoo sniper
Mar 15, 2013

Sniep posted:

either way it fails to handshake and i still wonder what client he is using to do the s_client with and if it supports his fancy ciphers, or if nginx itself isnt properly listening
i did s_client from the same machine the server is hosted on :D

* # ? Feb 7, 2015 03:52
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
oh yea didnt think bout that, did you password the key and is nginx able to unencrypt it?

i mean drat man you gotta have some sort of logs of the ssl part bitching somewhere, im just not that familiar with nginx logs

* # ? Feb 7, 2015 03:53
  • Quote
Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast
i mean you posted this:

2015/02/07 03:18:34 [error] 27951#0: *17 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: my.computers.ip.address, server: 0.0.0.0:443

so, i'd probably head that direction first? is the test.blah.conf being included correctly? it seems like it might not even be fired up, the fundamental issue first is that ssl wont even handshake so to figure out why its not running...

* # ? Feb 7, 2015 03:55
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 17, 2024 09:05
  • Quote
Shaggar
Apr 26, 2006
 like u could have setup an entire IIS cluster in the time it took for me to post this

* # ? Feb 7, 2015 03:56
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > thread for when you have computer problems
«252 »