Trytond dies with SSL ca_certs implimentation

I have copied the contents of the (non OS ssl) privkey.pem into the fullchain.pem to create the /home/me/.config/tryton/x.y/ca_certs file. I then declared it in the trytond.conf with “SSLContext.load_cert_chain(/home/me/.config/tryton/x.y/ca_certs)” I am not sure if this is where SSLContext.load_cert_chain should be defined but couldn’t find any information to that effect. When gnuhealth is run it dies with this error:

systemd[1]: Started GNU Health server.
trytond[11389]: Traceback (most recent call last):
trytond[11389]: extra_files = config.update_etc(options.configfile)
trytond[11389]: File “/usr/lib/python3.6/site-packages/trytond/config.py”, line 107, in update_etc
trytond[11389]: read_files = self.read(configfile)
trytond[11389]: File “/usr/lib64/python3.6/configparser.py”, line 697, in read
trytond[11389]: self._read(fp, filename)
trytond[11389]: File “/usr/lib64/python3.6/configparser.py”, line 1111, in _read
trytond[11389]: raise e
trytond[11389]: configparser.ParsingError: Source contains parsing errors: ‘/etc/tryton/trytond.conf’
trytond[11389]: #011[line 60]: ‘SSLContext.load_cert_chain(/home/me/.config/tryton/x.y/ca_certs)\n’
systemd[1]: gnuhealth.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
systemd[1]: gnuhealth.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: Stopped GNU Health server.
systemd[1]: gnuhealth.service: Start request repeated too quickly.
systemd[1]: Failed to start GNU Health server.
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
sshd[11334]: pam_unix(sshd:session): session closed for user root
systemd-logind[1342]: Session 87 logged out. Waiting for processes to exit.
systemd-logind[1342]: Removed session 87.
sshd[11397]: Accepted keyboard-interactive/pam for root from 192.168.1.107 port 50177 ssh2
systemd-logind[1342]: New session 88 of user root.
systemd[1]: Started Session 88 of user root.
sshd[11397]: pam_unix(sshd:session): session opened for user root by (uid=0)

Could you please advise on what I’m doing wrong and how to sort it.

Thank you

The configuration file should not contain any code.
But to activate SSL, you just need to set private key and certificate paths.

But for production setup, it is recommended to use a proxy (link nginx) to deal with SSL.

1 Like

Actually, I initially set the paths to the key and certificate in tryton.conf before going the SSLContext.load_cert_chain way but that also threw an error like:

systemd[1]: Started GNU Health server.
trytond[21214]: Traceback (most recent call last):
trytond[21214]: use_reloader=options.dev)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 833, in run_simple
trytond[21214]: inner()
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 793, in inner
trytond[21214]: fd=fd)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 679, in make_server
trytond[21214]: passthrough_errors, ssl_context, fd=fd)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 602, in init
trytond[21214]: self.socket = ssl_context.wrap_socket(sock, server_side=True)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 512, in wrap_socket
trytond[21214]: ssl_version=self._protocol, **kwargs)
trytond[21214]: File “/usr/lib64/python3.6/ssl.py”, line 1158, in wrap_socket
trytond[21214]: ciphers=ciphers)
trytond[21214]: File “/usr/lib64/python3.6/ssl.py”, line 750, in init
trytond[21214]: self._context.load_cert_chain(certfile, keyfile)
trytond[21214]: PermissionError: [Errno 13] Permission denied
systemd[1]: gnuhealth.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
systemd[1]: gnuhealth.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: Stopped GNU Health server.
systemd[1]: Started GNU Health server.
sshd[21222]: Accepted keyboard-interactive/pam for root from 192.168.1.107 port 52141 ssh2
systemd[1]: Started Session 99 of user root.
systemd-logind[1342]: New session 99 of user root.
sshd[21222]: pam_unix(sshd:session): session opened for user root by (uid=0)

I am new to Tryton. Will appreciate if you could explain clearly how to deal with this.
Thank you.

Clearly an access right issue.

Thanks for your reply but it is not helpful to me considering my request above.
Before posting for help, I’ve seen the reference to the PermissionError: and I have given both the directory and the the two files involved chmod 777 but tryton is still not permitted (got the same error) which is why I requested you to tell me clearly what needs to be done if you know it so it doesn’t have to take me another five questions or so to get there. Thanks