tlg/prompts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c78083d1ccceee376719d8a8b6010d0191308b6d
prompts/Linux-Servers.md

218 lines
6.6 KiB
Markdown
Raw Blame History

# Troubleshoot datacenter server https error
## Setup
The datacenter server is maintained with Virtualmin.
The domain causing the problem is "kipurchat.creature-go.com".
The SSL certificate provider is Let's Encrypt.
## Problem
When trying to open "kipurchat.creature-go.com" the web browser shows this
error (first section and certificates cut out):
```
net::ERR_CERT_DATE_INVALID
Subject: kipurchat.creature-go.com
Issuer: R13
Expires on: 28.01.2026
Current date: 14.03.2026
Certificate Transparency:
SCT Google 'Argon2026h1' log (Embedded in certificate, Verified)
SCT Let's Encrypt 'Oak2026h1' (Embedded in certificate, Verified)
```
## First own troubleshooting
The Virtualmin webpage SSL Certificate
In domain kipurchat.creature-go.com
shows that renewal of the certificate failed:
"
SSL certificate providers like Let's Encrypt can be used to automatically request a valid cert for use by Virtualmin.
This page can be used to request a new certificate, which will overwrite any other you currently have configured for this domain. However, SSL certificate providers require that your ownership of the certificate domain be validated by checking that this system hosts the website for the domain. This is done by placing a small temporary file under the website's document directory /home/admincg/domains/kipurchat.creature-go.com/public_html.
Request certificate for
Domains associated with this server
kipurchat.creature-go.com
Domain names listed here
Also request wildcard certificate?
SSL certificate provider
Let's Encrypt
Automatically renew certificate
Yes
No
Send email on renewal
Yes
Only on failure
No
Hostname verification
Attempt to request all hostnames, and fail if any cannot be validated
Skip unresolvable hostnames, but fail if any remaining cannot be validated
Exclude hostnames that cannot be validated from the certifcate
Certificate hash type
RSA
Time since last renewal
0.00 months
Last failed renewal
03/14/2026 11:39 AM
Renewal failed due to
Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for kipurchat.creature-go.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for kipurchat.creature-go.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
"
## Your tasks
Please help me by running these tasks:
### Understand the root cause
Why did the certificate renewal fail?
### Repair the SSL certificate setup
Change the SSL certificate setup so that future renewals will work.
### Repair SSL connection
If not already done by completing the task before, repair the SSL connection so that "kipurchat.creature-go.com" can be used again.
---
# Podman shell script for AFFiNE service
## Motivation
A Podman Pod is needed on a Linux server which provides an AFFiNE service.
This Podman Pod needs to be created and started with a shell script which needs to be designed.
The AFFiNE service will be used by humans and by AI agents; it will also be part of a design environment for designing a special MCP server for AFFiNE.
## Shell script requirements
Requirements for the shell script:
- Must use a container image with a Pinned Tag (for exact consistency) which points to the AFFiNE version 0.26.3. The name likely is something like "ghcr.io/toeverything/affine:0.26.3".
- Must provide the AFFiNE web user interface at port 8092.
- Must provide the GraphQL API. Background: The AFFiNE web and desktop apps use an internal GraphQL API to communicate with the backend. There is a /graphql endpoint but it is not documented for third-party use.
- Must be in folder /home/pln/bin.
- Must have the name create_pod_affine.sh
The shell script shall be run by user pln which has permissions to run rootless pods.
## Shell script style
The needed shell script must have the same style as other shell scripts on the server.
These files are examples:
/home/lwc/bin/create_pod_langflow.sh
/home/krt/bin/create_pod_qdrant.sh
## Your tasks
### Ask first
Before starting to design the shell script, ask between two and five questions to fully understand the situation, your tasks and the objectives.
### Identify the container image
Find the container image with Pinned Tag pointing to AFFiNE version 0.26.3.
### Write the shell script
Write the shell script.
### Test the shell script
Run the shell script and test it.
### Redesign if necessary
If the test failed, understand the problem, improve the shell script and go back to Test the shell script.
Repeat this in a loop up to five times.
## Your objectives
Your objectives are:
- All requirements are fulfilled.
- AFFiNE web user interface shows up at 127.0.0.1:8092.
- The AFFiNE GraphQL API shows up under 127.0.0.1:8092 at /graphql or another link.
## Your behaviour
If it is not possible to achieve your objectives, interrupt and ask me.
Complete all your tasks without asking in between if you can achieve your objectives.
---
# New Traefik route
## Motivation
A new service runs on the server and needs to be provided to the internet by installing a new Traefik route.
## Traefik service
Traefik runs as a systemd service in a Podman Pod.
To end the service and Pod, run `/home/trf/bin/remove_pod_systemd_services.sh`.
To start the Pod and the service, run `create_pod_traefik.sh`.
## Traefik configuration
The Traefik configuration directory is `/home/trf/.local/share/traefik/`.
The main configuration file is `/home/trf/.local/share/traefik/traefik.yml`.
In the directory `/home/trf/.local/share/traefik/dynamic` are the .yml files for the individual routings.
## New service
The new service for which the new Traefik route is needed:
- Name is "affine"
- Provided at 127.0.0.1:8092
## Your tasks
Your tasks are:
- Ask questions if necessary to understand the situation and the tasks below.
- Create the necessary file in `/home/trf/.local/share/traefik/dynamic`.
- Update `/home/trf/.local/share/traefik/traefik.yml`.
---
Reference in New Issue View Git Blame Copy Permalink