Ok, I’ve been struggling with this for a few days now but I cannot get the local Blynk server to find my Let’s Encrypt certificates. I tried to have it automatically generate them which did not work, so I have done it manually and it still can’t find them.
I am running Blynk on a Raspberry Pi 3 Model B using this command
java -jar server-0.29.3-java8.jar
I manually updated the Let’s Encrypt certificates with Certbot-Auto. I can verify they exist with this:
pi@hassio:~/Blynk $ sudo ~/certbot/certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: home.binarybeach.com
Domains: home.binarybeach.com blynk.binarybeach.com mqtt.binarybeach.com service.binarybeach.com www.binarybeach.com
Expiry Date: 2018-04-02 21:49:29+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/home.binarybeach.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/home.binarybeach.com/privkey.pem
-------------------------------------------------------------------------------
I also ran this so that I didn’t have to run the Blynk server with sudo
pi@hassio:~/Blynk $ sudo chmod 755 /etc/letsencrypt/live/home.binarybeach.com/fullchain.pem
pi@hassio:~/Blynk $ sudo chmod 755 /etc/letsencrypt/live/home.binarybeach.com/privkey.pem
I have added mail.properties and it contains this
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.host=smtp.gmail.com
mail.smtp.port=587
mail.smtp.username=conklin.jason@gmail.com
mail.smtp.password=redacted
and my server.properties
#hardware mqtt port
hardware.mqtt.port=8440
#hardware ssl port
hardware.ssl.port=8441
#hardware plain tcp/ip port
hardware.default.port=8442
#http and web sockets port
http.port=8080
#https and web sockets port
https.port=9443
#application ssl port
app.ssl.port=8443
#address to bind to. by default bounded to all interfaces
listen.address=
#by default server uses embedded in jar cert to simplify local server installation.
#WARNNING DO NOT USE THIS CERTIFICATES ON PRODUCTION OR IN WHERE ENVIRNOMENTS REAL SECURITY REQUIRED.
#provide either full path to files either use '.' for specifying current directory. For instance "./myfile.crt"
server.ssl.cert=/etc/letsencrypt/live/home.binarybeach.com/fullchain.pem
server.ssl.key=/etc/letsencrypt/live/home.binarybeach.com/privkey.pem
server.ssl.key.pass=
#by default System.getProperty("java.io.tmpdir")/blynk used
data.folder=/home/pi/Blynk
#folder for logs.
logs.folder=./logs
#log debug level. trace|debug|info|error. Defines how precise logging will be.
log.level=trace
#maximum number of devices allowed per account
user.devices.limit=25
#maximum number of tags allowed per account
user.tags.limit=100
#defines maximum allowed number of user dashboards. Needed to limit possible number of tokens.
user.dashboard.max.limit=100
#defines maximum allowed widget size in KBs as json string.
user.widget.max.size.limit=20
#user is limited with 100 messages per second.
user.message.quota.limit=100
#maximum allowed number of notification queue. Queue responsible for processing email, pushes, twits sending.
#Because of performance issue - those queue is processed in separate thread, this is required due
#to blocking nature of all above operations. Usually limit shouldn't be reached.
notifications.queue.limit=2000
#Number of threads for performing blocking operations - push, twits, emails, db queries.
#Recommended to hold this value low unless you have to perform a lot of blocking operations.
blocking.processor.thread.pool.limit=6
#this setting defines how often we can send mail/tweet/push or any other notification. Specified in seconds
notifications.frequency.user.quota.limit=15
#this setting defines how often we can send webhooks. Specified in miliseconds
webhooks.frequency.user.quota.limit=1000
#this setting defines how big could be response for webhook GET request. Specified in kbs
webhooks.response.size.limit=72
#maximum size of user profile in kb's
user.profile.max.size=128
#number of strings to store in terminal widget
terminal.strings.pool.size=25
#number of strings to store in map widget
map.strings.pool.size=25
#number of strings to store in lcd widget
lcd.strings.pool.size=6
#maximum number of rows allowed
table.rows.pool.size=100
#period in millis for saving all user DB to disk.
profile.save.worker.period=60000
#period in millis for saving stats to disk.
stats.print.worker.period=60000
#max size of web request in bytes, 256 kb (256x1024) is default
web.request.max.size=524288
#maximum number of points that are fetched during CSV export
#43200 == 60 * 24 * 30 - minutes points for 1 month
csv.export.data.points.max=43200
#specifies maximum period of time when hardware socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 15 if not provided.
#leave it empty for infinity timeout
hard.socket.idle.timeout=15
#enable DB
enable.db=false
#enable raw data storage to DB
enable.raw.db.data.store=false
#size of async logger ring buffer. should be increased for loads >2-3k req/sec
async.logger.ring.buffer.size=2048
#initial amount of energy
initial.energy=100000
#ADMINISTRATION SECTION
admin.rootPath=/admin
#used for reset password page and certificate generation.
#by default current server IP is taken. could be replaced with more friendly hostname.
#it is recommended to override this property with your server IP to avoid possible problems of host resolving
server.host=blynk.binarybeach.com
#email used for certificate registration, could be omitted in case you already specified it in mail.properties
contact.email=conklin.jason@gmail.com
#network interface to determine server's current IP.
#only the first characters of the interface's name are needed.
#the default setting eth will use the first ethX interface found (i.e. eth0)
net.interface=eth
#comma separated list of administrator IPs. allow access to admin UI only for those IPs.
#you may set it for 0.0.0.0/0 to allow access for all.
#you may use CIDR notation. For instance, 192.168.0.53/24
allowed.administrator.ips=0.0.0.0/0,::/0
# default admin name and password. that will be created on initial server start
admin.email=conklin.jason@gmail.com
admin.pass=also_redacted_to_protect_the_innocent
#comma separated list of users allowed to create accounts. leave it empty if no restriction required.
allowed.users.list=
Currently I have ports 80 and 443 forwarded to a Synology Diskstation and on there I have a reverse proxy that sends everything for blynk.binarybeach.com on port 80 to port 8080 and port 433 to 9443. This works, I can start the server and I can access it from anywhere. (I’ve tried port forwarding on the Raspi to forward 80 to 8080 and 443 to 9443 and changing my router to forward directly to the Raspi and not the Synology, but same results.)
However, every time I start the server, it cannot find the Let’s Encrypt Certificates. This is my blynk.log
17:07:28.524 DEBUG- Using SLF4J as the default logging framework
17:07:28.540 INFO - Using data dir '/home/pi/Blynk'
17:07:28.625 DEBUG- -Dio.netty.noUnsafe: false
17:07:28.625 DEBUG- Java version: 8
17:07:28.628 DEBUG- sun.misc.Unsafe.theUnsafe: available
17:07:28.631 DEBUG- sun.misc.Unsafe.copyMemory: available
17:07:28.632 DEBUG- java.nio.Buffer.address: available
17:07:28.634 DEBUG- direct buffer constructor: available
17:07:28.637 DEBUG- java.nio.Bits.unaligned: available, false
17:07:28.637 DEBUG- jdk.internal.misc.Unsafe.allocateUninitializedArray(int): unavailable prior to Java9
17:07:28.637 DEBUG- java.nio.DirectByteBuffer.<init>(long, int): available
17:07:28.638 DEBUG- sun.misc.Unsafe: available
17:07:28.639 DEBUG- -Dio.netty.tmpdir: /tmp (java.io.tmpdir)
17:07:28.639 DEBUG- -Dio.netty.bitMode: 32 (sun.arch.data.model)
17:07:28.643 DEBUG- -Dio.netty.noPreferDirect: false
17:07:28.643 DEBUG- -Dio.netty.maxDirectMemory: 235274240 bytes
17:07:28.643 DEBUG- -Dio.netty.uninitializedArrayAllocationThreshold: -1
17:07:28.646 DEBUG- java.nio.ByteBuffer.cleaner(): available
17:07:28.657 DEBUG- Starting reading user DB.
17:07:28.879 DEBUG- Reading user DB finished.
17:07:28.879 INFO - Region : local. Host : blynk.binarybeach.com.
17:07:28.954 DEBUG- -Dio.netty.eventLoopThreads: 8
17:07:29.037 DEBUG- -Dio.netty.noKeySetOptimization: false
17:07:29.037 DEBUG- -Dio.netty.selectorAutoRebuildThreshold: 512
17:07:29.065 DEBUG- org.jctools-core.MpscChunkedArrayQueue: available
17:07:29.080 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1e5f737
17:07:29.101 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@f9c5b7
17:07:29.102 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1271612
17:07:29.102 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@d7f8b4
17:07:29.102 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@309d4d
17:07:29.103 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@102d01
17:07:29.103 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1883b97
17:07:29.104 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@ab778a
17:07:29.104 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@3958e7
17:07:29.171 DEBUG- -Dio.netty.leakDetection.level: disabled
17:07:29.171 DEBUG- -Dio.netty.leakDetection.targetRecords: 4
17:07:29.177 DEBUG- Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@668b6e
17:07:29.924 DEBUG- Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]
17:07:29.925 DEBUG- Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]
17:07:30.100 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@13d4a8c
17:07:30.100 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1de24cc
17:07:30.101 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1c7df28
17:07:30.105 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@f842ca
17:07:30.108 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@1c81773
17:07:30.109 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@114b6c2
17:07:30.110 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@990ed7
17:07:30.111 TRACE- instrumented a special java.util.Set into: sun.nio.ch.EPollSelectorImpl@5fddc
17:07:30.153 DEBUG- -Dio.netty.threadLocalMap.stringBuilder.initialSize: 1024
17:07:30.154 DEBUG- -Dio.netty.threadLocalMap.stringBuilder.maxSize: 4096
17:07:30.198 DEBUG- -Dio.netty.allocator.numHeapArenas: 2
17:07:30.198 DEBUG- -Dio.netty.allocator.numDirectArenas: 2
17:07:30.199 DEBUG- -Dio.netty.allocator.pageSize: 8192
17:07:30.199 DEBUG- -Dio.netty.allocator.maxOrder: 11
17:07:30.200 DEBUG- -Dio.netty.allocator.chunkSize: 16777216
17:07:30.200 DEBUG- -Dio.netty.allocator.tinyCacheSize: 512
17:07:30.200 DEBUG- -Dio.netty.allocator.smallCacheSize: 256
17:07:30.201 DEBUG- -Dio.netty.allocator.normalCacheSize: 64
17:07:30.201 DEBUG- -Dio.netty.allocator.maxCachedBufferCapacity: 32768
17:07:30.201 DEBUG- -Dio.netty.allocator.cacheTrimInterval: 8192
17:07:30.202 DEBUG- -Dio.netty.allocator.useCacheForAllThreads: true
17:07:30.230 DEBUG- -Dio.netty.allocator.type: pooled
17:07:30.230 DEBUG- -Dio.netty.threadLocalDirectBufferSize: 65536
17:07:30.231 DEBUG- -Dio.netty.maxThreadLocalCharBufferSize: 16384
17:07:30.502 INFO - Initializing gmail smtp mail transport. Username : conklin.jason@gmail.com. SMTP host : smtp.gmail.com:587
17:07:31.268 INFO - Didn't find Let's Encrypt certificates.
17:07:31.268 INFO - Automatic certificate generation is turned ON.
17:07:31.316 DEBUG- -Dio.netty.buffer.bytebuf.checkAccessible: true
17:07:31.316 DEBUG- Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@13e12b5
17:07:31.415 DEBUG- hard.socket.idle.timeout = 15
17:07:31.435 DEBUG- app.socket.idle.timeout = 600
17:07:31.745 DEBUG- hard.socket.idle.timeout = 15
17:07:31.784 DEBUG- -Dio.netty.processId: 8869 (auto-detected)
17:07:31.793 DEBUG- -Djava.net.preferIPv4Stack: false
17:07:31.793 DEBUG- -Djava.net.preferIPv6Addresses: false
17:07:31.798 DEBUG- Loopback interface: lo (lo, 0:0:0:0:0:0:0:1%lo)
17:07:31.801 DEBUG- /proc/sys/net/core/somaxconn: 128
17:07:31.804 DEBUG- -Dio.netty.machineId: b8:27:eb:ff:fe:6d:6b:73 (auto-detected)
17:07:31.911 INFO - Hardware plain tcp/ip server listening at 8442 port.
17:07:31.915 INFO - Hardware SSL server listening at 8441 port.
17:07:31.917 INFO - Application server listening at 8443 port.
17:07:31.919 INFO - HTTP API and WebSockets server listening at 8080 port.
17:07:31.921 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
17:07:31.922 INFO - Mqtt hardware server listening at 8440 port.
17:07:31.944 DEBUG- Adding new user conklin.jason@gmail.com. App : Blynk
I just get no indication of what when wrong getting the certificates. I’ve also tried changing server.host to home.binarybeach.com for the same results.
I’m just out of ideas to try here.