Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 6 of 6 total
Thread Problem installing stunnel
Tue, Dec 3 2019 6:32 AMPermanent Link

Paul Coshott

Avatar

Hi All,

I need to get a security certificate running on my server so my app can use https. I have my pfx file from Let's Encrypt ready to go and then downloaded Stunnel to install that, but when I try to start the Stunnel installation, nothing happens. It doesn't start and there are no errors.

I am using a Windows 2016 VPS server. Is there anything I might need to do before the Stunnel installation will be able to run?

Cheers,
Paul
Tue, Dec 3 2019 2:41 PMPermanent Link

Raul

Team Elevate Team Elevate

On 12/3/2019 6:32 AM, Paul Coshott wrote:
> I need to get a security certificate running on my server so my app can use https. I have my pfx file from Let's Encrypt ready to go and then downloaded Stunnel to install that, but when I try to start the Stunnel installation, nothing happens. It doesn't start and there are no errors.
>
> I am using a Windows 2016 VPS server. Is there anything I might need to do before the Stunnel installation will be able to run?

Not really - it's just a normal windows installer.

All i can think of is that installer did not download and is corrupted !?

Why don't you run it from admin command line and see if anything is
shown there

Raul
Tue, Dec 3 2019 4:35 PMPermanent Link

Paul Coshott

Avatar

Thanks Raul. All sorted. Stunnel was blocked by my server. I unblocked it and it's installed now.
But I can't get Stunnel to run. It says I have a problem with the configuration. Would you mind taking a look at the log?

My [https] section is configured as:

[https]
accept  = 443
connect = 127.0.0.1:8080
cert = C:\httpscert\admin.tennispro.cloud.pfx
TIMEOUTclose = 0

Thanks,
Paul


[ ] Running on Windows 6.2
[ ] No limit detected for the number of clients
[.] stunnel 5.56 on x64-pc-mingw32-gnu platform
[.] Compiled/running with OpenSSL 1.1.1c  28 May 2019
[.] Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*_errno())
[ ] Running on Windows 6.2
[.] Reading configuration from file stunnel.conf
[.] UTF-8 byte order mark detected
[ ] GUI message loop initialized
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [https]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Loading certificate and private key from file: C:\httpscert\admin.tennispro.cloud.pfx
[ ] Certificate and private key loaded from file: C:\httpscert\admin.tennispro.cloud.pfx
[ ] Private key check succeeded
[ ] DH initialization not needed
[ ] ECDH initialization
[ ] ECDH initialized with curves X25519:P-256:X448:P-521:P-384
[.] Configuration successful
[ ] Binding service [https]
[ ] Listening file descriptor created (FD=472)
[ ] Setting accept socket options (FD=472)
[ ] Option SO_EXCLUSIVEADDRUSE set on accept socket
[.] Binding service [https] to 0.0.0.0:443: Permission denied (WSAEACCES) (10013)
[!] Binding service [https] failed
[ ] Deallocating section defaults
[ ] Unbinding service [https]
[ ] Service [https] closed
[ ] Deallocating section [https]

[!] Server is down
Tue, Dec 3 2019 4:58 PMPermanent Link

Raul

Team Elevate Team Elevate

On 12/3/2019 4:35 PM, Paul Coshott wrote:
> Thanks Raul. All sorted. Stunnel was blocked by my server. I unblocked it and it's installed now.
> But I can't get Stunnel to run. It says I have a problem with the configuration. Would you mind taking a look at the log?
>

> [.] Binding service [https] to 0.0.0.0:443: Permission denied (WSAEACCES) (10013)
> [!] Binding service [https] failed


This - its unable to bind to port  443

Either something else is listening on that port firewall is blocking it.

Check with "netstat -ab" if anything is listening and if not then add
stunnel to allowed list on firewall

Raul
Tue, Dec 3 2019 10:29 PMPermanent Link

Paul Coshott

Avatar

Ok, I'm a bit further on. I think the problem was that 443 was already being used, so I changed my firewall settings to open port 449 and changed my config in stunnel to (Stunnel is now running) :

[https]
accept  = 449
connect = 127.0.0.1:8080
cert = C:\httpscert\admin.tennispro.cloud.pfx
TIMEOUTclose = 0

In EWB Web Server, my Server Information is:

Domain: admin.tennispro.cloud

Listening on Port 8080 for IP Address 127.0.0.1
Maximum Request Size: 16777216 bytes
Connection Timeout: 30 secs
Thread Cache Size: 30

Administrator Email:

Content Folder: C:\TennisPro
Default Document: tennis.html
Cross Origin Resources: Enabled

And in the browser I have tried:
http://admin.tennispro.cloud:8080
http://admin.tennispro.cloud:449

but neither worked.

Any suggestions?

Thanks,
Paul
Tue, Dec 3 2019 10:48 PMPermanent Link

Paul Coshott

Avatar

Hi All,

Got it working. Just noticed I hadn't change the http to https when i tried the site. Tried https and all working.

Thanks Raul for all your help.

Cheers,
Paul
Image