Epoptes fails after update....certificate issue

I ran the following commands on the server:

root@edubuntu-server:~# openssl s_client -connect localhost:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d'
140385195333280:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:

and

root@edubuntu-server:~# openssl s_client -connect localhost:789
CONNECTED(00000003)
140002966705824:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

also

On the server:

ls -lha /etc/epoptes
total 20K
drwxr-xr-x 2 root root 4.0K Aug 10 13:36 .
drwxr-xr-x 156 root root 12K Aug 20 22:11 ..
-rw-r--r-- 1 root root 0 Aug 20 20:56 server.crt
-rw------- 1 root root 916 Aug 10 13:36 server.key

ON THE CLIENT

root@edubuntu-server:~# chroot /opt/ltsp/i386/
root@edubuntu-server:/# ls -lha /etc/epoptes
total 8.0K
drwxr-xr-x 2 root root 4.0K Aug 12 20:16 .
drwxr-xr-x 91 root root 4.0K Aug 21 01:37 ..
-rw-r--r-- 1 root root 0 Aug 21 02:01 server.crt

Also on the client

root@edubuntu-server:/# openssl s_client -connect 10.0.15.200:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d'4147853512:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:

NOTE: this is a single NIC install...there is no firewall in the way. Also...epoptes is working...except I have lost the ability to see clients prior to logging in and the ability to wake-on-lan....etc. Since I cannot see them until they are logged in. I had it working fine, but something has broken.

> ls -lha /etc/epoptes
> -rw-r--r-- 1 root root 0 Aug 20 20:56 server.crt

That part is wrong, you have an empty certificate there.

It's possible that at some time, you tried to run `epoptes-client -c` from the server root (/) instead of the chroot (/opt/ltsp/i386). So the server was trying to both send and receive the same file, and that resulted in it being overwritten with size=0.

Try manually updating the certificate on the server, as specified on the wiki (http://www.epoptes.org/installation#TOC-Manually-updating-the-OpenSSL-certificate):
$ sudo openssl req -batch -x509 -nodes -newkey rsa:1024 -days 1826 -keyout /etc/epoptes/server.key -out /etc/epoptes/server.crt

Then transfer the certificate to your chroot:
$ sudo chroot /opt/ltsp/i386 epoptes-client -c

Verify that both .crt files do not have zero size anymore:
$ ls -lha /etc/epoptes /opt/ltsp/i386/etc/epoptes

Update your image:
$ sudo ltsp-update-image

Then reboot your clients and see if everything is OK again.

Still not working. I generated the new key....the result of ls -lha /etc/epoptes is...

 root@edubuntu-server:~# ls -lha /etc/epoptes/
total 24K
drwxr-xr-x 2 root root 4.0K Aug 10 13:36 .
drwxr-xr-x 156 root root 12K Aug 20 22:55 ..
-rw-r--r-- 1 root root 875 Aug 21 01:23 server.crt
-rw------- 1 root root 916 Aug 21 01:23 server.key

Then I did

chroot /opt/ltsp/i386

and

root@edubuntu-server:/# epoptes-client -c
4147382472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
epoptes-client ERROR: Failed to fetch certificate from localhost:789

Any other ideas? I'm going to head to bed in a few mins, but will take another shot at it when I wake up....perhaps later today if all else fails you can remote into my server and take a look? Until then, if you have anything else you'd like me to try, let me know.

Solved via IRC, the problem seemed to be the empty certificate caused by running `epoptes-client -c` in the server instead of the chroot. Also the epoptes service needed to be restarted after regenerating the keys as mentioned in comment #2.

Installation
Epoptes consists of a server package called epoptes and a client package called epoptes-client. Install the server part on the PC where you'll be monitoring the clients from. If you want to use the GUI from a thin-client, install it on the LTSP server.
Adding the epoptes PPA to your sources
You don't need to add the epoptes repository to your sources if you're using Debian 7.0 (Wheezy), Ubuntu 12.04 (Precise) or newer versions. For previous Debian and Ubuntu versions, you need to execute the following commands, but not yet, wait until you're prompted to do from the following sections.
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0350B375
series=$(lsb_release -s -c)
test "$series" = squeeze && series=lucid
test "$series" = wheezy && series=precise
echo "deb http://ppa.launchpad.net/epoptes/ppa/ubuntu $series main" > \
     "/etc/apt/sources.list.d/epoptes-ppa-$series.list"
apt-get update
Server package installation
Execute the following commands as root (use sudo -i first on Ubuntu or su - on Debian):
==> now run the commands from the "Adding the epoptes PPA to your sources" step
apt-get install epoptes

After the installation you need to add some users to group "epoptes" (or use another group as mentioned in the Configuration section below). These users will be allowed to launch the GUI and control clients:
gpasswd -a username epoptes

Users that are currently logged on need to logoff/logon for the group change to take effect (or use newgrp).
Client package installation for LTSP chroots
For LTSP chroots, execute the following commands. Substitute i386 with amd64 if you have an amd64 chroot:
sudo chroot /opt/ltsp/i386
==> now run the commands from the "Adding the epoptes PPA to your sources" step
apt-get install epoptes-client
epoptes-client -c # Fetches the OpenSSL certificate from the server
exit

On Ubuntu, you also need to update the NBD image for the changes to take effect:
sudo ltsp-update-image
Client package installation for standalone clients
For all other cases, e.g. standalone clients, execute those commands as root (use sudo -i first on Ubuntu or su - on Debian):
==> now run the commands from the "Adding the epoptes PPA to your sources" step
apt-get install epoptes-client
epoptes-client -c # Fetches the OpenSSL certificate from the server

Then you need to tell epoptes-client to which server it should connect. By default, it will try to connect to the DNS name "server". If you don't have a DNS server, you can put that in /etc/hosts.
If you don't want to use "server" as the server name where the clients connect to, see the following section.
Also note that packages are not allowed to start programs inside a user's session, so you need to logoff and logon for epoptes-client installation to take effect.
Configuration
Per-user settings are stored in ~/.config/epoptes. Most of them are exposed in the application UI, but you can also manually edit the files in that directory for more obscure settings.

The server package settings are stored in /etc/default/epoptes. There you can specify the unix group which members are allowed to launch the application GUI. By default that is set to epoptes, but for example you can create a staff group and modify the group line in the configuration file as follows:
# Epoptes server will use the following group for the communications socket.
# That means that any user in that group will be able to launch the epoptes UI
# and control the clients.
SOCKET_GROUP=staff

The client package settings are stored in /etc/default/epoptes-client. A useful variable in that file is SERVER, which is the DNS name or IP address of the server that the clients will be connecting to:
# The server which epoptes-client will be connecting to.
# If unset, thin client user sessions running on the server will try to connect
# to "localhost", while thin client root sessions and fat or standalone clients
# will try to connect to "server".
# LTSP automatically puts "server" in /etc/hosts for thin and fat clients,
# but you'd need to put "server" in DNS manually for standalone clients.
SERVER=fatclient5

Be careful not to put spaces around the equal signs in those files, as they're shell files and it would be considered a syntax error. You can check for syntax errors with
sh -n /etc/default/epoptes
Notes for ltsp-cluster
If you have multiple application servers and are using ltsp-cluster, you need to install epoptes-client to each one of the application servers by following the "Client package installation for standalone clients" section above.
Manually updating the OpenSSL certificate
You shouldn't ever need to manually update the epoptes OpenSSL certificate, but if you need to, here's a command to get you started. You can read more options in the openssl man page.
openssl req -batch -x509 -nodes -newkey rsa:1024 -days 1826 -keyout /etc/epoptes/server.key -out /etc/epoptes/server.crt

прошу перевод на русский язык для настройки программы

[b]please[/b]

supersmilelight: if you are asking for a Russian translation of the epoptes installation page, please ask your loco team, the Epoptes developers don't know Russian so we can't help you.