Network and SSL Certificates

Port 443 Inaccessible

Permission Denied

On Linux, ports below 1024 are privileged and require root rights. The CoreSight service runs under the unprivileged user coresight. The installation script configures systemd to bypass this restriction via AmbientCapabilities.

Diagnostics: Check the service file:

cat /etc/systemd/system/coresight.service | grep AmbientCapabilities

If it is missing or incorrect, modify the file to include under [Service]: AmbientCapabilities=CAP_NET_BIND_SERVICE Then reload:

sudo systemctl daemon-reload
sudo systemctl restart coresight

Let's Encrypt Certificate Issues

The automatic renewal service (systemd timer) normally takes care of everything. If your browser displays an "Expired Certificate" error:

1. Force Renewal

sudo systemctl start coresight-cert-renew.service

2. Consult Renewal Logs

If the renewal fails (e.g., DNS resolution problem):

sudo journalctl -u coresight-cert-renew -n 50

3. Manual Renewal via Certbot

You can always run the certbot command manually to see the exact error:

sudo certbot renew --dry-run

Reverse Proxy (Nginx / Apache)

If you place CoreSight behind a reverse proxy (which is the case if you have other websites on the same machine):

1. Make sure CoreSight does not listen on port 443, but on a local port (e.g., 5174).
2. Check that the WebSocket configuration is correct (see the Nginx Reverse Proxy guide). The lack of WebSocket support will cause constant disconnections on the cartography.