How To – Page 12 – Roo's View

Bosch Error 43

It’s happened more than once, the over full pot of boiling water on the stove – you add whatever it is that you’re going to boil and splash. Boil over and water on the stove top. With a gas stove sometimes the burner will go out, others you’re lucky and you just get some really hot water on the hot top of your stove.

Not a big deal.. until you have too much water as we did the other day. It ran down the front of the stove a little, some even made it to the floor. Clean up the mess and forget about it.

Except this one time recently, the stove display started blinking the lock icon.

Searching found stuff like: remove the stove from power for 5 minutes, then plug it back in to reset.

When I tried that solution, you could hear the oven doing a reset cycle and trying to lock/unlock the door several times. Sometimes it would stay locked, and I’d do another power cycle and then it’d stay unlocked. Things did not improve. Still the flashy lock.

I found a service manual that was close, but the removal of the front panel was different than shown there. I needed to remove some obvious screws from just under the lip – then pull the stove out to get to a pair (on each side) of screws that held the front panel on.

After disassembling the panel, it was clear we had some water down there – but not much. I cleaned up the board verified things were dry and re-assembled. Still the lock problem.

Two days later, the oven light started to go on by itself. You could turn it off — and shortly after it’d turn itself back on. The following morning, a power cycle resolved the Error 43. I was able to cook some bacon in the oven. During this, the oven got a bit funky. The light wasn’t coming on when you opened the door — then it would intermittently come on and off when you opened the door.

My theory is that the heat of the oven was helping dry out the moisture from wherever it got to. After finishing with the bacon, the flashing lock was back.

One more power cycle the next day – and the oven seems to have started to work “like normal” again. I’m fairly confident at this point that the issue was some water got into one of the switches (probably the locking mechanism) and was shorting out a sensor there. However, as the door light was also affected, I suspect there was multiple sensors affected.

Thankfully it was ‘clean’ water (vs. a mucky sauce) and seems to have dried up removing any issues.

Lesson learned: don’t let water accumulate on the cook top of your Bosch stove/oven. If you do get Error 43 – be patient and dry it out. A power cycle will help once things are dry enough.

SSL for everybody

letsencrypt

SSL certificates are a great way to ensure that the website you’re connected to is really the one you think you’re connected to, and it also keeps the traffic between your client and the server secure. The HTTPS protocol uses SSL certificates. The main problem with the SSL infrastructure was that you needed to get one that was signed by one of the central trusted authorities – and generally if you wanted one of these you had to pay for one. There were a few places that would give you a free certificate for personal use, the other alternative was to use a self signed certificate but there were usability issues because it isn’t signed by a trusted authority.

This all changed recently with Let’s Encrypt – you can now get a free certificate with very little effort. If you maintain a website or host an app, you should check letsencrypt.org out. The remainder of this post is a cleaned up set of notes on what I did.

I started out here https://letsencrypt.org/getting-started/ – which seemed to be a good starting point. Then I figured I’d make sure my server met the criteria they had for support, the documentation had some details covering this. I was happy to see Ubuntu 12.04+ and Apache 2.x support, so this made me fairly confident my server was supported.

But.. my Ubuntu doesn’t seem to have a letsencrypt package

$ sudo apt-get install letsencrypt
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package letsencrypt

$ sudo apt-get install letsencrypt

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Unable to locate package letsencrypt

No problem, we’ll just follow along with https://letsencrypt.org/getting-started/

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

$ git clone https://github.com/letsencrypt/letsencrypt

$ cd letsencrypt

$ ./letsencrypt-auto --help

The last command, while asking for help – will do some bootstrapping of let’s encrypt. So don’t skip it. The scripts include calls to sudo, so you don’t have to be root to run them but it will ask for root access.

[Security note – it is always a little bit scary running random scripts, always worth looking at them. There is a growing trend of having “wget -O – http://randomscript.com | bash” be normal, but you should be afraid]

Some exciting updates to my server from doing just the bootstrap. My /etc/ca-certificates got updated (it was probably way overdue), it also dragged me up to date for libssl. It took a while to finish, but we finally got the help screen.

At this point, I have the let’s encrypt tools installed on my server, so time to try them out.

Hopefully the following command is going to register us and get a new certificate for my old expired one.

$ ./letsencrypt-auto --apache

1	$ ./letsencrypt-auto --apache

Well that didn’t work, it picked up some ‘other’ domains I host — but not my main lowtek.ca one. Weird, but probably due to my non-standard configuration of Apache due to years of hacking it. It was easy to bail out so no harm done. Let’s try this then:

$ ./letsencrypt-auto --apache --domains lowtek.ca

1	$ ./letsencrypt-auto --apache --domains lowtek.ca

Ok – much better, email sign up and an agreement (which yes, I took the time to read – it was only 6 pages). It seems as I don’t have a virtual host setup for lowtek.ca and needed to manually pick the apache config file (not a big deal), this was why the first try didn’t work.

Visiting https://lowtek.ca/ shows no more certificate error (woot!) and all looks good. It was really this easy.

The end of the script even suggests you visit: https://www.ssllabs.com/ssltest/analyze.html?d=lowtek.ca to check for issues. These SSL Labs tests, show that my certificate from letsencrypt will expire in just under 3 months, so I’ll want to add a cron job to do a renew. They also gave me a B rating, with lots of gorpy details on why.

To renew, I just need to run this command from time to time

$ ./letsencrypt-auto renew

1	$ ./letsencrypt-auto renew

That’s really easy to do with cron – so I added an entry to my root user crontab to run this once a month.

Adding a package to boot2docker

Docker is seeing rapid adoption among the software development world. So far it seems to me a very nice way to make software installation much less painful, but there is still plenty of room for improvement.

If you’re running Linux then you can stop reading now. Docker is an abstraction layer over Linux Containers (LXC), they’ve also created a repository where pre-defined containers can be found – you can even add your own. LXC is cool stuff, but it does mean Docker runs Linux.

Windows and OSX users need to use boot2docker, a Tiny Core Linux virtual machine that has just enough stuff to run docker. This is a fine solution but often when people ask about missing tools inside of boot2docker, the answer is to install a container that has the tools you want and run inside of that container. Things quickly start to feel like Inception.

Boot2docker is based on Tiny Core Linux, so you can use the tce-load utility to install additional components if needed. So say we wanted to run Perl:

$ tce-load -wi perl5

You can sniff around the repository to figure out what packages are available.

There is documentation on adding a persistent partition to your boot2docker setup. This is useful if you want to run the tce-load every time you run without having to type it in each time. Getting this setup is a little bit fiddly, and if we’re clever we can do something a bit cooler.

Let’s build a custom boot2docker.iso file! The build process is nicely documented. We can use a Dockerfile to create our own iso with the packages we want.

Before we start, you will want to make sure that your boot2docker is running with enough resources. The default should be 2048MB which should work, you will also need enough disk space on /var/lib/docker/aufs inside boot2docker. If you have problems consider changing your configuration.

Create a Dockerfile with the following contents:

FROM boot2docker/boot2docker

# Append indicator this is modified image RUN echo "\nMy modified boot2docker.iso\n" >> $ROOTFS/etc/motd

# Install perl5 RUN curl -L -o /tmp/perl5.tcz $TCL_REPO_BASE/tcz/perl5.tcz && \ unsquashfs -f -d $ROOTFS /tmp/perl5.tcz && \ rm -rf /tmp/perl5.tcz

# build the iso RUN /make_iso.sh CMD ["cat", "boot2docker.iso"]

Then follow the boot2docker.iso build process.

$ sudo docker build -t my-boot2docker-img . $ sudo docker run --rm my-boot2docker-img > boot2docker.iso

The FROM is used to declare the base image we want to start from. We’re building our new container on this base.

The RUN directive is executed against the current image at build time. In this case we can’t use tce-load since we’re not actually running Tiny Core Linux at this point, we’re running against the docker image we are building. This is why we’re doing the installation of perl manually. I based the installation from the boot2docker DockerFile.

The last two steps “build the iso” are lifted directly from the same boot2docker Dockerfile, these are the steps required to actually create the iso file.

Figuring out how to run the boot2docker.iso I’ll leave as an exercise for the reader.