- [Request] FreeRADIUS Server
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
you don't have port 80 configured to respond. You need to enable the default port 80 response so that letsencrypt can connect to it to verify.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
this looks like exactly what happened to me. httpval fixes it all.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I'm thinking comment out your 301 to https and allow the validator to hit http.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
applying this "fix" forces us to port forward http (tcp 80) through our router to access the nginx service so it can be evaluated by letsencrypt. Make sure you have http and https available externally.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
You're having some kind of access error to the http session from external servers. You need to forward on your router publicip(publicdomain):80 - unraid:85 so they can test that you own http as well as https.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
If your getting the line below then the code wasn't applied correctly. Try putting it in quotes like "HTTPVAL" and "true". I did apply mine through extra parameters and it worked just fine, didn't even think about adding custom variables. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Your issue is the same one I was having. its because letsencrypt disabled a service. under your container, hit advanced options add the below code into your extra parameters. restart/start the service. Note that this means http (tcp 80) will need to be forwarded as well as https (tcp 443) for validation. -e "HTTPVAL"="true"
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Thanks for that. For anyone struggling with this, under extra parameters enter in the below paramater -e "HTTPVAL"="true"
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Any suggestion as to how we can deal with the TLS-SNI-01 security flaw detailed below. They seem to have disabled their renew and request system on it. https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983
jasgud
Members
-
Joined
-
Last visited