Hey Guys,
I upgraded to 6.4.0, and now my letsencrypt is broke as well.Which results in my nextcloud installation being unreachable. This was a working setup on 443 before the update. Then after the update, letsencrypt wouldn't start with an execution error. I then tried the following:
1) I changed the port of the Unraid GUI to 447. all the dockers came up and I could reach nextcloud but not the unraid gui. so I SSH'ed and changed it back.
2) Change the network to give letsencrypt its own IP, and updated the NAT to that IP in pfsense. The docker would come up, but with the same errors shown as below.
3) That's when I changed it back to the same ip as the server with port 447 (updated pfsense too). And I still get the same error in log...
I looked through the last 5-6 pages, and tied some of the stuff noted, and I just can't get it to work again. I would like to get it up and running again and use the SSL certs for the unraid web gui too. Please Advise?!!
Where I am currently:
Changed letsencrypt to port 447 (HTTPS), and left it at port 81 (HTTP, my ISP locks port 80). I use pfsense for routing, and updated the NAT from 443 to 447 with. And I still cant get this to install my certs to work. Please see my configs and logs, to see if you can help.
Automatic Firewall Rules created from NAT
Unraid Docker tab:
Docker GUI Config
Letsencrypt Log:
Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingSub-domains processed are: -d nextcloud.XXXXXXX.XXXXXXXX.comE-mail address entered:
[email protected] sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdusage:certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,it will attempt to use a webserver both for obtaining and installing thecertificate.certbot: error: argument --cert-path: No such file or directoryGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.IMPORTANT NOTES:- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Letsencrypt Config:
server {
listen 443 ssl;
server_name nextcloud.XXXXX.XXXXXXXX.com;
root /config/www;
index index.html index.htm index.php;
###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;
###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
###Extra Settings###
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;
client_max_body_size 0;
location / {
proxy_pass https://192.168.2.71:444/;
proxy_max_temp_file_size 16000m;
include /config/nginx/proxy.conf;
}
}
Nextcloud Config:
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'datadirectory' => '/data',
'instanceid' => 'XXXXXXXXXXX',
'passwordsalt' => 'XXXXXXXXXXXXX',
'secret' => 'XXXXXXXXXXXXXXXXXXX',
'trusted_domains' =>
array (
0 => '192.168.2.71:444',
1 => 'nextcloud.XXXXXXXXX.XXXXXXXXX.com',
),
'overwrite.cli.url' => 'https://nextcloud.XXXXXXXX.XXXXXXX.com',
'overwritehost' => 'nextcloud.XXXXX.XXXXXXXXXX.com',
'overwriteprotocol' => 'https',
'dbtype' => 'mysql',
'version' => '12.0.4.3',
'dbname' => 'nextcloud',
'dbhost' => '192.168.2.71:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'XXXXXXXX',
'dbpassword' => 'XXXXXXXXXXX',
'installed' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => 'XXXXXXXX',
'mail_domain' => 'gmail.com',
'mail_smtphost' => 'smtp.gmail.com',
'mail_smtpport' => '465',
'mail_smtpauth' => 1,
'mail_smtpname' => '
[email protected]',
'mail_smtppassword' => 'XXXXXXX',
'loglevel' => 0,
'updater.release.channel' => 'stable',
'maintenance' => false,
'theme' => '',
);
Thanks in advance!