Anthop

You're right, this was the piece of information I was missing; assumed since Nginx was showing up, I was forwarded to the correct spot. Fixed this, and now at least the Let's Encrypt is working. Thanks!

Then perhaps the script mistakenly assumes the certificate process completed successfully? I am definitely getting a response from Nginx via curl, if you look at my original post. That server is up. I get responses from 1443, even hitting this port from the local machine.

skybox.mydomain.org:443 is port forwarded to paravati:1443 at the router. I have the following port forwards in place: external:80 -> paravati:1080 external:443 -> paravati:1443 The issue occurs because Nginx is sending back an HTTP redirect response that sends me to paravati:443, an address that doesn't even exist outside of the LAN.

I'm working on my first unRAID setup, but am stuck getting the Let's Encrypt docker to work properly. I've been following a few tutorials (namely the CyanLabs), but I seem to be missing a step or something. I'm using the Let's Encrypt docker provided by linuxserver. Please redirect me if this is not the correct place to post. I get the following errors in the Docker log: Performing the following challenges: http-01 challenge for skybox.mydomain.org Waiting for verification... Cleaning up challenges Failed authorization procedure. skybox.mydomain.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://Paravati.local:443/.well-known/acme-challenge/T5M9XzFvy-wl_UkG9dspNJ6oUcg-7DVm6X8YnBEYt8Y: Error getting validation data IMPORTANT NOTES: - The following errors were reported by the server: Domain: skybox.mydomain.org Type: connection Detail: Fetching https://Paravati.local:443/.well-known/acme-challenge/T5M9XzFvy-wl_UkG9dspNJ6oUcg-7DVm6X8YnBEYt8Y: Error getting validation data It looks like the issue is two fold: It looks like Nginx is redirecting my requests to Paravati.local:443, for some reason. I'm not sure if this is the intended behavior. I confirmed this by issuing a GET command via curl to https://skybox.mydomain.org over the Internet (not the same LAN) and getting back a 302 response that takes me to https://paravati.local:443. Paravati.local:443 is the unRAID GUI, and it doesn't appear that the ACME challenge files/keys are actually hosted here. anthop@NATSUKI-3:~$ curl -kv https://skybox.mydomain.org * Rebuilt URL to: https://skybox.mydomain.org/ * Trying XXX.XXX.XXX.XXX... * TCP_NODELAY set * Connected to skybox.mydomain.org (XXX.XXX.XXX.XXX) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /home/anthop/anaconda3/ssl/cacert.pem CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: O=Self-signed; OU=unRAID; CN=Paravati.local * start date: May 29 06:58:56 2018 GMT * expire date: May 26 06:58:56 2028 GMT * issuer: O=Self-signed; OU=unRAID; CN=Paravati.local * SSL certificate verify result: self signed certificate (18), continuing anyway. > GET / HTTP/1.1 > Host: skybox.mydomain.org > User-Agent: curl/7.52.1 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Server: nginx < Date: Fri, 01 Jun 2018 00:59:37 GMT < Content-Type: text/html < Content-Length: 154 < Connection: keep-alive < Location: Main < <html> <head><title>302 Found</title></head> <body bgcolor="white"> <center><h1>302 Found</h1></center> <hr><center>nginx</center> </body> </html> * Curl_http_done: called premature == 0 * Connection #0 to host skybox.mydomain.org left intact I'm running unRAID 6.5.2. Paravati is the name of the unRAID tower. I have the Let's Encrypt docker running on ports 1080 and 1443 (and port forwarding is enabled on the router to those locations). I'm not entirely clear if I'm supposed to be touching the Nginx config file, but none of the tutorials have mentioned needing to do this, so I'm wondering if I'm missing something obvious. Any help would be greatly appreciated!