-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
When I click on the log icon next to the Docker container there are no errors that show up there. When I look at the log inside appdata/letsencrypt I can see where the issue happens. Letsencrypt can't connect to my server over HTTP for verification. I have verified the firewall/port forwarding settings on my router are correct. HTTPS works as expected and when I go to the root URL over HTTP it gets redirected to HTTPS, so that's correct too. Trying to navigate to the full URL where the acme-challenge is in a browser I get a "connection refused" response. Is something messed up in my NGINX config I wonder? I'm not sure where to look from here but I really appreciate the help. Here's the log: <-------------------------------------------------> cronjob running on Sun Dec 30 02:08:00 EST 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log Non-interactive renewal: random delay of 442 seconds - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/sub2.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi Renewing an existing certificate Performing the following challenges: http-01 challenge for sub2.duckdns.org http-01 challenge for sub1.duckdns.org Waiting for verification... Cleaning up challenges Attempting to renew cert (sub2.duckdns.org) from /etc/letsencrypt/renewal/sub2.duckdns.org.conf produced an unexpected error: Failed authorization procedure. sub1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sub1.duckdns.org/.well-known/acme-challenge/[HASH1]: Timeout during connect (likely firewall problem), sub2.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sub2.duckdns.org/.well-known/acme-challenge/[HASH2]: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/sub2.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/sub2.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1 Error output from if: cat: {privkey,fullchain}.pem: No such file or directory 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: sub1.duckdns.org Type: connection Detail: Fetching http://sub1.duckdns.org/.well-known/acme-challenge/[HASH1]: Timeout during connect (likely firewall problem) Domain: sub2.duckdns.org Type: connection Detail: Fetching http://sub2.duckdns.org/.well-known/acme-challenge/[HASH2]: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. <------------------------------------------------->
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Is this a stupid question maybe? I found instructions for commands to run for other containers but I am hesitant to try them here. I'm new to Docker and don't want to mess up my container or have to go through having to configure a new container instance.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
I have been having some trouble with my cert not renewing. I followed the instructions in Spaceinvader One's video (https://youtu.be/I0lhZc25Sro) and it worked for a while until the cert expired. All the instructions I found said to restart the container, which I have done several times. Even restarted the entire server after an Unraid update. The logs show no errors. When look at LinuxServer.io's LetsEncrypt GitHub page one of the more recent updates says this: "08.12.18: Had to remove cert renewal during container start due to certbot's new undocumented "feature" of up to 8 minute random delay." If certs don't renew on startup is there a command that can be run to force its renewal?
jasonz940
Members
-
Joined
-
Last visited