2000gtacoma Posted June 10, 2021 Share Posted June 10, 2021 First time posting here guys. Just started playing with unraid. So far I like it. Just learning more how to use it. First I was trying to follow a couple online videos about how to setup nextcloud with a reverse proxy using duckdns and swag. I think I have the duckdns part setup fine. (I also setup openvpn-as and that works fine.) However I keep getting errors when starting swag up in the log file. I setup swag using a proxynet as described by spaceinvader on youtube. I have swag pointed to my duckdns subdomain. I setup the port forwards in my router. (spaceinvader used 180,1443. Also forwarded another port for openvpn-as. Confirmed that doesn't work if not forwarded. Works fine forwarded.) I am getting certbot failed to authenticate some domains error. Any help would be much appreciated. I've done nothing but read and recheck what I've done the past couple days. Ultimately I want nextcloud as my personal gdrive if you will. Below I have the log file (I think), the x's are personal things I edited out really quick. Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d xxxxxx.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Requesting a certificate for xxxxx.duckdns.org Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: xxxxx.duckdns.org Type: connection Detail: Fetching http://xxxxxx.duckdns.org/.well-known/acme-challenge/Hwgvot2j9PxOGJvd5RFZ0mNG2zyS8zMbRPp8OZ91lgY: Timeout during connect (likely firewall problem) Hint: The Certificate Authority couldn't externally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet. Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
Gragorg Posted June 11, 2021 Share Posted June 11, 2021 Can you confirm that the port forward is external port 443 to internal port 1443 and external port 80 to internal port 180 for servers ip? Sounds like it could be port forward issue. Quote Link to comment
BleuBasher Posted June 11, 2021 Share Posted June 11, 2021 I'm experiencing the same issue. I just noticed my bitwarden container would no longer save my passwords and upon investigation I can see that swag is failing to issue a cert. I've not changed any settings since I first set it up some months back and was able to use the reverse proxy just fine until recently. Pretty much word for word the same error that 2000gtacoma is getting. Quote Link to comment
2000gtacoma Posted June 11, 2021 Author Share Posted June 11, 2021 (edited) 9 hours ago, Gragorg said: Can you confirm that the port forward is external port 443 to internal port 1443 and external port 80 to internal port 180 for servers ip? Sounds like it could be port forward issue. So I created the proxynet as suggested. The swag docker has ip of 172.18.0.x and the points to the server's ip of 192.168 on port 1443 and 180. I forwarded ports 1443 and 180 as well as 443 and 80 in my router. I can only port forward to ip addresses in my router. I can open a console from the swag container and ping 8.8.8.8(google) and it pings fine. I can ping my server as well. I even went as far as to disable the entire ipv4 firewall temporarily on my router and still didn't work. I am on centurylink and use the modem/router from them. I don't really see any option to say "translate" port 443 external to port 1443 internal. Edited June 11, 2021 by 2000gtacoma Quote Link to comment
JonathanM Posted June 11, 2021 Share Posted June 11, 2021 9 minutes ago, 2000gtacoma said: I don't really see any option to say "translate" port 443 external to port 1443 internal. That's the issue then. Requests sent to your WAN IP on port 80 MUST be redirected to port 180 at the server's IP. You will need to talk to your ISP and get instructions on how to accomplish that, or look up the make / model of that router on google and see if anyone posted instructions. It's also possible that your ISP blocks port 80 on your WAN IP, which means you can't use that method to get certificates. BTW, this thread should NOT be here in general support, there is already a support thread specifically for SWAG that addresses these and other issues. You can find the support thread for containers by clicking on the container in the GUI and selecting the support link. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.