jamesp469 Posted July 21, 2017 Share Posted July 21, 2017 11 minutes ago, aptalca said: I don't experience it. Please post your container settings and we'll take a look Thanks! Network Type: bridge Privileged: on http: 81 https: 444 email: registered email address for DuckDNS Domain Name: duckdns.org Subdomain(s): test Only Subdomains: true Diffle Hellman: 2048 AppData Config Path: /mnt/user/appdata/letsencrypt PUID: 99 PGID: 100 all ports are being forwarded correctly, and the duckdns docker is set up correctly as well. Quote Link to comment
aptalca Posted July 21, 2017 Share Posted July 21, 2017 2 hours ago, jamesp469 said: Thanks! Network Type: bridge Privileged: on http: 81 https: 444 email: registered email address for DuckDNS Domain Name: duckdns.org Subdomain(s): test Only Subdomains: true Diffle Hellman: 2048 AppData Config Path: /mnt/user/appdata/letsencrypt PUID: 99 PGID: 100 all ports are being forwarded correctly, and the duckdns docker is set up correctly as well. Try restarting the container (not reinstall). There is an intermittent bug that pops up every once in a while on first boot, but works on a reboot. If that doesn't work, post the full container log Quote Link to comment
jamesp469 Posted July 25, 2017 Share Posted July 25, 2017 On 7/21/2017 at 1:05 PM, aptalca said: Try restarting the container (not reinstall). There is an intermittent bug that pops up every once in a while on first boot, but works on a reboot. If that doesn't work, post the full container log This didn't work initially, but I just recently updated the container and now have the following in my letsencrypt log file: <-------------------------------------------------> <-------------------------------------------------> cronjob running on Tue Jul 25 02:08:00 PDT 2017 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/box3.duckdns.org.conf ------------------------------------------------------------------------------- Cert not yet due for renewal The following certs are not due for renewal yet: /etc/letsencrypt/live/box3.duckdns.org/fullchain.pem (skipped) No renewals were attempted. No hooks were run. I'm also getting the following readout in the nginx error log file (real IP address hidden): 2017/07/23 18:41:23 [crit] 742#742: *663 SSL_do_handshake() failed (SSL: error:14037085:SSL routines:ACCEPT_SR_KEY_EXCH:ccs received early) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443 Quote Link to comment
aptalca Posted July 25, 2017 Share Posted July 25, 2017 This didn't work initially, but I just recently updated the container and now have the following in my letsencrypt log file: <-------------------------------------------------><------------------------------------------------->cronjob running on Tue Jul 25 02:08:00 PDT 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/box3.duckdns.org.conf-------------------------------------------------------------------------------Cert not yet due for renewalThe following certs are not due for renewal yet: /etc/letsencrypt/live/box3.duckdns.org/fullchain.pem (skipped)No renewals were attempted.No hooks were run. I'm also getting the following readout in the nginx error log file (real IP address hidden):2017/07/23 18:41:23 [crit] 742#742: *663 SSL_do_handshake() failed (SSL: error:14037085:SSL routines:ACCEPT_SR_KEY_EXCH:ccs received early) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443 I don't understand what the issue is. The certs are there, and the nightly renewal script is running successfully. So the container is running fine.The nginx error log has to do with a client that tried to access your site. It could be an issue on their end or an issue with your site config or contents. I have no information to determine that. Quote Link to comment
mata7 Posted July 29, 2017 Share Posted July 29, 2017 im getting this error on fix common problems Template URL for docker application letsencrypt is not the as what the template author specified. The template URL the author specified is https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/letsencrypt.xml. The template can be updated automatically with the correct URL. , applying the fix dont fix it anyone please know how to fix it, thanks in advanced Quote Link to comment
Squid Posted July 29, 2017 Share Posted July 29, 2017 2 minutes ago, CHBMB said: Don't fix it... Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 Just now, Squid said: I thought the error was with the XML code and we've since pushed a fix, therefore don't fix it.... Quote Link to comment
Squid Posted July 29, 2017 Share Posted July 29, 2017 Just now, CHBMB said: I thought the error was with the XML code and we've since pushed a fix, therefore don't fix it.... ah Quote Link to comment
mata7 Posted July 29, 2017 Share Posted July 29, 2017 5 minutes ago, CHBMB said: Don't fix it... so i just so i just ignore the error? Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 1 minute ago, mata7 said: so i just so i just ignore the error? If everything is working I would. Quote Link to comment
mata7 Posted July 29, 2017 Share Posted July 29, 2017 ok thanks for you help, everything is working fine so i will ignore Quote Link to comment
entourage2111 Posted July 29, 2017 Share Posted July 29, 2017 Hi, Hoping someone can help me with regards to an ssl certificate problem I seem to have when using this docker to get certified. I used this docker to generate a ssl certificate for my duckdns address and everything went as planned. Even when I use various ssl certificate checking websites, they all show that the link is secure. However, when I access my home through VPN using chrome, the green padlock does not show and I'm left with an (information logo inchrome) which shows I may be at risk. Does anyone know how I can resolve this issue? FYI, the domain address for me is [email protected] Can I also add that when I try to access unraid locally at home, I don't get a 'green padlock' then either. I figure that doesn't matter since I'm at home locally but would love to have that special 'green padlock' when I try to access from elsewhere. Thanks a lot for the help Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 This won't have any affect on the Unraid webui, it's for an externally facing webserver. Are you sure you're going to https:// not http:// Quote Link to comment
entourage2111 Posted July 29, 2017 Share Posted July 29, 2017 That's the thing. I don't know how to get it to go to https:// on the docker install page of letsencrypt. I've attached my settings with this post. Of course, when I try to go to https:\\192. bla bla when connected to the VPN that page doesn't load. But when I type in just the IP of my server, it goes to it just fine (but at the cost of not being secure) Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 I don't think you really understand what this does. It installs an externally facing nginx webserver with certs from letsencrypt. It's got nothing to do with local ip addresses like 192.168.... Quote Link to comment
entourage2111 Posted July 29, 2017 Share Posted July 29, 2017 (edited) 42 minutes ago, CHBMB said: I don't think you really understand what this does. It installs an externally facing nginx webserver with certs from letsencrypt. It's got nothing to do with local ip addresses like 192.168.... I used this video posted by a popular member on this forum to setup a VPN to my home network so I can conect to unraid. For the latter half of the video, because I do not have my own domain name, I used duckdns and lets encrypt to create an SSL certificate. The docker did the job fine for what I needed it to do, I just needed advice on how to get the green lock when accessing my server from outside home.... I hope that makes sense Edited July 29, 2017 by entourage2111 Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 Ok, so that's not an issue with LE, you need to copy the certs to wherever you want and then specify that location in your VPN. Quote Link to comment
entourage2111 Posted July 29, 2017 Share Posted July 29, 2017 1 minute ago, CHBMB said: Ok, so that's not an issue with LE, you need to copy the certs to wherever you want and then specify that location in your VPN. I actually have done that and according to every cert checking website, the domain hamza219421.duckdns.org has a fully verified SSL certificate. Problem is, when I try to VPN into the server though, I still don't get the green lock despite the certificate being verified by every website I check. Quote Link to comment
CHBMB Posted July 29, 2017 Share Posted July 29, 2017 Then you don't have it set up right, but got no idea what you've done or what you're using, and it's more of an issue for the VPN than this container. But without knowing what VPN you're using or how the hell you set it up, couldn't say. Quote Link to comment
aptalca Posted July 30, 2017 Share Posted July 30, 2017 I actually have done that and according to every cert checking website, the domain hamza219421.duckdns.org has a fully verified SSL certificate. Problem is, when I try to VPN into the server though, I still don't get the green lock despite the certificate being verified by every website I check. I don't quite understand where you expect to see the padlock icon in vpn. Your server is set up at the address: https://hamza219421.duckdns.orgThat is the address the cert checking websites are checking. That has nothing to do with vpn. Just go to that address in your browser while you're away from home and you'll see your website and the green padlock. If you want to access other services through that address, you'll have to set them up through reverse proxy. There is plenty of info on that in this thread. Quote Link to comment
firrae Posted July 30, 2017 Share Posted July 30, 2017 (edited) Does anyone have an example config file I can reference? Also where do I save it? Edited July 30, 2017 by firrae Quote Link to comment
riopgtmn Posted July 30, 2017 Share Posted July 30, 2017 (edited) Hi Guys, This is my ngix/letsencrypt site-conf default. I am trying to get Ombi remotely accessible using letsencrypt certificate. I have duckdns working properly with the default ngix page. I would like to craft a custom page with a link to the Ombi service (running locally at 192.168.1.225) and working fine Here is the modified config; Any tweaks would be greatly appreciated as well Thanks in advnace! upstream backend { server 192.168.1.255:19999; keepalive 64; } server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; # PlexRequest location /ombi { # plex media request proxy_pass http://192.168.2.255:3579; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } Edited July 30, 2017 by riopgtmn Quote Link to comment
Pranker99 Posted August 6, 2017 Share Posted August 6, 2017 (edited) Has anyone managed to get DokuWiki working with Let's Encrypt? I did some Googling, but I haven't had much luck. Edited August 8, 2017 by Pranker99 Quote Link to comment
surfshack66 Posted August 9, 2017 Share Posted August 9, 2017 Has anyone been able to configure letsencrypt when ISP blocks port 80? 443 is open but unable to open 80. Any known workarounds? Is port 80 definitely needed? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.