[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters.

 

image.png.5a6e624a88c4c1eb870f52c6805afbcd.png

 

image.png.38a170406f086c66619468966f60010f.png


I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that:

  1. Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf
    • # https://www.cloudflare.com/ips
      # IPv4
      
      allow 173.245.48.0/20;
      allow 103.21.244.0/22;
      allow 103.22.200.0/22;
      allow 103.31.4.0/22;
      allow 141.101.64.0/18;
      allow 108.162.192.0/18;
      allow 190.93.240.0/20;
      allow 188.114.96.0/20;
      allow 197.234.240.0/22;
      allow 198.41.128.0/17;
      allow 162.158.0.0/15;
      allow 104.16.0.0/12;
      allow 172.64.0.0/13;
      allow 131.0.72.0/22;
      
      # IPv6
      allow 2400:cb00::/32;
      allow 2606:4700::/32;
      allow 2803:f800::/32;
      allow 2405:b500::/32;
      allow 2405:8100::/32;
      allow 2a06:98c0::/29;
      allow 2c0f:f248::/32;

       

  2. Edited the site-conf default file for my main site to add the lines:
    • include /config/nginx/cloudflare-allow.conf;
      deny all;

       

  3. Restarted the LetsEncrypt container.

This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree?

 

Thanks,

Link to comment
3 hours ago, Riotz said:

Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters.

 

image.png.5a6e624a88c4c1eb870f52c6805afbcd.png

 

image.png.38a170406f086c66619468966f60010f.png


I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that:

  1. Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf
    • 
      # https://www.cloudflare.com/ips
      # IPv4
      
      allow 173.245.48.0/20;
      allow 103.21.244.0/22;
      allow 103.22.200.0/22;
      allow 103.31.4.0/22;
      allow 141.101.64.0/18;
      allow 108.162.192.0/18;
      allow 190.93.240.0/20;
      allow 188.114.96.0/20;
      allow 197.234.240.0/22;
      allow 198.41.128.0/17;
      allow 162.158.0.0/15;
      allow 104.16.0.0/12;
      allow 172.64.0.0/13;
      allow 131.0.72.0/22;
      
      # IPv6
      allow 2400:cb00::/32;
      allow 2606:4700::/32;
      allow 2803:f800::/32;
      allow 2405:b500::/32;
      allow 2405:8100::/32;
      allow 2a06:98c0::/29;
      allow 2c0f:f248::/32;

       

  2. Edited the site-conf default file for my main site to add the lines:
    • 
      include /config/nginx/cloudflare-allow.conf;
      deny all;

       

  3. Restarted the LetsEncrypt container.

This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree?

 

Thanks,

uninstall reinstall? other than that no idea wish i could get what im trying to do to work, no luck at all.

Link to comment
5 hours ago, Riotz said:

Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters.

 

image.png.5a6e624a88c4c1eb870f52c6805afbcd.png

 

image.png.38a170406f086c66619468966f60010f.png


I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that:

  1. Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf
    • 
      # https://www.cloudflare.com/ips
      # IPv4
      
      allow 173.245.48.0/20;
      allow 103.21.244.0/22;
      allow 103.22.200.0/22;
      allow 103.31.4.0/22;
      allow 141.101.64.0/18;
      allow 108.162.192.0/18;
      allow 190.93.240.0/20;
      allow 188.114.96.0/20;
      allow 197.234.240.0/22;
      allow 198.41.128.0/17;
      allow 162.158.0.0/15;
      allow 104.16.0.0/12;
      allow 172.64.0.0/13;
      allow 131.0.72.0/22;
      
      # IPv6
      allow 2400:cb00::/32;
      allow 2606:4700::/32;
      allow 2803:f800::/32;
      allow 2405:b500::/32;
      allow 2405:8100::/32;
      allow 2a06:98c0::/29;
      allow 2c0f:f248::/32;

       

  2. Edited the site-conf default file for my main site to add the lines:
    • 
      include /config/nginx/cloudflare-allow.conf;
      deny all;

       

  3. Restarted the LetsEncrypt container.

This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree?

 

Thanks,

Turn off cloudflare proxy (orange cloud)?

That's what we recommend anyway. If you want to proxy through cloudflare, we don't officially support that (ie. you're on your own).

Link to comment
9 hours ago, C_James said:

so what do you recommend? like ive tried to everything ive read online, contacted ISP and they say they are not blocking any ports so im totally stumped

Did you follow the steps in the link I posted for you? You didn't even post a full log. You keep saying it doesn't work. I don't know how you expect us to help you more.

Link to comment

I mistakenly clobbered my letsencrypt docker.  Hint don't install two dockers with the same name, even mistakenly.

 

So I started over new and followed the same walk through as I did last time, but things didn't work this time.

 

https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

 

I filled in the docker just like the tutorial says, but using my data which is also on duckdns.org.  It first went wrong  after I started the docker and I couldn't even connect to get the "Welcome to our server" message.  When I connect to port 81 I get "site cannot be reached, connection refused".  I continued, thinking that now I may need more configuration to get it working.

 

After completing the setup and adding a /sonarr subdirectory I still get that message for port 81, but now for port 444 I get a password prompt, which I enter and then it gives me 403 Forbidden NGINIX 1.16.1.

 

I was happy to see the username/password prompt, but the 403 is annoying.  It happens for every subdirectory.

 

Any ideas?

 

thanks

david

Edited by lovingHDTV
Link to comment
40 minutes ago, lovingHDTV said:

I mistakenly clobbered my letsencrypt docker.  Hint don't install two dockers with the same name, even mistakenly.

 

So I started over new and followed the same walk through as I did last time, but things didn't work this time.

 

https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

 

I filled in the docker just like the tutorial says, but using my data which is also on duckdns.org.  It first went wrong  after I started the docker and I couldn't even connect to get the "Welcome to our server" message.  When I connect to port 81 I get "site cannot be reached, connection refused".  I continued, thinking that now I may need more configuration to get it working.

 

After completing the setup and adding a /sonarr subdirectory I still get that message for port 81, but now for port 444 I get a password prompt, which I enter and then it gives me 403 Forbidden NGINIX 1.16.1.

 

I was happy to see the username/password prompt, but the 403 is annoying.  It happens for every subdirectory.

 

Any ideas?

 

thanks

david

OK I narrowed it down to my password file.  If I remove it from the site-confs/default I can access everything internally and externally.  If I put in:

        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;

I immediately get a 403 Forbidden message.  no chance to even enter the password.  

 

I tried Edge, as I hadn't use it and I did get the password prompt before getting the 403 message.  

Edited by lovingHDTV
Link to comment
40 minutes ago, lovingHDTV said:

OK I narrowed it down to my password file.  If I remove it from the site-confs/default I can access everything internally and externally.  If I put in:

        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;

I immediately get a 403 Forbidden message.  no chance to even enter the password.  

 

I tried Edge, as I hadn't use it and I did get the password prompt before getting the 403 message.  

Nevermind, I found that my .htpasswd was located at /config/nginx/site-confs/.htpasswd.

 

moved it to the correct place and everything started working.

Link to comment
On 8/26/2019 at 5:59 PM, aptalca said:

Turn off cloudflare proxy (orange cloud)?

That's what we recommend anyway. If you want to proxy through cloudflare, we don't officially support that (ie. you're on your own).

I did this and I can connect to it internally but not from any outside network. It was working perfectly while proxied (orange cloud) through cloudflare. I am not sure why it stopped working all of a sudden. I guess I will look elsewhere for an explanation. I just dont get why it broke all of a sudden.

Link to comment
6 hours ago, Riotz said:

I did this and I can connect to it internally but not from any outside network. It was working perfectly while proxied (orange cloud) through cloudflare. I am not sure why it stopped working all of a sudden. I guess I will look elsewhere for an explanation. I just dont get why it broke all of a sudden.

Stupid question but did your external IP change?  I get cloudflare message only if my Internet is down or my IP has changed.

 

https://whatismyipaddress.com/

Link to comment

It works fine but i notice this in Logs.

 

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

Is this something to worry about / future update? 

 

 

 

Sorry ill change my question, I guess its harmless which is cool, It just doesn't fix my OCD !

Edited by Nano
Link to comment
1 hour ago, Nano said:

It works fine but i notice this in Logs.

 

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

Is this something to worry about / future update? 

This response 2 months ago in this thread sums it up nicely.

https://forums.unraid.net/topic/51808-support-linuxserverio-letsencrypt-nginx/?do=findComment&comment=748653

Link to comment
On 8/30/2019 at 5:11 AM, jonathanm said:

Hi I had a similar issue and did a github search, from what I can understand the issue does not cause anything to malfunction and is not an issue with the docker, will have to wait for a fix. I am confused because my certs seem to have expired. How do I fix that?

Link to comment

Is it possible to not have NGINX not respond on the External IP, For example to get rid of the 

 

Welcome to our server

The website is currently being setup under this address.

For help and support, please contact: [email protected]

 

Ofcourse all the SubDomains work but it would be better if the default external would reject it. 

 

Possible ?

Link to comment
12 hours ago, Nano said:

Is it possible to not have NGINX not respond on the External IP, For example to get rid of the 

 

Welcome to our server

The website is currently being setup under this address.

For help and support, please contact: [email protected]

 

Ofcourse all the SubDomains work but it would be better if the default external would reject it. 

 

Possible ?

Comment out the main location block in the default site config

Link to comment
15 hours ago, aptalca said:

Comment out the main location block in the default site config

Hi I did this but then it just redirected directly to a subdomain. 

 

I did as follow's in "Site Confs" Defaults


# main server block
#server {
#    listen 443 ssl http2 default_server;
#    listen [::]:443 ssl http2 default_server;
#
#    root /config/www;
#    index index.html index.htm index.php;
#}

server {

 

I pasted the server { at the bottom after commenting out as otherwise letencrypt log would just whine

Link to comment

I don't need support.  I just wanted to say thanks for this container and its continuous maintenance.  I started with Aptalca's container then switched to the linuxserver.io container.  Its been close to 3 yrs of rock solid performance.  I often forget its even running.  I thought about switching to the Nginx Proxy Manager for the nice GUI and the fact the nginx syntax makes me commit typo errors for whatever reason.  However the lack of fail2ban in that container has kept me away.  I'm so glad you guys decided to bake that in.  You can watch what I assume are bots getting blocked daily and its a nice peace of mind.  

 

This container works great with my firewalled "docker" VLAN using Custom br0.  Between the firewall and fail2ban I feel my little home setup is about as secure as I can get it.

 

As a fellow dev I know we don't always hear a peep from users in regards to appreciation for our hours of hard work.  So thanks again for keeping this container going.  I really do appreciate it.

  • Like 3
Link to comment

Hi, trying to get UNMS to work correctly, has anyone had success with this? I can connect ok to the GUI but can't get devices to connect! Here is my conf file.

 

# make sure that your dns has a cname set for unms and that your unms container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name unms.berecomputing.co.uk;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unms unms;
        proxy_pass https://$upstream_unms:443;
    }

    location /wss {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unms unms;
        proxy_pass https://$upstream_unms:443;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_ssl_verify off;
    }

}

Can anyone see anything wrong here?

Cheers,

Tim

Link to comment
6 hours ago, MothyTim said:

Hi, trying to get UNMS to work correctly, has anyone had success with this? I can connect ok to the GUI but can't get devices to connect! Here is my conf file.

 

-snip-

 

Can anyone see anything wrong here?

Cheers,

Tim

This is just the Unifi controller right? I thought there was a standard config file for it in the letsencrypt docker from ls.io?

I checked my docker, it has this file:


 

user@TOWER:/mnt/user/dockers/letsencrypt/nginx/proxy-confs# cat unifi.subdomain.conf.sample
# make sure that your dns has a cname set for unifi and that your unifi container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name unifi.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi;
        proxy_pass https://$upstream_unifi:8443;
    }

    location /wss {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi;
        proxy_pass https://$upstream_unifi:8443;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_ssl_verify off;
    }

}

 

Link to comment
8 minutes ago, Tuumke said:

This is just the Unifi controller right? I thought there was a standard config file for it in the letsencrypt docker from ls.io?

I checked my docker, it has this file:


 


user@TOWER:/mnt/user/dockers/letsencrypt/nginx/proxy-confs# cat unifi.subdomain.conf.sample
# make sure that your dns has a cname set for unifi and that your unifi container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name unifi.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi;
        proxy_pass https://$upstream_unifi:8443;
    }

    location /wss {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unifi unifi;
        proxy_pass https://$upstream_unifi:8443;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_ssl_verify off;
    }

}

 

Hi, no it’s UNMS controller it’s for the Edge series products from Ubiquity. I have UniFi working perfectly, just can’t get UNMS to connect devices!

cheers,

Tim

Link to comment

Hey all,

Having trouble with Sabnzbd, I keep getting 502 Bad Gateway.

I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong?

 

I have Sabnzbd port 8080 mapped to port 8123.

 

image.png.2218a77d874b99bd7a4d64565f6af407.png

 

I have updated the sabnzbd.subdomain.conf file accordingly:

#server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name sabnzbd.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }

    location ~ (/sabnzbd)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }
}

Any help would be much appreciated.

Link to comment
8 hours ago, Mattyfaz said:

Hey all,

Having trouble with Sabnzbd, I keep getting 502 Bad Gateway.

I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong?

 

I have Sabnzbd port 8080 mapped to port 8123.

 

image.png.2218a77d874b99bd7a4d64565f6af407.png

 

I have updated the sabnzbd.subdomain.conf file accordingly:


#server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name sabnzbd.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }

    location ~ (/sabnzbd)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }
}

Any help would be much appreciated.

Have you edited server_name with your domain name and left it blank here for security?

Link to comment
13 hours ago, Mattyfaz said:

Hey all,

Having trouble with Sabnzbd, I keep getting 502 Bad Gateway.

I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong?

 

I have Sabnzbd port 8080 mapped to port 8123.

 

image.png.2218a77d874b99bd7a4d64565f6af407.png

 

I have updated the sabnzbd.subdomain.conf file accordingly:


#server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name sabnzbd.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }

    location ~ (/sabnzbd)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sabnzbd sabnzbd;
        proxy_pass http://$upstream_sabnzbd:8123;
    }
}

Any help would be much appreciated.

You don't need to change the port number within the reverse proxy config.

Link to comment

Hi my certificates seem to have expired and arent renewing properly. Everything shows an insecure connection error.

 

I managed to find a command that forces a renewal but it failed also. 

 

Please Help.

 

Quote

root@f95960ea16c1:/# certbot renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/12312.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for 12312.duckdns.org
http-01 challenge for 12312books.duckdns.org
http-01 challenge for 12312cloud.duckdns.org
http-01 challenge for 12312collab.duckdns.org
http-01 challenge for 12312eb.duckdns.org
http-01 challenge for 12312sonic.duckdns.org
Waiting for verification...
Challenge failed for domain 12312.duckdns.org
Challenge failed for domain 12312books.duckdns.org
Challenge failed for domain 12312cloud.duckdns.org
Challenge failed for domain 12312collab.duckdns.org
Challenge failed for domain 12312eb.duckdns.org
Challenge failed for domain 12312sonic.duckdns.org
http-01 challenge for 12312.duckdns.org
http-01 challenge for 12312books.duckdns.org
http-01 challenge for 12312cloud.duckdns.org
http-01 challenge for 12312collab.duckdns.org
http-01 challenge for 12312eb.duckdns.org
http-01 challenge for 12312sonic.duckdns.org
Cleaning up challenges
Attempting to renew cert (12312eb.duckdns.org) from /etc/letsencrypt/renewal/12312.duckdns.org.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/12312.duckdns.org/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/12312.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: 12312.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312.duckdns.org/.well-known/acme-challenge/xOfjgjZ_gAKLszpRvZqKf8pgHx5lcTPNgeEe3qYeE6A:
   Timeout during connect (likely firewall problem)

   Domain: 12312books.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312.duckdns.org/.well-known/acme-challenge/jGgGqvMpMyzbwla7Dud0wKkcEiGSNRPsgVezc-CSi1s:
   Timeout during connect (likely firewall problem)

   Domain: 12312cloud.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312cloud.duckdns.org/.well-known/acme-challenge/mWozEdw7z4qzkVItZn6UaIVKtwF83JLL3CHBymGU28I:
   Timeout during connect (likely firewall problem)

   Domain: 12312collab.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312collab.duckdns.org/.well-known/acme-challenge/gFj5JsqKpK2GVqsDeSUtTn2Maydv9zlu0gkKMF6uYtE:
   Timeout during connect (likely firewall problem)

   Domain: 12312eb.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312eb.duckdns.org/.well-known/acme-challenge/SKDzPo7Aj6iZpQ4fsTRrckvesdBbX3RiuaNpStuGDsg:
   Timeout during connect (likely firewall problem)

   Domain: 12312sonic.duckdns.org
   Type:   connection
   Detail: Fetching
   http://12312sonic.duckdns.org/.well-known/acme-challenge/LmUoiGYpTLHX1Co87bfKyC3yveZwjMneQXxf0jbebxI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.