C_James Posted August 26, 2019 Share Posted August 26, 2019 (edited) so what do you recommend? like ive tried to everything ive read online, contacted ISP and they say they are not blocking any ports so im totally stumped Edited August 26, 2019 by C_James Quote Link to comment
Riotz Posted August 26, 2019 Share Posted August 26, 2019 Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters. I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that: Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf # https://www.cloudflare.com/ips # IPv4 allow 173.245.48.0/20; allow 103.21.244.0/22; allow 103.22.200.0/22; allow 103.31.4.0/22; allow 141.101.64.0/18; allow 108.162.192.0/18; allow 190.93.240.0/20; allow 188.114.96.0/20; allow 197.234.240.0/22; allow 198.41.128.0/17; allow 162.158.0.0/15; allow 104.16.0.0/12; allow 172.64.0.0/13; allow 131.0.72.0/22; # IPv6 allow 2400:cb00::/32; allow 2606:4700::/32; allow 2803:f800::/32; allow 2405:b500::/32; allow 2405:8100::/32; allow 2a06:98c0::/29; allow 2c0f:f248::/32; Edited the site-conf default file for my main site to add the lines: include /config/nginx/cloudflare-allow.conf; deny all; Restarted the LetsEncrypt container. This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree? Thanks, Quote Link to comment
C_James Posted August 26, 2019 Share Posted August 26, 2019 3 hours ago, Riotz said: Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters. I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that: Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf # https://www.cloudflare.com/ips # IPv4 allow 173.245.48.0/20; allow 103.21.244.0/22; allow 103.22.200.0/22; allow 103.31.4.0/22; allow 141.101.64.0/18; allow 108.162.192.0/18; allow 190.93.240.0/20; allow 188.114.96.0/20; allow 197.234.240.0/22; allow 198.41.128.0/17; allow 162.158.0.0/15; allow 104.16.0.0/12; allow 172.64.0.0/13; allow 131.0.72.0/22; # IPv6 allow 2400:cb00::/32; allow 2606:4700::/32; allow 2803:f800::/32; allow 2405:b500::/32; allow 2405:8100::/32; allow 2a06:98c0::/29; allow 2c0f:f248::/32; Edited the site-conf default file for my main site to add the lines: include /config/nginx/cloudflare-allow.conf; deny all; Restarted the LetsEncrypt container. This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree? Thanks, uninstall reinstall? other than that no idea wish i could get what im trying to do to work, no luck at all. Quote Link to comment
aptalca Posted August 26, 2019 Share Posted August 26, 2019 5 hours ago, Riotz said: Hello, my server rebooted recently, ungracefully due to a power outage, and now my domains are reporting that the server is down through CloudFlare. I have Cypto set to Full as Flexible does not work for me if that matters. I tracked the error down to mean that WordPress is blocking the IPs from CloudFlare so I tried to add the CloudFlare IPs into NGINX but I cant get it to work. Here is how I did that: Created the file cloudflare-allow.conf with the whitelisted CloudFlare IPs (contents below) and put it in the same location as ssl.conf and nginx.conf # https://www.cloudflare.com/ips # IPv4 allow 173.245.48.0/20; allow 103.21.244.0/22; allow 103.22.200.0/22; allow 103.31.4.0/22; allow 141.101.64.0/18; allow 108.162.192.0/18; allow 190.93.240.0/20; allow 188.114.96.0/20; allow 197.234.240.0/22; allow 198.41.128.0/17; allow 162.158.0.0/15; allow 104.16.0.0/12; allow 172.64.0.0/13; allow 131.0.72.0/22; # IPv6 allow 2400:cb00::/32; allow 2606:4700::/32; allow 2803:f800::/32; allow 2405:b500::/32; allow 2405:8100::/32; allow 2a06:98c0::/29; allow 2c0f:f248::/32; Edited the site-conf default file for my main site to add the lines: include /config/nginx/cloudflare-allow.conf; deny all; Restarted the LetsEncrypt container. This did not work so I am not sure I am doing this correctly. Can anyone lend a hand to advise the proper way to do this or if I am even barking up the right tree? Thanks, Turn off cloudflare proxy (orange cloud)? That's what we recommend anyway. If you want to proxy through cloudflare, we don't officially support that (ie. you're on your own). Quote Link to comment
aptalca Posted August 26, 2019 Share Posted August 26, 2019 9 hours ago, C_James said: so what do you recommend? like ive tried to everything ive read online, contacted ISP and they say they are not blocking any ports so im totally stumped Did you follow the steps in the link I posted for you? You didn't even post a full log. You keep saying it doesn't work. I don't know how you expect us to help you more. Quote Link to comment
lovingHDTV Posted August 26, 2019 Share Posted August 26, 2019 (edited) I mistakenly clobbered my letsencrypt docker. Hint don't install two dockers with the same name, even mistakenly. So I started over new and followed the same walk through as I did last time, but things didn't work this time. https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/ I filled in the docker just like the tutorial says, but using my data which is also on duckdns.org. It first went wrong after I started the docker and I couldn't even connect to get the "Welcome to our server" message. When I connect to port 81 I get "site cannot be reached, connection refused". I continued, thinking that now I may need more configuration to get it working. After completing the setup and adding a /sonarr subdirectory I still get that message for port 81, but now for port 444 I get a password prompt, which I enter and then it gives me 403 Forbidden NGINIX 1.16.1. I was happy to see the username/password prompt, but the 403 is annoying. It happens for every subdirectory. Any ideas? thanks david Edited August 26, 2019 by lovingHDTV Quote Link to comment
lovingHDTV Posted August 26, 2019 Share Posted August 26, 2019 (edited) 40 minutes ago, lovingHDTV said: I mistakenly clobbered my letsencrypt docker. Hint don't install two dockers with the same name, even mistakenly. So I started over new and followed the same walk through as I did last time, but things didn't work this time. https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/ I filled in the docker just like the tutorial says, but using my data which is also on duckdns.org. It first went wrong after I started the docker and I couldn't even connect to get the "Welcome to our server" message. When I connect to port 81 I get "site cannot be reached, connection refused". I continued, thinking that now I may need more configuration to get it working. After completing the setup and adding a /sonarr subdirectory I still get that message for port 81, but now for port 444 I get a password prompt, which I enter and then it gives me 403 Forbidden NGINIX 1.16.1. I was happy to see the username/password prompt, but the 403 is annoying. It happens for every subdirectory. Any ideas? thanks david OK I narrowed it down to my password file. If I remove it from the site-confs/default I can access everything internally and externally. If I put in: auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; I immediately get a 403 Forbidden message. no chance to even enter the password. I tried Edge, as I hadn't use it and I did get the password prompt before getting the 403 message. Edited August 26, 2019 by lovingHDTV Quote Link to comment
lovingHDTV Posted August 27, 2019 Share Posted August 27, 2019 40 minutes ago, lovingHDTV said: OK I narrowed it down to my password file. If I remove it from the site-confs/default I can access everything internally and externally. If I put in: auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; I immediately get a 403 Forbidden message. no chance to even enter the password. I tried Edge, as I hadn't use it and I did get the password prompt before getting the 403 message. Nevermind, I found that my .htpasswd was located at /config/nginx/site-confs/.htpasswd. moved it to the correct place and everything started working. Quote Link to comment
Riotz Posted August 29, 2019 Share Posted August 29, 2019 On 8/26/2019 at 5:59 PM, aptalca said: Turn off cloudflare proxy (orange cloud)? That's what we recommend anyway. If you want to proxy through cloudflare, we don't officially support that (ie. you're on your own). I did this and I can connect to it internally but not from any outside network. It was working perfectly while proxied (orange cloud) through cloudflare. I am not sure why it stopped working all of a sudden. I guess I will look elsewhere for an explanation. I just dont get why it broke all of a sudden. Quote Link to comment
sauso Posted August 29, 2019 Share Posted August 29, 2019 6 hours ago, Riotz said: I did this and I can connect to it internally but not from any outside network. It was working perfectly while proxied (orange cloud) through cloudflare. I am not sure why it stopped working all of a sudden. I guess I will look elsewhere for an explanation. I just dont get why it broke all of a sudden. Stupid question but did your external IP change? I get cloudflare message only if my Internet is down or my IP has changed. https://whatismyipaddress.com/ Quote Link to comment
Riotz Posted August 29, 2019 Share Posted August 29, 2019 4 hours ago, sauso said: Stupid question but did your external IP change? I get cloudflare message only if my Internet is down or my IP has changed. https://whatismyipaddress.com/ It turns out the configuration on my UniFi controller needed to be reloaded. Traffic was not passing through port 443. Now I have a new problem with the container... Is there a way to fix this? Quote Link to comment
Nano Posted August 29, 2019 Share Posted August 29, 2019 (edited) It works fine but i notice this in Logs. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: Is this something to worry about / future update? Sorry ill change my question, I guess its harmless which is cool, It just doesn't fix my OCD ! Edited August 31, 2019 by Nano Quote Link to comment
JonathanM Posted August 29, 2019 Share Posted August 29, 2019 1 hour ago, Nano said: It works fine but i notice this in Logs. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: Is this something to worry about / future update? This response 2 months ago in this thread sums it up nicely. https://forums.unraid.net/topic/51808-support-linuxserverio-letsencrypt-nginx/?do=findComment&comment=748653 Quote Link to comment
fachizel90 Posted August 31, 2019 Share Posted August 31, 2019 On 8/30/2019 at 5:11 AM, jonathanm said: This response 2 months ago in this thread sums it up nicely. https://forums.unraid.net/topic/51808-support-linuxserverio-letsencrypt-nginx/?do=findComment&comment=748653 Hi I had a similar issue and did a github search, from what I can understand the issue does not cause anything to malfunction and is not an issue with the docker, will have to wait for a fix. I am confused because my certs seem to have expired. How do I fix that? Quote Link to comment
Nano Posted August 31, 2019 Share Posted August 31, 2019 Is it possible to not have NGINX not respond on the External IP, For example to get rid of the Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] Ofcourse all the SubDomains work but it would be better if the default external would reject it. Possible ? Quote Link to comment
aptalca Posted September 1, 2019 Share Posted September 1, 2019 12 hours ago, Nano said: Is it possible to not have NGINX not respond on the External IP, For example to get rid of the Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] Ofcourse all the SubDomains work but it would be better if the default external would reject it. Possible ? Comment out the main location block in the default site config Quote Link to comment
Nano Posted September 1, 2019 Share Posted September 1, 2019 15 hours ago, aptalca said: Comment out the main location block in the default site config Hi I did this but then it just redirected directly to a subdomain. I did as follow's in "Site Confs" Defaults # main server block #server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # # root /config/www; # index index.html index.htm index.php; #} server { I pasted the server { at the bottom after commenting out as otherwise letencrypt log would just whine Quote Link to comment
sansoo22 Posted September 3, 2019 Share Posted September 3, 2019 I don't need support. I just wanted to say thanks for this container and its continuous maintenance. I started with Aptalca's container then switched to the linuxserver.io container. Its been close to 3 yrs of rock solid performance. I often forget its even running. I thought about switching to the Nginx Proxy Manager for the nice GUI and the fact the nginx syntax makes me commit typo errors for whatever reason. However the lack of fail2ban in that container has kept me away. I'm so glad you guys decided to bake that in. You can watch what I assume are bots getting blocked daily and its a nice peace of mind. This container works great with my firewalled "docker" VLAN using Custom br0. Between the firewall and fail2ban I feel my little home setup is about as secure as I can get it. As a fellow dev I know we don't always hear a peep from users in regards to appreciation for our hours of hard work. So thanks again for keeping this container going. I really do appreciate it. 3 Quote Link to comment
MothyTim Posted September 4, 2019 Share Posted September 4, 2019 Hi, trying to get UNMS to work correctly, has anyone had success with this? I can connect ok to the GUI but can't get devices to connect! Here is my conf file. # make sure that your dns has a cname set for unms and that your unms container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name unms.berecomputing.co.uk; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unms unms; proxy_pass https://$upstream_unms:443; } location /wss { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unms unms; proxy_pass https://$upstream_unms:443; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } Can anyone see anything wrong here? Cheers, Tim Quote Link to comment
Tuumke Posted September 4, 2019 Share Posted September 4, 2019 6 hours ago, MothyTim said: Hi, trying to get UNMS to work correctly, has anyone had success with this? I can connect ok to the GUI but can't get devices to connect! Here is my conf file. -snip- Can anyone see anything wrong here? Cheers, Tim This is just the Unifi controller right? I thought there was a standard config file for it in the letsencrypt docker from ls.io? I checked my docker, it has this file: user@TOWER:/mnt/user/dockers/letsencrypt/nginx/proxy-confs# cat unifi.subdomain.conf.sample # make sure that your dns has a cname set for unifi and that your unifi container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name unifi.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi; proxy_pass https://$upstream_unifi:8443; } location /wss { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi; proxy_pass https://$upstream_unifi:8443; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } Quote Link to comment
MothyTim Posted September 4, 2019 Share Posted September 4, 2019 8 minutes ago, Tuumke said: This is just the Unifi controller right? I thought there was a standard config file for it in the letsencrypt docker from ls.io? I checked my docker, it has this file: user@TOWER:/mnt/user/dockers/letsencrypt/nginx/proxy-confs# cat unifi.subdomain.conf.sample # make sure that your dns has a cname set for unifi and that your unifi container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name unifi.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi; proxy_pass https://$upstream_unifi:8443; } location /wss { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_unifi unifi; proxy_pass https://$upstream_unifi:8443; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } Hi, no it’s UNMS controller it’s for the Edge series products from Ubiquity. I have UniFi working perfectly, just can’t get UNMS to connect devices! cheers, Tim Quote Link to comment
MattFaz Posted September 5, 2019 Share Posted September 5, 2019 Hey all, Having trouble with Sabnzbd, I keep getting 502 Bad Gateway. I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong? I have Sabnzbd port 8080 mapped to port 8123. I have updated the sabnzbd.subdomain.conf file accordingly: #server { listen 443 ssl; listen [::]:443 ssl; server_name sabnzbd.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } location ~ (/sabnzbd)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } } Any help would be much appreciated. Quote Link to comment
MothyTim Posted September 5, 2019 Share Posted September 5, 2019 8 hours ago, Mattyfaz said: Hey all, Having trouble with Sabnzbd, I keep getting 502 Bad Gateway. I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong? I have Sabnzbd port 8080 mapped to port 8123. I have updated the sabnzbd.subdomain.conf file accordingly: #server { listen 443 ssl; listen [::]:443 ssl; server_name sabnzbd.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } location ~ (/sabnzbd)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } } Any help would be much appreciated. Have you edited server_name with your domain name and left it blank here for security? Quote Link to comment
j0nnymoe Posted September 5, 2019 Share Posted September 5, 2019 13 hours ago, Mattyfaz said: Hey all, Having trouble with Sabnzbd, I keep getting 502 Bad Gateway. I have ensured I have setup the CNAME correctly, I have several others running (Sonarr, Radarr, etc.) and they all work fine. It appears to just be Sabnzbd that is failing. Not really sure what is wrong? I have Sabnzbd port 8080 mapped to port 8123. I have updated the sabnzbd.subdomain.conf file accordingly: #server { listen 443 ssl; listen [::]:443 ssl; server_name sabnzbd.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } location ~ (/sabnzbd)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sabnzbd sabnzbd; proxy_pass http://$upstream_sabnzbd:8123; } } Any help would be much appreciated. You don't need to change the port number within the reverse proxy config. Quote Link to comment
fachizel90 Posted September 5, 2019 Share Posted September 5, 2019 Hi my certificates seem to have expired and arent renewing properly. Everything shows an insecure connection error. I managed to find a command that forces a renewal but it failed also. Please Help. Quote root@f95960ea16c1:/# certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/12312.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for 12312.duckdns.org http-01 challenge for 12312books.duckdns.org http-01 challenge for 12312cloud.duckdns.org http-01 challenge for 12312collab.duckdns.org http-01 challenge for 12312eb.duckdns.org http-01 challenge for 12312sonic.duckdns.org Waiting for verification... Challenge failed for domain 12312.duckdns.org Challenge failed for domain 12312books.duckdns.org Challenge failed for domain 12312cloud.duckdns.org Challenge failed for domain 12312collab.duckdns.org Challenge failed for domain 12312eb.duckdns.org Challenge failed for domain 12312sonic.duckdns.org http-01 challenge for 12312.duckdns.org http-01 challenge for 12312books.duckdns.org http-01 challenge for 12312cloud.duckdns.org http-01 challenge for 12312collab.duckdns.org http-01 challenge for 12312eb.duckdns.org http-01 challenge for 12312sonic.duckdns.org Cleaning up challenges Attempting to renew cert (12312eb.duckdns.org) from /etc/letsencrypt/renewal/12312.duckdns.org.conf produced an unexpected error: Some challenges have failed.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/12312.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/12312.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: 12312.duckdns.org Type: connection Detail: Fetching http://12312.duckdns.org/.well-known/acme-challenge/xOfjgjZ_gAKLszpRvZqKf8pgHx5lcTPNgeEe3qYeE6A: Timeout during connect (likely firewall problem) Domain: 12312books.duckdns.org Type: connection Detail: Fetching http://12312.duckdns.org/.well-known/acme-challenge/jGgGqvMpMyzbwla7Dud0wKkcEiGSNRPsgVezc-CSi1s: Timeout during connect (likely firewall problem) Domain: 12312cloud.duckdns.org Type: connection Detail: Fetching http://12312cloud.duckdns.org/.well-known/acme-challenge/mWozEdw7z4qzkVItZn6UaIVKtwF83JLL3CHBymGU28I: Timeout during connect (likely firewall problem) Domain: 12312collab.duckdns.org Type: connection Detail: Fetching http://12312collab.duckdns.org/.well-known/acme-challenge/gFj5JsqKpK2GVqsDeSUtTn2Maydv9zlu0gkKMF6uYtE: Timeout during connect (likely firewall problem) Domain: 12312eb.duckdns.org Type: connection Detail: Fetching http://12312eb.duckdns.org/.well-known/acme-challenge/SKDzPo7Aj6iZpQ4fsTRrckvesdBbX3RiuaNpStuGDsg: Timeout during connect (likely firewall problem) Domain: 12312sonic.duckdns.org Type: connection Detail: Fetching http://12312sonic.duckdns.org/.well-known/acme-challenge/LmUoiGYpTLHX1Co87bfKyC3yveZwjMneQXxf0jbebxI: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.