Orejo Posted January 11, 2020 Share Posted January 11, 2020 I'm experiencing a strange issue. When I'm accessing Nextcloud locally, I get redirected to the unRAID dashboard and I get to see the login prompt for the dashboard. When I'm outside my network, the connection works fine. I have other services set up, such as Sonarr and Radarr, both of which work fine externally and internally. I've attached my config files. config.php nextcloud.subdomain.conf Quote Link to comment
aptalca Posted January 11, 2020 Share Posted January 11, 2020 (edited) 21 hours ago, WyoFarr said: Hi All, After two days of googling, a bit of an exaggeration, I can't figure out why I'm failing certification. I think my port forwarding is set up correctly, running an edgerouter x sfp. ***** the domain name but it's filled out properly I think. here's the log output, and attached is a screen shot of my port forwarding. 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d ***** E-mail address entered: ***** http validation is selected Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: /usr/lib/python3.8/site-packages/digitalocean/LoadBalancer.py:19: SyntaxWarning: "is" with a literal. Did you mean "=="? if type is 'cookies': /usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:65: SyntaxWarning: "is" with a literal. Did you mean "=="? if self.email is '' or self.token is '': /usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:65: SyntaxWarning: "is" with a literal. Did you mean "=="? if self.email is '' or self.token is '': /usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:89: SyntaxWarning: "is" with a literal. Did you mean "=="? if self.email is '' or self.token is '': /usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:89: SyntaxWarning: "is" with a literal. Did you mean "=="? if self.email is '' or self.token is '': /usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:113: SyntaxWarning: "is" with a literal. Did you mean "=="? if self.certtoken is '' or self.certtoken is None: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ***** Waiting for verification... Challenge failed for domain ***** http-01 challenge for ***** Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: ***** Type: unauthorized Detail: Invalid response from http://*****/.well-known/acme-challenge/P_1kowh6nWwToCI-ORAGFWGYL3TfRmq28Znn3o6Q5IA [162.241.225.183]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Your port forwarding is not correctly applied. Try restarting the router Edited January 11, 2020 by aptalca Quote Link to comment
aptalca Posted January 11, 2020 Share Posted January 11, 2020 12 hours ago, Orejo said: I'm experiencing a strange issue. When I'm accessing Nextcloud locally, I get redirected to the unRAID dashboard and I get to see the login prompt for the dashboard. When I'm outside my network, the connection works fine. I have other services set up, such as Sonarr and Radarr, both of which work fine externally and internally. I've attached my config files. config.php nextcloud.subdomain.conf 1.06 kB · 1 download It's your router and/or port settings. I'm assuming you're running unraid on port 443. Your router is redirecting internal (lan) requests to your domain to the unraid ip in the same 443 port, so you're getting unraid. You can move unraid's https port to something else and run letsencrypt on 443 instead 1 Quote Link to comment
mmwiebe Posted January 12, 2020 Share Posted January 12, 2020 Hi all, First time posting, hope I'm in the right spot. I managed to install letsencript with spaceinader ones video, my diffieculty is that I was hoping to use the web hosting part of the docker to run dolibarr.org an ERP & CRM. I managed to clean install it and connect the data base using mariadb and login. Then it randomly reactivated the install and got stuck there. Nothing I did fixed it. Then I tried to installing dolibarr using the apache docker it worked to install and login, then the next day I could not login, i was stuck at the login page, I want to use dolibarr for my own personal access. not have others access it. it anyone as a better software than dolibarr please let me know. I would appreciate any help that's available, have a wonder full day. Quote Link to comment
unRaide Posted January 12, 2020 Share Posted January 12, 2020 Hi, i've been using this docker without issue for months after following spaceinvaderone's video. A couple weeks ago i started getting notifications that my certs were going to expire however after checking the logs i couldn't find any issues. Unfortunately, they have now expired and I'm not sure how to debug further? Here is a screenshot of my logs, docker and router settings. I also recently changed my router although i did add the port forwarding. Any ideas? Quote Link to comment
blaine07 Posted January 12, 2020 Share Posted January 12, 2020 Hi, i've been using this docker without issue for months after following spaceinvaderone's video. A couple weeks ago i started getting notifications that my certs were going to expire however after checking the logs i couldn't find any issues. Unfortunately, they have now expired and I'm not sure how to debug further? Here is a screenshot of my logs, docker and router settings. I also recently changed my router although i did add the port forwarding. Any ideas? I can’t tell you what has went wrong but edit Letsencrypt, add a additional subdomain, save Letsencrypt config and then start Letsencrypt, let it boot. Stop Letsencrypt, remove subdomain, save and start it back up and they should renew. I’ve had issues occasionally with the certs not renewing, too, and this has 100% been the fix. :-) Quote Link to comment
saarg Posted January 12, 2020 Share Posted January 12, 2020 5 hours ago, unRaide said: Hi, i've been using this docker without issue for months after following spaceinvaderone's video. A couple weeks ago i started getting notifications that my certs were going to expire however after checking the logs i couldn't find any issues. Unfortunately, they have now expired and I'm not sure how to debug further? Here is a screenshot of my logs, docker and router settings. I also recently changed my router although i did add the port forwarding. Any ideas? You don't have control over duckdns.org. You need to add your part of the address before that, like myurl.duckdns.org. Not sure how you managed to get a cert that way. Do you only get an email saying it is expired or do you see it in the browser going to your domain? Quote Link to comment
WyoFarr Posted January 12, 2020 Share Posted January 12, 2020 15 hours ago, aptalca said: Your port forwarding is not correctly applied. Try restarting the router Thanks for the help, I've restarted the router and I'm still getting the same error messages. I changed the ports and updated the let'sencrpyrt so it's using the same ports. it looks like I'm receiving packets just perhaps not the let's encrypt? Screen shot of my docker set up attached too. Is there something wrong in the flow? trying to cert my cloud.*****.com. which redirects to ****.duckdns.com which when I load that webpage it appears to come back to my router as I see the packet increment by 1 and bytes by 128. Quote Link to comment
aptalca Posted January 12, 2020 Share Posted January 12, 2020 4 hours ago, WyoFarr said: Thanks for the help, I've restarted the router and I'm still getting the same error messages. I changed the ports and updated the let'sencrpyrt so it's using the same ports. it looks like I'm receiving packets just perhaps not the let's encrypt? Screen shot of my docker set up attached too. Is there something wrong in the flow? trying to cert my cloud.*****.com. which redirects to ****.duckdns.com which when I load that webpage it appears to come back to my router as I see the packet increment by 1 and bytes by 128. The letsencrypt log you posted earlier shows port 80 going to unraid gui Quote Link to comment
izarkhin Posted January 12, 2020 Share Posted January 12, 2020 (edited) Hi guys! I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms: [mysubdomain].duckdns.org works fine externally [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached" I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back I can successfully trace [mysubdomain].duckdns.org from LAN duckdns.org website shows the correct public IP my Advanced Tomato router shows the correct public IP address forwarded to its WAN port I restarted letsencrypt container and didn't see any errors in the log I restarted duckdns container and didn't see any errors in the log I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before What am I missing? How can I troubleshoot? Edited January 12, 2020 by izarkhin Quote Link to comment
unRaide Posted January 13, 2020 Share Posted January 13, 2020 18 hours ago, blaine07 said: I can’t tell you what has went wrong but edit Letsencrypt, add a additional subdomain, save Letsencrypt config and then start Letsencrypt, let it boot. Stop Letsencrypt, remove subdomain, save and start it back up and they should renew. I’ve had issues occasionally with the certs not renewing, too, and this has 100% been the fix. 🙂 Awesome, that did the trick... thx @blaine07!!! @saarg, just following spaceinvaderone's instructions @ 13:48. Quote Link to comment
levster Posted January 13, 2020 Share Posted January 13, 2020 (edited) I was reinstalling my letsencrypt, mariadb and nextcloud due to the fact that for some reason I lost all connection to my nextcloud and now, when I install letsencrypt following spaceinvader's tutorial, the log files for the container report that both of my subdomains fail challenges. I have used the same duckdns.org and subdomains for several years with no problem and have installed letsencrypt the exact same way several times. This is the first time I see this error. Am I missing something? letsencryptlog.txt Edited January 13, 2020 by levster Quote Link to comment
aptalca Posted January 13, 2020 Share Posted January 13, 2020 8 hours ago, izarkhin said: Hi guys! I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms: [mysubdomain].duckdns.org works fine externally [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached" I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back I can successfully trace [mysubdomain].duckdns.org from LAN duckdns.org website shows the correct public IP my Advanced Tomato router shows the correct public IP address forwarded to its WAN port I restarted letsencrypt container and didn't see any errors in the log I restarted duckdns container and didn't see any errors in the log I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before What am I missing? How can I troubleshoot? Look into hairpin nat 1 Quote Link to comment
rragu Posted January 13, 2020 Share Posted January 13, 2020 (edited) Quick question: I'm looking into setting up calibre-web and reverse proxying it using this LE container. When I check my nginx proxy-conf folder, I only see a subfolder sample file for calibre-web whereas pretty much every other container has both a subdomain and subfolder option. Does calibre-web alone work only with subfolders or is there an issue with my LE container install? I've restarted the LE container multiple times since I noticed the absence of the subdomain file (assuming it exists). My understanding is that the container re-downloads any missing proxy-conf files upon restart? Edited January 13, 2020 by rragu Clarity/accuracy Quote Link to comment
saarg Posted January 13, 2020 Share Posted January 13, 2020 1 minute ago, rragu said: Quick question: I'm looking into setting up calibre-web and reverse proxying it using this LE container. When I check my nginx proxy-conf folder, I only see a subfolder sample file for calibre-web whereas pretty much every other container has both a subdomain and subfolder option. Does calibre-web alone work only with subfolders or is there an issue with my LE container install? I've restarted the LE container multiple times since I noticed the absence of the subdomain file (assuming it exists). My understanding is that the container re-downloads any missing proxy-conf files upon restart? That just means nobody made a proxy conf for subdomain. Quote Link to comment
rragu Posted January 13, 2020 Share Posted January 13, 2020 1 minute ago, saarg said: That just means nobody made a proxy conf for subdomain. I just checked the LSIO GitHub reverse-proxy-conf repository (https://github.com/linuxserver/reverse-proxy-confs) and actually there is a 'calibre-web.subdomain.conf.sample' file here. 1) I assume I can just copy that file over into my LE container manually and continue as usual? 2) Maybe something to look into regarding why this file alone doesn't seem to get retrieved by the LE container upon restart (assuming this issue isn't specific to me)? Quote Link to comment
Londinium Posted January 13, 2020 Share Posted January 13, 2020 (edited) Hi, I've now received twice the "Let's Encrypt certificate expiration notice for domain" email and my certificate will now expire in 10 days. I've been using this Let's Encrypt container for two years without a single problem (btw : thanks a lot!) but it seems something went wrong few weeks ago. When going to my \appdata\letsencrypt\log\letsencrypt folder, no log have been written since the 15th of december : (ordered by last modification date) I don't recall modifying any config on my Unraid server in this timeframe, except upgrading to the final 6.8.0 (directly from the last 6.7.x version) and installing Wireguard (which is working fine). I don't know how to check the exact date I've installed Unraid 6.8.0 but it was quickly after its release. What I've tried without any success : restarting the docker restarting the server updating to Unraid 6.8.1 Looking for the the following informations : Logs are well written in the parent directories \log\fail2ban, \log\nginx and \log\php so I guess it's not a file permission issue. I see the following alert/error in the docker logs but from what I've found in this thread it's no big deal : nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') The docker container doesn't stop. I've double checked my ports forwarding : and tested with success both my 80 and 443 ports with https://www.canyouseeme.org because I had issue with my ports forwarding two years ago when installing this docker. Any help would be greatly appreciated 😅 Thanks! (my Unraid diagnostics are in attachment) Edit : Except for this issue, I have no problem accessing my services (e.g. : AirSonic / Ubooquity) from outside my network using my https url. Londinium unraid-diagnostics-20200113-1716.zip Edited January 13, 2020 by Londinium Quote Link to comment
aptalca Posted January 13, 2020 Share Posted January 13, 2020 2 hours ago, Londinium said: Hi, I've now received twice the "Let's Encrypt certificate expiration notice for domain" email and my certificate will now expire in 10 days. I've been using this Let's Encrypt container for two years without a single problem (btw : thanks a lot!) but it seems something went wrong few weeks ago. When going to my \appdata\letsencrypt\log\letsencrypt folder, no log have been written since the 15th of december : (ordered by last modification date) I don't recall modifying any config on my Unraid server in this timeframe, except upgrading to the final 6.8.0 (directly from the last 6.7.x version) and installing Wireguard (which is working fine). I don't know how to check the exact date I've installed Unraid 6.8.0 but it was quickly after its release. What I've tried without any success : restarting the docker restarting the server updating to Unraid 6.8.1 Looking for the the following informations : Logs are well written in the parent directories \log\fail2ban, \log\nginx and \log\php so I guess it's not a file permission issue. I see the following alert/error in the docker logs but from what I've found in this thread it's no big deal : nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') The docker container doesn't stop. I've double checked my ports forwarding : and tested with success both my 80 and 443 ports with https://www.canyouseeme.org because I had issue with my ports forwarding two years ago when installing this docker. Any help would be greatly appreciated 😅 Thanks! (my Unraid diagnostics are in attachment) Edit : Except for this issue, I have no problem accessing my services (e.g. : AirSonic / Ubooquity) from outside my network using my https url. Londinium unraid-diagnostics-20200113-1716.zip 80.63 kB · 0 downloads The readme explains how to troubleshoot that Quote Link to comment
aptalca Posted January 13, 2020 Share Posted January 13, 2020 10 hours ago, rragu said: I just checked the LSIO GitHub reverse-proxy-conf repository (https://github.com/linuxserver/reverse-proxy-confs) and actually there is a 'calibre-web.subdomain.conf.sample' file here. 1) I assume I can just copy that file over into my LE container manually and continue as usual? 2) Maybe something to look into regarding why this file alone doesn't seem to get retrieved by the LE container upon restart (assuming this issue isn't specific to me)? That was just added a few days ago. It will be included in the next letsencrypt build: https://github.com/linuxserver/reverse-proxy-confs/pull/111 Quote Link to comment
strike Posted January 13, 2020 Share Posted January 13, 2020 (edited) Now that you're required to have a registered account and a (free) license to get geolite2 updates, anyone knows how to get it to work with nginx? https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ Edit: Nevermind.. The answer is provided in the posted link, I'll just have to adjust my update script. Edited January 13, 2020 by strike Quote Link to comment
WyoFarr Posted January 13, 2020 Share Posted January 13, 2020 On 1/12/2020 at 12:40 PM, aptalca said: The letsencrypt log you posted earlier shows port 80 going to unraid gui Sorry where are you seeing this in the log? In the original post I had 180 and 1443 like the space invader one video. after bashing my head against this I decided to start over, this time the ports in use at 7980 and 7443. I've rebooted everything multiple times it seems like the port forwarding id working but I let's encrypt is failing to get back to itself. I did just notice this in the log. it's using a self assigned IP address for the server? 169.xxx. etc is most definitely not what unsaid is configured to, is this my problem/ if it is how do I fix this? Quote Link to comment
saarg Posted January 13, 2020 Share Posted January 13, 2020 12 hours ago, rragu said: I just checked the LSIO GitHub reverse-proxy-conf repository (https://github.com/linuxserver/reverse-proxy-confs) and actually there is a 'calibre-web.subdomain.conf.sample' file here. 1) I assume I can just copy that file over into my LE container manually and continue as usual? 2) Maybe something to look into regarding why this file alone doesn't seem to get retrieved by the LE container upon restart (assuming this issue isn't specific to me)? It gets added to letsencrypt when it's built, so whenever there is an updated package for the container. You can just add it to you proxy folder and it will work. Quote Link to comment
Orejo Posted January 13, 2020 Share Posted January 13, 2020 On 1/11/2020 at 10:25 PM, aptalca said: It's your router and/or port settings. I'm assuming you're running unraid on port 443. Your router is redirecting internal (lan) requests to your domain to the unraid ip in the same 443 port, so you're getting unraid. You can move unraid's https port to something else and run letsencrypt on 443 instead Thank you, appreciate your quick response. I can now access nextcloud locally, thanks! I moved unraid‘s https port to a different port and let letsencrypt run on 443; the letsencrypt http port is still on 81. Can I leave it as is or do I need to change the http port from either unraid or the letsencrypt container? Quote Link to comment
aptalca Posted January 13, 2020 Share Posted January 13, 2020 1 hour ago, Orejo said: Thank you, appreciate your quick response. I can now access nextcloud locally, thanks! I moved unraid‘s https port to a different port and let letsencrypt run on 443; the letsencrypt http port is still on 81. Can I leave it as is or do I need to change the http port from either unraid or the letsencrypt container? You can leave it. When you type address in the url bar (inside your lan), use https so the requests go to letsencrypt. Http requests will go to unraid's port 80 Quote Link to comment
aptalca Posted January 13, 2020 Share Posted January 13, 2020 1 hour ago, WyoFarr said: Sorry where are you seeing this in the log? In the original post I had 180 and 1443 like the space invader one video. after bashing my head against this I decided to start over, this time the ports in use at 7980 and 7443. I've rebooted everything multiple times it seems like the port forwarding id working but I let's encrypt is failing to get back to itself. I did just notice this in the log. it's using a self assigned IP address for the server? 169.xxx. etc is most definitely not what unsaid is configured to, is this my problem/ if it is how do I fix this? That ip is what letsencrypt is getting for your domain name. Check your dns settings if that is not your public ip Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.