Kaizac Posted March 5, 2019 Share Posted March 5, 2019 Just now, ofthethorn said: All seems to work now. Alas, still no connection to the local server. Probably should've added that I can't even connect to plex docker IP address. Did you configure also enable access from outside your network in Plex and open port 32400 in your router to your docker? If so, disable that all. Your plex docker should only be accessible through your LE setup. And what mode is Plex on? Own IP, or bridge or host, or? Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 Just now, Kaizac said: Did you configure also enable access from outside your network in Plex and open port 32400 in your router to your docker? If so, disable that all. Your plex docker should only be accessible through your LE setup. And what mode is Plex on? Own IP, or bridge or host, or? Port 32400 is closed, so that's a negative. Plex is on a separate network, the same as duckDNS and Le. Quote Link to comment
Kaizac Posted March 5, 2019 Share Posted March 5, 2019 Just now, ofthethorn said: Port 32400 is closed, so that's a negative. Plex is on a separate network, the same as duckDNS and Le. Seperate network? What does that mean? If you mean a VLAN and you haven't enabled access from your LAN to that VLAN your router/firewall is blocking your local access. Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 Just now, Kaizac said: Seperate network? What does that mean? If you mean a VLAN and you haven't enabled access from your LAN to that VLAN your router/firewall is blocking your local access. That may actually be it. I followed spaceinvader one's guide, I believe. And he recommended making a new docker network. Quote Link to comment
Kaizac Posted March 5, 2019 Share Posted March 5, 2019 Just now, ofthethorn said: That may actually be it. I followed spaceinvader one's guide, I believe. And he recommended making a new docker network. Try giving plex it's own IP first by putting it on br0 or something. That will put it on your LAN. If you can access it locally then, you know that's the issue. 1 Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 2 minutes ago, Kaizac said: Try giving plex it's own IP first by putting it on br0 or something. That will put it on your LAN. If you can access it locally then, you know that's the issue. That sorted it. Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 7 minutes ago, Kaizac said: Try giving plex it's own IP first by putting it on br0 or something. That will put it on your LAN. If you can access it locally then, you know that's the issue. Another quick update: since my router is a piece of trash I cannot control (forced by ISP) I decided to just add a second plex container, change its name and give it its own appdata folder. This container will solely be used for local access and is not setup in the LE docker. This won't have any downsides I hope... Thanks for all your help though! Really appreciate the effort. Quote Link to comment
Kaizac Posted March 5, 2019 Share Posted March 5, 2019 5 minutes ago, ofthethorn said: Another quick update: since my router is a piece of trash I cannot control (forced by ISP) I decided to just add a second plex container, change its name and give it its own appdata folder. This container will solely be used for local access and is not setup in the LE docker. This won't have any downsides I hope... Thanks for all your help though! Really appreciate the effort. But why? It's incredibly inefficient, straining your server needlessley and you have configure 2 dockers. You can have both, local and WAN access to the same docker. You just need to configure it well. So your DuckDNS doesn't need to be on the docker network. It can just be in host mode on your Unraid box. For your LE docker I would also give that docker it's own IP and make sure your redirect your router to that IP (I assume this is what you also did for your current setup?). And then in your nginx config you use the ip of your Plex docker and both WAN as LAN access should work. 1 Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 14 minutes ago, Kaizac said: -snip- I'll look into it when I get back home. I'll let you know how it goes! Thanks for all the help though. Quote Link to comment
JonathanM Posted March 5, 2019 Share Posted March 5, 2019 1 hour ago, ofthethorn said: since my router is a piece of trash I cannot control (forced by ISP) If that router will allow you to pass through your public IP to a specific device, you could always put your own router in place and get control again. Quote Link to comment
ofthethorn Posted March 5, 2019 Share Posted March 5, 2019 5 hours ago, Kaizac said: But why? It's incredibly inefficient, straining your server needlessley and you have configure 2 dockers. You can have both, local and WAN access to the same docker. You just need to configure it well. So your DuckDNS doesn't need to be on the docker network. It can just be in host mode on your Unraid box. For your LE docker I would also give that docker it's own IP and make sure your redirect your router to that IP (I assume this is what you also did for your current setup?). And then in your nginx config you use the ip of your Plex docker and both WAN as LAN access should work. I got it. I got stuck after doing what you described. I, like a complete dummy, forgot to change the plex conf file. Got it all working. Thanks for all the help man. Quote Link to comment
thrroow Posted March 7, 2019 Share Posted March 7, 2019 Trying to setup an HTML5 speedtest to be accessable via subdomain but I am having no luck. All other dockers work on subdomains fine, and the speedtest works on the localip:port, but for some reason nginx is having an issue serving it. My config is: server { listen 443 ssl; listen [::]:443 ssl; server_name speedtest.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_speedtest speedtest; proxy_pass http://$upstream_speedtest:6580; } } Any ideas? Quote Link to comment
aptalca Posted March 7, 2019 Share Posted March 7, 2019 4 minutes ago, thrroow said: Trying to setup an HTML5 speedtest to be accessable via subdomain but I am having no luck. All other dockers work on subdomains fine, and the speedtest works on the localip:port, but for some reason nginx is having an issue serving it. My config is: server { listen 443 ssl; listen [::]:443 ssl; server_name speedtest.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_speedtest speedtest; proxy_pass http://$upstream_speedtest:6580; } } Any ideas? Is your speedtest running inside a container named speedtest? And is that service listening on port 6580 inside the container? If it's actually listening on 80 inside the container but you mapped it to 6580 on the host, you need to use 80 in the proxy pass directive Quote Link to comment
thrroow Posted March 7, 2019 Share Posted March 7, 2019 1 minute ago, aptalca said: Is your speedtest running inside a container named speedtest? And is that service listening on port 6580 inside the container? If it's actually listening on 80 inside the container but you mapped it to 6580 on the host, you need to use 80 in the proxy pass directive Yes the container is called "speedtest" and it maps 80:6580. It's setup in the exact same manner as sonarr/radarr etc. except with the docker name and port switched out. Quote Link to comment
aptalca Posted March 7, 2019 Share Posted March 7, 2019 7 hours ago, thrroow said: Yes the container is called "speedtest" and it maps 80:6580. It's setup in the exact same manner as sonarr/radarr etc. except with the docker name and port switched out. Then like I said, use port 80 in your proxy pass directive Quote Link to comment
cablecutter Posted March 7, 2019 Share Posted March 7, 2019 (edited) Hi all, Having an odd issue at container startup "Can't open privkey.pem for reading, No such file or directory". However, the keys are saved in the folder specified and the privileges for the files should allow letsencrypt to access them (even tried 777). Any help would be appreciated. - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/XXXXXXX.duckdns.org-0001/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/XXXXXXX.duckdns.org-0001/privkey.pem Your cert will expire on 2019-06-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Can't open privkey.pem for reading, No such file or directory 22760616274792:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('privkey.pem','r') 22760616274792:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: unable to load private key cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready Edit: After fiddling a bit the problem continues and now I cannot get new certs. ... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate An unexpected error occurred: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: XXXXXXX.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. Can't open privkey.pem for reading, No such file or directory 23291569253224:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('privkey.pem','r') 23291569253224:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: unable to load private key cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) [services.d] done. Server ready Server ready nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Edited March 7, 2019 by cablecutter Quote Link to comment
aptalca Posted March 8, 2019 Share Posted March 8, 2019 8 hours ago, cablecutter said: Hi all, Having an odd issue at container startup "Can't open privkey.pem for reading, No such file or directory". However, the keys are saved in the folder specified and the privileges for the files should allow letsencrypt to access them (even tried 777). Any help would be appreciated. - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/XXXXXXX.duckdns.org-0001/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/XXXXXXX.duckdns.org-0001/privkey.pem Your cert will expire on 2019-06-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Can't open privkey.pem for reading, No such file or directory 22760616274792:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('privkey.pem','r') 22760616274792:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: unable to load private key cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready Edit: After fiddling a bit the problem continues and now I cannot get new certs. ... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate An unexpected error occurred: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: XXXXXXX.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. Can't open privkey.pem for reading, No such file or directory 23291569253224:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('privkey.pem','r') 23291569253224:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: unable to load private key cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) [services.d] done. Server ready Server ready nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] BIO_new_file("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Post your container settings Quote Link to comment
thrroow Posted March 8, 2019 Share Posted March 8, 2019 14 hours ago, aptalca said: Then like I said, use port 80 in your proxy pass directive Is the proxy pass directive the .conf file within nginx? Quote Link to comment
cablecutter Posted March 8, 2019 Share Posted March 8, 2019 (edited) 11 hours ago, aptalca said: Post your container settings 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d XXXXXX.duckdns.org -d XXXXXXX.duckdns.org -d XXXXXXXX.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: linnaeus.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Edited March 8, 2019 by cablecutter Quote Link to comment
j0nnymoe Posted March 8, 2019 Share Posted March 8, 2019 2 minutes ago, cablecutter said: 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d XXXXXX.duckdns.org -d XXXXXXX.duckdns.org -d XXXXXXXX.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: linnaeus.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container You've hit the request limit: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: linnaeus.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Need to wait for that to reset which I believe is 7 days. Quote Link to comment
aptalca Posted March 8, 2019 Share Posted March 8, 2019 11 hours ago, thrroow said: Is the proxy pass directive the .conf file within nginx? It's the last line in the config file you posted, the line that starts with proxy pass Quote Link to comment
aptalca Posted March 8, 2019 Share Posted March 8, 2019 (edited) 34 minutes ago, cablecutter said: 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d XXXXXX.duckdns.org -d XXXXXXX.duckdns.org -d XXXXXXXX.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: linnaeus.duckdns.org,linnio.duckdns.org,lserv.duckdns.org: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container It seems when you messed with the permissions, you prevented the container from properly deleting the certs folder and when it regenerated certs, it created a duplicate folder with a 0001 appended to the name. Start over, don't change any permissions. Also a side note, duckdns shouldn't really be the url variable. Url should be yoursubdomain.duckdns.org and subdomains should be any sub-subdomains you would like to use ie. "sonarr" so you can access sonarr.yoursubdomain.duckdns.org If you need to add additional duckdns subdomains (usually needed for servers with different IPs, although I doubt that's the case here since they all need to point to the same letsencrypt instance), put them in the extra domains. Edited March 8, 2019 by aptalca Quote Link to comment
cablecutter Posted March 8, 2019 Share Posted March 8, 2019 Thanks aptalca, I deleted the folder and started from scratch, but won't be able to test this again until the cert request count resets. Quote Link to comment
aptalca Posted March 9, 2019 Share Posted March 9, 2019 14 hours ago, cablecutter said: Thanks aptalca, I deleted the folder and started from scratch, but won't be able to test this again until the cert request count resets. If you change the set, you'll be able to get a cert because your current restriction is "for the exact set of domains". I recommend starting with one duckdns subdomain as the url and see what happens. You can then expand if you need to Quote Link to comment
sfnetwork Posted March 11, 2019 Share Posted March 11, 2019 (edited) OK, I REALLY need help!!! I'm exhausted trying to make this work (Letsencrypt and NGINX) After A LOT of time trying to get my certificates to validate, I finally contacted my ISP who confirmed they are blocking port 80... So I got my domain name to CloudFlare and change the validation to that so FINALLY, I was able to get Letsencrypt get the certificates. So now, my problem is nginx, I just can't get the HTTPS url to work. (trying first with nextcloud and SABNZBD) I read a lot of tutorials, etc... and pretty sure I got everything right... Here is my letsencrypt docker settings: -CNAME created -I can ping the subdomains -Did the custom network for the dockers and assigned letsencrypt, nextcloud and SABNZBD to it -Did my NAT config in my PFSENSE to open 443 (to 443 since that's what i'm using in the docker (UNRAID is using another port than 80 also) I confirmed port 443 is opened when Letsencrypt is running so the port is opened: Renamed the file in /appdata/letsencrypt/nginx/proxy-confs (the one for nextcloud subdomain and sabnzbd for subdomain) Edited the config.php in /appdata/nextcloud/www/nextcloud (change my actual domain name for "mydomain.ca") <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oceazvkmg45k', 'passwordsalt' => 'EaiIqWmh7ARTfOGMcQPjIlPy/ZXcmL', 'secret' => 'UfTMrKdIb3ZmO/CNaFUgZSz2ygB91jt8M4JcyJ5aizsHxGWe', 'trusted_domains' => array ( 0 => '192.168.1.5:444', 1 => 'nextcloud.mydomain.ca', ), 'trusted_proxies' => ['letsencrypt'], 'overwrite.cli.url' => 'https://nextcloud.mydomain.ca/', 'overwritehost' => 'nextcloud.mydomain.ca', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '15.0.2.0', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.5:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'sf-Pass', 'installed' => true, ); Restarted all dockers multiple times but still cannot access using https://nextcloud.mydomain.ca Please help, I'm out of idea (and patience lol) ***I'm on RC version 6.7.0 RC5, god I hope that is not why it's not working... Edited March 11, 2019 by sfnetwork Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.