Jump to content
linuxserver.io

[Support] Linuxserver.io - Letsencrypt (Nginx)

3699 posts in this topic Last Reply

Recommended Posts

6 hours ago, MarkPla7z said:

No it is still not available, however the Ip forwarded is correct as I run a teamspeak server on my unraid and that connects fine through my domain

Im getting this one error in letsencrypt 

https://gyazo.com/e55c2bac87cd6812f34ff5abc2a6122b

Then check your port forwarding and post your docker log here

Share this post


Link to post

g morning, docker update from today morning here, possible something broke ?

or is there a change i have to add ?

 

nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error relocating /var/lib/nginx/modules/ngx_stream_geoip2_module.so: ngx_stream_add_variable: symbol not found) in /etc/nginx/modules/http_geoip2.conf:1
 

Share this post


Link to post
4 minutes ago, alturismo said:

g morning, docker update from today morning here, possible something broke ?

or is there a change i have to add ?

 

nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error relocating /var/lib/nginx/modules/ngx_stream_geoip2_module.so: ngx_stream_add_variable: symbol not found) in /etc/nginx/modules/http_geoip2.conf:1
 

Same exact problem here after updating a few minutes ago. - 30.06.19: - Add geoip2 module.

Share this post


Link to post

for now, used tag amd64-0.35.1-ls38 a(8 hours ago) nd its ok, just as note

Share this post


Link to post

Hi

 

I'm getting this error in my logs but it still seems to be working:

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')

 

Share this post


Link to post
4 minutes ago, DZMM said:

Hi

 

I'm getting this error in my logs but it still seems to be working:

 


nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')

 

If you read back through the thread, you'll find everyone else gets this error and you'll also find it's harmless.

Share this post


Link to post
3 minutes ago, j0nnymoe said:

If you read back through the thread, you'll find everyone else gets this error and you'll also find it's harmless.

Thanks

Share this post


Link to post

So really odd problem. Trying to setup OMBI as a subdomain. Done this many times before so pretty much have it down pat. Copy the sample and configure it. Everything looks great but it won't work. SSL problems it says. So then I change most host records and point the nginx server directly instead of going through my cloudflare/router and it works with port 4431. So think "ok this is weird shit". So I then put the OMBI port behind my warden subdomain. Works perfect. So then I think "ok config is hosed" and copy warden config into ombi config changing relevant things to make it work with ombi. Restart nginx and try to hit the subdomain again.. Nope SSL problems again. Stick it behind warden subdomain no problems. Infact any work domain no problems. Only the one that I just setup for OMBI doesn't work. Is there a way to see exactly what NGINX is seeing? I couldn't find a way to turn on debug logging in the config and didn't want to hose my current working one.

Share this post


Link to post

Hi,

 

I thought letscrypt renews certificates as they expire. I'm getting a message saying my certificate expired on the 2nd june.

Is there a way to fix this ?

 

Also getting the LUA errors which from what I can see I can ignore?

Quote

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size

 

But the bottom bit regarding the variables_hash ?

 

Thanks

 

Share this post


Link to post
3 hours ago, Lien1454 said:

Hi,

 

I thought letscrypt renews certificates as they expire. I'm getting a message saying my certificate expired on the 2nd june.

Is there a way to fix this ?

 

Also getting the LUA errors which from what I can see I can ignore?

 

But the bottom bit regarding the variables_hash ?

 

Thanks

 

Open your domain in a better and click on the lock to see if it really expired

 

If so, check the log in the config folder under letsencrypt to see why the renewal failed

Share this post


Link to post
Posted (edited)

Solved my problem with regard to accessing nextcloud (and other letsencrypt'd containers) from within the same LAN on a ubiquiti edgerouter setup.  Posting here in case it might be of any use to others, including @kelmino

 

I'm pretty sure that the issue was the "LAN interface" setting under Port Forwarding options in EdgeOS.  This setting needs to be "switch0" and nothing else on an edgerouter.  Both myself and kelmino had several LAN interfaces set to various ethernet ports here, which seems to make sense at first and doesn't cause any issues with port forwarding when dealing with incoming connections from the outside internet.  After reading ubiquiti's edgerouter port forwarding documentation and especially this ubiquiti forum post linked therewithin, I now realize that was incorrect.  Having "LAN interface" set incorrectly prevents the hairpin NAT feature from working with the auto firewall rules, preventing local access.

 

For transparency, I'm guilty of changing too many variables at once here and it is entirely possible that the fix was actually starting from a fresh config on edgeos v2.0.3 rather than using an old config migrated from v1.10.5.  I doubt that is the case though, as the only functional differences between my current config and a backup of the old config is the LAN interface options.  While troubleshooting this I updated my firmware to v2.0.3.  After that I reverted to the default config, ran the basic setup wizard, then manually re-created my small amount of port forwarding rules exactly as they were aside from the above mentioned change to the LAN interface list. 

 

If any ubiquiti users are still having issues with this specific issue (external access works, local access doesn't) after making this change, @ me and I'll try to help (even though I'm far from an expert)

 

See below for a screenshot of the port forwarding screen from my now-functioning setup:

 

Untitled.png.0a0a299a96663f366664ffd1ce522abe.png

Edited by deepthought

Share this post


Link to post

Started getting:

Quote

nginx: [emerg] cannot load certificate "/config/keys/letsencrypt/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

I'm working on figuring out the fix.

Share this post


Link to post
Started getting:
nginx: [emerg] cannot load certificate "/config/keys/letsencrypt/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
I'm working on figuring out the fix.
What does this mean exactly? Mine is saying it too

Sent from my SM-G975U using Tapatalk

Share this post


Link to post
Posted (edited)
26 minutes ago, blaine07 said:

What does this mean exactly? Mine is saying it too emoji848.png

Sent from my SM-G975U using Tapatalk

The Certificate expired, but I don't know why it stopped renewing itself. A docker restart didn't fix it. I'm asking in the LS.io discord.

 

Fix by:

Quote

Delete the /config/etc folder and restart the container.

 

Edited by SteelzFinest

Share this post


Link to post

Is there a way to configure the conf files to forward http requests to https requests. So when I go to http://subdomain.domain.com I want it to auto forward to https://subdomain.domain.com

 

Thanks,

Share this post


Link to post
 
That's funny because a bit back my certs all expired. Had to add a fictitious site to Letsencrypt, start service and let it error, delete fictitious and restart again to get all the certs to renew.

Sent from my SM-G975U using Tapatalk

Share this post


Link to post
5 hours ago, blaine07 said:

That's funny because a bit back my certs all expired. Had to add a fictitious site to Letsencrypt, start service and let it error, delete fictitious and restart again to get all the certs to renew.

Sent from my SM-G975U using Tapatalk
 

Good to know! But I thought LetsEncrypt kept the certs updated automagically.

Share this post


Link to post
Good to know! But I thought LetsEncrypt kept the certs updated automagically.
Last time mine needed them updated it didnt do it on its own... couple accounts of it NOT doing it on it's own in previous pages. No idea who what why but

Sent from my SM-G975U using Tapatalk

Share this post


Link to post
5 hours ago, Riotz said:

Is there a way to configure the conf files to forward http requests to https requests. So when I go to http://subdomain.domain.com I want it to auto forward to https://subdomain.domain.com

 

Thanks,

Check line 4 of the default site config

Share this post


Link to post
23 minutes ago, blaine07 said:

Last time mine needed them updated it didnt do it on its own... couple accounts of it NOT doing it on it's own in previous pages. No idea who what why but emoji2373.png

Sent from my SM-G975U using Tapatalk
 

It's usually because the user makes changes to either port 80 mapping or their dns settings so validation fails

Share this post


Link to post
It's usually because the user makes changes to either port 80 mapping or their dns settings so validation fails
No disrespect: I don't know how that is done so if I did it was unintentional. Is it possible unintentionally?

Sent from my SM-G975U using Tapatalk

Share this post


Link to post
2 hours ago, blaine07 said:

No disrespect: I don't know how that is done so if I did it was unintentional. Is it possible unintentionally?

Sent from my SM-G975U using Tapatalk
 

Check the log folder, under letsencrypt and it will tell you exactly why the renewal failed. Then you can figure out what you may or may not have done

Share this post


Link to post
Check the log folder, under letsencrypt and it will tell you exactly why the renewal failed. Then you can figure out what you may or may not have done
I see "Cert not yet due for renewal" and "No renewals were attempted. No hooks were run."

Meh was just curious why we was getting error above but that doesn't seem related to error a few posts up?

Sent from my SM-G975U using Tapatalk

Share this post


Link to post
Posted (edited)

I'm having a little issue. My modem went dead and I got a new one. Previously I was using a separate router but my new modem is a modem/router. I had this docker set up with Ombi and a dynamic DNS. I don't think this is an Ombi issue so I'm asking here. I could access my Ombi page over the internet. Well now I don't know what's going on but nothing seems to be working. I tried so many different troubleshooting steps that now I'm all turned around and can't make any assumptions as to what I did or didn't do. What I do know is:

1. I can't get the dynamic dns to work in my router but that's tabled because...

2. I cannot access Ombi from outside my network just using my ip address either

3. I have port 80 and 443 forwarded to my unraid server

4. I have the letsencrypt docker settings for domain and subdomain correct for my dynamic dns

5. I have the letsencrypt docker ports mapped as

172.17.0.3:443/TCP192.168.1.2:443
172.17.0.3:80/TCP192.168.1.2:8008

6. There are no errors in the letsencrypt docker log

7. If I try to go to the letsencrypt webui through the unraid docker back I get "ERROR_INTERNET_SEC_CERT_REVOKED", which I find strange as there are no errors in the log  That happens in Edge. When I use Chrome it says the cert is wrong because it's for my dns subdomain and not my internal IP. I expected that, make an exception, and it loads using my internal IP.

8. I know this sounds crazy but my sister has no problems accessing the Ombi app that this is linked to. I actually got a requests from here the other day. I'm completely baffled why she is the only one that can access it outside my network.

9. I do IT professionally but I really LOATHE networking

 

I'm all sorts of turned around. I might try and just put my old router back and turn off the router features on my modem but I don't think that will help anyway. I'll try as a last resort though. Any ideas?

Edited by bobbintb

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.