Jump to content
linuxserver.io

[Support] Linuxserver.io - Letsencrypt (Nginx)

4127 posts in this topic Last Reply

Recommended Posts

So it seems a Hikvision surveillance camera that is on the same network was somehow hijacking the portforwad.  Removed from network and the container is now running as it was.

 

Thanks to @CHBMB for troubleshooting with me.

Share this post


Link to post

Hello, since start this year i get following error in the log:

"Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. "

and i found this:

https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983

 

it seems we need a new update to it?

 

Regards and Thanks for help

 

Share this post


Link to post
1 hour ago, bengele said:

Hello, since start this year i get following error in the log:

"Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. "

and i found this:

https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983

 

it seems we need a new update to it?

 

Regards and Thanks for help

 

 

Read the last few pages or the docker info

Share this post


Link to post
5 hours ago, bengele said:

Hello, since start this year i get following error in the log:

"Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. "

and i found this:

https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983

 

it seems we need a new update to it?

 

Regards and Thanks for help

 

 

 

Share this post


Link to post

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

My letsencrypt just broke with the above error.

I have read that certbot has changed the way it works externally.

Does this mean that this docker is broken till further notice? 

Will my other servers stop when their certificate expires?

 

Edited by Jessie

Share this post


Link to post
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
My letsencrypt just broke with the above error.
I have read that certbot has changed the way it works externally.
Does this mean that this docker is broken till further notice? 
Will my other servers stop when their certificate expires?
 
Read my post above yours

Sent from my LG-H815 using Tapatalk

Share this post


Link to post

EDIT - Sorry - set http val to true and appears to have solved the issue.

 

Hi guys, I am having some issues.  Logs, settings, and router settings attached.  Thanks for the help.

Log.PNG

Router.PNG

Settings.png

Edited by statecowboy

Share this post


Link to post

@statecowboy  Can you post your docker run command so I can be absolutely sure what is happening,  the template doesn't always show everything.  But it looks like you've got no HTTPVAL variable.

Share this post


Link to post
1 hour ago, CHBMB said:

@statecowboy  Can you post your docker run command so I can be absolutely sure what is happening,  the template doesn't always show everything.  But it looks like you've got no HTTPVAL variable.

Hi - I'm sorry for wasting your time, but it turned out I did not set http val to "true" in my config.  Doing so fixed the problem.  Everything is working now.

 

Thank you.

Share this post


Link to post
7 minutes ago, statecowboy said:

Hi - I'm sorry for wasting your time, but it turned out I did not set http val to "true" in my config.  Doing so fixed the problem.  Everything is working now.

 

Thank you.

 

Dude, you posted almost all the info we needed, no need to apologise. ;)

 

Share this post


Link to post
58 minutes ago, CHBMB said:

 

Dude, you posted almost all the info we needed, no need to apologise. ;)

 

Thanks.  Quick question, when editing my default nginx config should I be editing the appdata/nginx/sit-confs location or the appdata/letsencrypt/nginx/sit-confs location?

 

Thanks

Share this post


Link to post

nginx, there shouldn't be a letsencrypt/site-confs folder.

Share this post


Link to post
2 minutes ago, CHBMB said:

nginx, there shouldn't be a letsencrypt/site-confs folder.

Hm.  I must have screwed something up on initial install then.  I had an NGinx subfolder inside of letsencrypt first go round.  Thanks for clarifying.

Share this post


Link to post

@statecowboy Oh I see what you mean, looking at your config it's letsencrypt

 

/mnt/user/appdata/letsencrypt/nginx/site-confs/

 

Edited by CHBMB

Share this post


Link to post
8 hours ago, CHBMB said:

Read my post above yours

Sent from my LG-H815 using Tapatalk
 

So I've made httpval = true.

pointed port 80 to the unraid server.

I tried to change the http setting in the docker panel to 80 but it fails.

It says 80 is already allocated, though I'm not sure to what. 

Back to 8088 which was my previous setting.  It starts but no certificate.

I checked previous posts but missed the answer if it is there.  

Will you be updating your guide to give us a hint?

Does the docker still work?

Share this post


Link to post
So I've made httpval = true.

pointed port 80 to the unraid server.

I tried to change the http setting in the docker panel to 80 but it fails.

It says 80 is already allocated, though I'm not sure to what. 

Back to 8088 which was my previous setting.  It starts but no certificate.

I checked previous posts but missed the answer if it is there.  

Will you be updating your guide to give us a hint?

Does the docker still work?

Post the info we asked for and we can tell you where you're going wrong. Unraid webui is running on port 80 for starters.

 

The github instructions are correct, the issue tends to be people not understanding ports.

 

Sent from my LG-H815 using Tapatalk

 

 

 

Share this post


Link to post
11 hours ago, CHBMB said:

Post the info we asked for and we can tell you where you're going wrong. Unraid webui is running on port 80 for starters.

 

The github instructions are correct, the issue tends to be people not understanding ports.

 

Sent from my LG-H815 using Tapatalk

 

 

 

Ahh I get it.  Sorry I'm still getting my head around finding things in this forum.  I didn't go back far enough.

 

If anyone is interested and had a previously working Letsencrypt docker which stopped:-

 

Change container port 80 to something that is not 80 on the docker config page.  (I used 8088)

Go to advanced settings on the Docker config page and make HTTPVAL: = true.

 

In your router, point external port 80 to internal port 8088 (or the internal port of your choice) to the ip address of the unraid server.

All other settings as you had them.

(The rest of it was set up as per CHBMB's Guide)

Restart the Dockers.

 

Worked for me.

 

image.thumb.png.7b2e8fb53e6c508fae4499a7b5b83085.png

image.thumb.png.7e5e3b022a025994848799bd4aef918d.png

Share this post


Link to post
On 1/21/2018 at 7:09 PM, CHBMB said:

 

God only knows what you actually need in the script, but -v means it can be mounted in the volume bit of your template, like this.....

 

0h4yP6R.png

 

Just make sure you've chmod +x and it has the right perms.

If I have gotten as far as installing it through a startup script. (yay)

How do I properly bash into the docker?

If I use docker attach I just end up in what seems to be the log output. No ability to execute commands like cd or apk etc.

I would like to call composer manually through ssh via the docker. On a other docker I can attach and execute commands.

 

Am I missing something here?

Share this post


Link to post
If I have gotten as far as installing it through a startup script. (yay)

How do I properly bash into the docker?

 

If I use docker attach I just end up in what seems to be the log output. No ability to execute commands like cd or apk etc.

I would like to call composer manually through ssh via the docker. On a other docker I can attach and execute commands.

 

Am I missing something here?

docker exec -it letsencrypt bash

 

Sent from my LG-H815 using Tapatalk

 

 

 

Share this post


Link to post
On 1/25/2018 at 3:48 PM, GilbN said:

And I dont use qbittorrent. So I didnt really test it. If you dont figure it out you could try sub domain. 

 

This worked better. 

 


server {
		listen 80;	
		listen 443 ssl http2;
		server_name qbit.domain.com;
			

location / {
    proxy_pass  http://192.168.1.34:8080;
    proxy_set_header   X-Forwarded-Host  $host:$server_port;
    proxy_hide_header  Referer;
    proxy_hide_header  Origin;
    proxy_set_header   Referer           '';
    proxy_set_header   Origin            '';
	add_header X-Frame-Options "SAMEORIGIN";			
    }
}

 

Thanks got it all sorted by adding my keys:

 

server {
		listen 80;	
		listen 443 ssl http2;
		server_name qbit.domain.com;
			
        # Ensure these lines point to your SSL certificate and key
        ssl_certificate /config/etc/letsencrypt/live/domain.duckdns.org/fullchain.pem;
        ssl_certificate_key /config/etc/letsencrypt/live/domain.duckdns.org/privkey.pem;
			
			
		location / {
			proxy_pass http://192.168.50.84:8080/;
			proxy_set_header   X-Forwarded-Host  $host:$server_port;
			proxy_hide_header  Referer;
			proxy_hide_header  Origin;
			proxy_set_header   Referer           '';
			proxy_set_header   Origin            '';
			add_header X-Frame-Options "SAMEORIGIN";			
    }
}

 

Share this post


Link to post
On 29.1.2018 at 10:16 AM, CHBMB said:

 

 

 

i apologize for not reading the full thread, i got a Space in the "True" of val ("True "). 

So now is everything fine again. I thank you for this great support :) 

Share this post


Link to post
25 minutes ago, KeithG said:

Hello,

 

I'm wondering if this docker has support for IMAP / SMTP proxying? 

 

I read that is possible (https://www.nginx.com/resources/admin-guide/mail-proxy/)  but didn't know if the required Mail Modules were included.  I didn't see mention of them on the GitHub page so I thought I'd ask :)

 

Thanks!

 

Not sure, but probably. All official modules are included. Try it and see. If they are not in and we can add them, we will. 

Share this post


Link to post
3 minutes ago, aptalca said:

 

Not sure, but probably. All official modules are included. Try it and see. If they are not in and we can add them, we will. 

 

Will do.  Thanks for the info.

Share this post


Link to post

So I was looking through my docker settings cleaning stuff up and noticed I had a typo in my email address.  I changed it not even thinking about the fact this would mess up with cert.  Can someone please tell me how to force it to re-issue a new cert?  I tried simply restarting the docker but that did not work.

 

This is the error I'm getting now:

nginx: [emerg] duplicate upstream "backend" in /config/nginx/site-confs/default.bak:1
 

Edited by statecowboy

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.