Lebowski Posted August 17, 2017 Share Posted August 17, 2017 managed to get this from the logs, I understand about the registration error, but not sure on the other errors [cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ******.duckdns.orgE-mail address entered: *******@gmail.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. Quote Link to comment
Lebowski Posted August 17, 2017 Share Posted August 17, 2017 well, I just removed the docker and the folder and set it up again, seems to be working now Quote Link to comment
technologiq Posted August 17, 2017 Share Posted August 17, 2017 (edited) Edit: I'm a dumbass - port 443 wasn't forwarded....... I too am having issues with this docker. I've removed it and reinstalled it several times (including removing the appdata folder for letsencrypt). I've tried different ports. I'm getting the following error: Failed authorization procedure. technologiq.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout I've double checked and made sure my port forwarding (Ubiquiti ER3) is working correctly. It appears that NGINX isn't even starting up to respond to the request in the first place. Any ideas? Edited August 17, 2017 by technologiq Quote Link to comment
CHBMB Posted August 17, 2017 Share Posted August 17, 2017 For the record, none of the problems people are having are the container, each and every one has been config.Yours looks like letsencrypt can't validate your domain so without that nginx won't start.Sent from my LG-H815 using Tapatalk Quote Link to comment
unraid_countryboy Posted August 25, 2017 Share Posted August 25, 2017 (edited) Hello All! New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down: GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...generating self-signed keys in /config/keys, you can replace these with your own keys if requiredGenerating a 2048 bit RSA private key...........+++.....................+++writing new private key to '/config/keys/cert.key'-----Subject Attribute /C has no known NID, skipped[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completedGenerating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long timeDH parameters successfully created - 2048 bitsSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ***********.ddns.netE-mail address entered: ******.*******@outlook.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist...... Edited August 25, 2017 by unraid_countryboy Quote Link to comment
aptalca Posted August 25, 2017 Share Posted August 25, 2017 Hello All! New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down: GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...generating self-signed keys in /config/keys, you can replace these with your own keys if requiredGenerating a 2048 bit RSA private key...........+++.....................+++writing new private key to '/config/keys/cert.key'-----Subject Attribute /C has no known NID, skipped[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completedGenerating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long timeDH parameters successfully created - 2048 bitsSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ***********.ddns.netE-mail address entered: ******.*******@outlook.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist......The certs weren't generated properly (could be a port forwarding or a dns issue) them you tried it too many times unsuccessfully and now letsencrypt servers are throttling you. Try putting in your custom domain (including your custom subdomain) as the url, and enter a subdomain like www, don't set only subdomains to true. Sometimes when you change the subdomains around you can get around the throttling issue. You still have to fix the dns or port issue. If that doesn't work, you'll have to wait until letsencrypt accepts requests from you again Quote Link to comment
nephatrine Posted August 28, 2017 Share Posted August 28, 2017 Any way the php7-phar package can be added in the next build? There are a number of flat-file CMS systems like 'grav' and 'pico' that use composer/phar to perform installation. Quote Link to comment
CHBMB Posted August 29, 2017 Share Posted August 29, 2017 Yeah, we can do that.Sent from my LG-H815 using Tapatalk Quote Link to comment
richowen Posted September 1, 2017 Share Posted September 1, 2017 I've been getting cert errors in firefox the last few days, dunno if its me, firefox or letsencrypt, but Ive deleted my keys folder and rebuilt and it still happeneing, works fine in chrome/edge though. Quote Link to comment
DZMM Posted September 2, 2017 Share Posted September 2, 2017 I've got this working for plrx, ombi and calibre-web from external locations, but on my home network I can't access mydomain.com/plex - is this normal or am I missing something fundamental? In my pfsense router I've forwarded all WAN traffic to 443 to unRAID, and I'm guessing I need to find a way to forward local traffic to my mydomain.com/plex to unraid as well? Thanks in advance # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https #server { # listen 80; # server_name _; # return 301 https://$host$request_uri; #} # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'XXXXXXXX'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } #calibre-web location /books { proxy_bind $server_addr; proxy_pass http://172.30.12.2:8086; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /books; } #PLEX location /web { # serve the CSS code proxy_pass http://172.30.12.2:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://172.30.12.2:32400/web; } #Ombi location /plexrequest { include /config/nginx/proxy.conf; proxy_pass http://172.30.12.97:3579/plexrequest; } Quote Link to comment
JonathanM Posted September 2, 2017 Share Posted September 2, 2017 47 minutes ago, DZMM said: on my home network I can't access mydomain.com Look up NAT reflection or loopback. https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks 2 Quote Link to comment
DZMM Posted September 2, 2017 Share Posted September 2, 2017 3 hours ago, jonathanm said: Look up NAT reflection or loopback. https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks Well, that was easy when you know where to look!!! I followed the link and used Method 2 for Split DNS by adding a host override for my domain in DNS Resolver pointing the domain to my unRAID box's IP. Works much better than it did via my BT HH5 router, which used to send the request out to the internet and then receive it back, to send out again...now it's super-fast as loading locally. If only every webpage was this fast! Thanks @jonathanm - another reason to love the control of pfsense Quote Link to comment
doremi Posted September 4, 2017 Share Posted September 4, 2017 (edited) Hi guys, I keep seeing these errors during cert renewal even though the certs are renewed successfully. cronjob running on Mon Sep 4 16:07:17 AEST 2017 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.XXX.com.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Running pre-hook command: s6-svc -d /var/run/s6/services/nginx Hook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111 Error output from s6-svc: s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/www.XXX.com/fullchain.pem ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: Has anyone encountered these before and what's the resolution please? Cheers. Edited September 4, 2017 by doremi More info added. Quote Link to comment
aptalca Posted September 4, 2017 Share Posted September 4, 2017 Hi guys, I keep seeing these errors during cert renewal even though the certs are renewed successfully. cronjob running on Mon Sep 4 16:07:17 AEST 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/www.XXX.com.conf-------------------------------------------------------------------------------Cert is due for renewal, auto-renewing...Running pre-hook command: s6-svc -d /var/run/s6/services/nginxHook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111Error output from s6-svc:s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory-------------------------------------------------------------------------------new certificate deployed without reload, fullchain is/etc/letsencrypt/live/www.XXX.com/fullchain.pem-------------------------------------------------------------------------------Congratulations, all renewals succeeded. The following certs have been renewed: Has anyone encountered these before and what's the resolution please? Cheers.That's harmless. It's trying to reload nginx after cert renewal but failing, because nginx is not running yet, since the renewal script is running during container start. Nginx will be started later with the new certs loaded. If the script was running via cron at 2am, nginx would have been running, and would have been reloaded properly.Either way everything works fine. 1 Quote Link to comment
allanp81 Posted September 4, 2017 Share Posted September 4, 2017 Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed. How can I get around this? Quote Link to comment
aptalca Posted September 4, 2017 Share Posted September 4, 2017 Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed. How can I get around this?If you remove the subdomains field in the container settings, that change should persist through updates. If it doesn't, it's an unraid gui issue. Quote Link to comment
allanp81 Posted September 4, 2017 Share Posted September 4, 2017 Yes it seems to reinstate it when there is an update for the docker. What would you suggest? Remove the container and reinstall (without removing the config directory?). Quote Link to comment
Crash Posted September 4, 2017 Share Posted September 4, 2017 (edited) I'm kind of stuck. I'm using this container's nginx to proxy some things (including directories), and then using another url to reverse proxy again. When I do this, I get an auth prompt. Accessing the DDNS url directly, there's no auth prompt. Reversing proxying from my other server's url does. Is this a fail2ban thing? I tried disabling fail2ban completely to no avail, and there's no lines in my config (on either server) that would prompt for authentication. EDIT: Nevermind, I was pointing it to http instead of https in the second server's proxy config. Whoops! Edited September 4, 2017 by Crash Quote Link to comment
CHBMB Posted September 4, 2017 Share Posted September 4, 2017 Sounds like there's some auth function in there somewhere and I don't think it's anything to do with fail2ban. Why not post some redacted config files? Quote Link to comment
kaiguy Posted September 4, 2017 Share Posted September 4, 2017 If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward... Quote Link to comment
aptalca Posted September 5, 2017 Share Posted September 5, 2017 If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...If the unraid rc truly requires port 443, then you would only need a new ip with port 443 open for the letsencrypt container, not the rest of the containers.I believe the new unraid rc uses a limetech hosted ddns and gets the certs for the addresses on their server (everyone gets a randomized unique string added to limetech's address). The certs would not be for your own domain, but the custom domain limetech assigns you. Theoretically they should be able to let you use a different port for the connection between their server and yours, although I'm not sure if that's implemented. Quote Link to comment
upthetoon Posted September 5, 2017 Share Posted September 5, 2017 19 hours ago, kaiguy said: If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward... Seeing the same issue on rc8q; Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in useError: failed to start containers: letsencrypt Quote Link to comment
aptalca Posted September 5, 2017 Share Posted September 5, 2017 2 hours ago, upthetoon said: Seeing the same issue on rc8q; Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in useError: failed to start containers: letsencrypt Your issue is that unraid gui is using port 443 See if you can turn off https in unraid settings. Then you should be fine Quote Link to comment
upthetoon Posted September 6, 2017 Share Posted September 6, 2017 14 hours ago, aptalca said: Your issue is that unraid gui is using port 443 See if you can turn off https in unraid settings. Then you should be fine I couldn't see an obvious way to turn off https in unraid. I changed the secure port number in unraid which I don't think is a long term solution but has done the trick for now! Quote Link to comment
Benni-chan Posted September 6, 2017 Share Posted September 6, 2017 an other way would be, to assign some other port number to your letsencrypt container (for example: container port 443 -> host port 8062). then change the port forwarding in your router to incoming port 443 -> 8062 on your unraid machine then the reverse proxy should work as before Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.