January 14, 20188 yr @CHBMB that means it‘s working for you under 6.4? I have altered my post and it shows that there is an issue with port 443 already assigned. Gesendet von iPad mit Tapatalk
January 14, 20188 yr 2 minutes ago, EdgarWallace said: @CHBMB that means it‘s working for you under 6.4? I have altered my post and it shows that there is an issue with port 443 already assigned. Gesendet von iPad mit Tapatalk Port 443 is probably already assigned by the Unraid webui. Settings => Identification => SSL....
January 14, 20188 yr Yes it was - I was not aware it's simply "allowed" to modify the unRAID's webui Port 443. I just changed it towards 442 and all is working again. I do believe that some will fall into that trap as well as soon as they are updating. Maybe @aptalca you could add this to your great guide? Thanks @aptalca and @CHBMB
January 14, 20188 yr My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues.https://lime-technology.com/applications/tapatalk/index.php?/topic/51808-[support]-Linuxserver.io---Letsencrypt-(Nginx)#entry619712Sent from my LG-H815 using Tapatalk
January 14, 20188 yr 1 hour ago, EdgarWallace said: Yes it was - I was not aware it's simply "allowed" to modify the unRAID's webui Port 443. I just changed it towards 442 and all is working again. I do believe that some will fall into that trap as well as soon as they are updating. Maybe @aptalca you could add this to your great guide? Thanks @aptalca and @CHBMB It's already mentioned in the release thread and release notes in the webui of unraid 6.4 that it now uses port 443. Edited January 14, 20188 yr by saarg
January 14, 20188 yr Sorry to add to the list of people with probably obvious issues but I'm having trouble getting this working too. I've been using it through the RC's and have unraid set to port 444 to avoid the clash. It was working fine before the CA change. I've followed the instructions above (thank you) and set the HTTPVAL flag to true. I'm using port 81 for the docker and have port 80 fwd to 81 in my router. I'm getting this error which I can't see is happening for anyone else... Failed authorization procedure. <redacted>.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://<redacted>.unraid.net:444/.well-known/acme-challenge/QaX0x01RBkOvVSiPIP5VlKlhGyQDYNZXTuanOrzQ-n0: Invalid port in redirect target. Only ports 80 and 443 are supported, not 444 Startup command; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="<redacted>" -e "URL"="duckdns.org" -e "SUBDOMAINS"="<redacted>" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Edited January 14, 20188 yr by upthetoon
January 14, 20188 yr My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. Here is my run command I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues. PS, this is a repost. i deleted my previous one and added this run command.
January 14, 20188 yr 11 minutes ago, mrangryoven said: This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. I'd guess that you can't prove ownership of duckdns.org, therefore the attempt to prove your ownership is failing. Domain Name = Yourdomain.duckdns.org Sub domains = www,ftp,etc
January 14, 20188 yr 1 hour ago, mrangryoven said: My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. Here is my run command I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues. PS, this is a repost. i deleted my previous one and added this run command. I have exactly the same issue. It was running fine last week and now all of a sudden it stopped working. Maybe it has something to do with this: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 Edit: solved the problem, thanks @CHBMB. Set HTTPVAL to 'true' and forwarded external port 80 to internal 81. Edited January 14, 20188 yr by riffles21 problem solved
January 14, 20188 yr Great, I tried a bunch of things before seeing this thread and now i am banned for a week. All my services are now down for a week without a way around them? This is pretty crap.
January 14, 20188 yr 2 minutes ago, RAINMAN said: Great, I tried a bunch of things before seeing this thread and now i am banned for a week. All my services are now down for a week without a way around them? This is pretty crap. Welcome to the 21st century.
January 14, 20188 yr 20 hours ago, izarkhin said: In the container map port 80 to some other port (8083 in this case): In the container advanced settings set HTTPVAL to true: On the router forward port 80 to the same port you mapped your container's port 80 to (port 8083 ion this case): Ah, it was under the Advanced Settings. I missed that. Thank you! And now I get this error: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... DH parameters bit setting changed. Deleting old dhparams file. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ....................................................................................................................+...............................................................................................................................+.......+.............................................................................................................+...........................................................................................................+.........................................................................................+..........................................................................................................................................................+.............................................................................................................................+........................................+....................................................................................................+...+...................................................................+...................................................................................................................................................................................+..................................................................................................................................................................................+.......................................................................+...............................................+...............................................................................+................................................................................................................+..................................................................................+.......................+...................................................................................................................................................................................................................................................................+...........................+.........................................................................................................+.................................................................................................+...............................................................................................................................................................+..........................+.............+......+..........+............................................................................................................................................................................................................+........................................................................................................+.....................................................................................................................+.............................+.............................................+....+...............................................................+............................................................................................+................+...................................................+........................................................................................................................................................+....................................................................+...................................+...+.....................................+..................................................................+.....+......................................+..................................................+.....................................................+........................................................................+..................................................................+......+..............................................................................................................................................................................................+......+......+....................................................................................................................................................................................................................................++*++* DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d webb.duckdns.org E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for webb.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. webb.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webb.duckdns.org/.well-known/acme-challenge/RrOIRCumpKol_Q0gFd_-1NHrtiAdj9-v6CDTfn3eOVg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: webb.duckdns.org Type: unauthorized Detail: Invalid response from http://webb.duckdns.org/.well-known/acme-challenge/RrOIRCumpKol_Q0gFd_-1NHrtiAdj9-v6CDTfn3eOVg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container And the pictures and from my Firewall (UniFi Security Gateway 3P) and the docker config
January 14, 20188 yr 24 minutes ago, riffles21 said: Maybe it has something to do with this: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 It has everything to do with that, @aptalca has had to re-implement the authorisation of this container completely. It's not a problem with the container, it's LetsEncrypt changing how they do things.
January 14, 20188 yr @Muff Looks like you're forwarding 80 and 81 externally to 80 & 81 internally. You need to forward 80 externally to 81 internally.
January 14, 20188 yr Is there any way to start the docker with the old certificates and bypass the removing and attempt at reissue? I have backups but if i add them in they get distroyed when the container starts.
January 14, 20188 yr 20 minutes ago, CHBMB said: @Muff Looks like you're forwarding 80 and 81 externally to 80 & 81 internally. You need to forward 80 externally to 81 internally. Ah, I didn't know what I was thinking when I grouped all my ports on both Source and Destination so I split them up now and it's working. Thank you!
January 14, 20188 yr 10 minutes ago, RAINMAN said: Is there any way to start the docker with the old certificates and bypass the removing and attempt at reissue? I have backups but if i add them in they get distroyed when the container starts. I suppose you could use the regular nginx container and configure it to use your backed up certs
January 14, 20188 yr Posting this again so it remains seen! Anyone needing help. Read this first.....
January 14, 20188 yr 4 hours ago, CHBMB said: That looks like everything is working fine to me. Sent from my LG-H815 using Tapatalk Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along..
January 14, 20188 yr 7 minutes ago, Dhagon said: Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along.. Sounds like a NAT reflection issue to me.
January 14, 20188 yr 8 minutes ago, Dhagon said: Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along.. There are two issues at play. Firstly LetsEncrypt have changed the method used to issue certs. The second issue is Unraid itself on v6.4.0 has implemented a system using LetsEncrypt. It sounds like you've sorted the first issue, in that your certs have been issued. Whether the second issue is contributing to your ongoing problem I couldn't say, but it may be worth delving into.
January 14, 20188 yr 3 hours ago, CHBMB said: What had you got in DOMAIN NAME? If you don't want to post it in public can you PM me? I have a theory.... Let me know if you need more info on this - This was my issue as well. turning on subdomains only fixes everything except the root site.
January 14, 20188 yr 1 minute ago, steve1673 said: Let me know if you need more info on this - This was my issue as well. turning on subdomains only fixes everything except the root site. Please PM me what you have in DOMAIN NAME.
January 14, 20188 yr Posting this again so it remains seen! Anyone needing help. Read this first..... Edited January 14, 20188 yr by CHBMB
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.