daniel329 Posted January 21, 2018 Share Posted January 21, 2018 (edited) Oh my word it's 2AM and I'm SO close to getting this working. My other services like sonarr and such are working fine through my duckdns.org domain but NextCloud is throwing a bad gateway error through the domain and when I load the WebUI from UnRaid it just takes me back to the home page of the unraid screen. I have no idea what I'm doing wrong at this point and I would just pay someone to remote in and fix it for me if anyone is interested. Logs are clean. Edited January 21, 2018 by daniel329 Quote Link to comment
aptalca Posted January 21, 2018 Share Posted January 21, 2018 8 hours ago, strike said: So I finally got around to updating this container. I've been following this thread and expected the container to throw errors and not start until I added the HTTPVAL variable. But it didn't, it started fine with no errors. But maybe this is because my cert is not yet due for renewal? It says so in the log anyway. Or am I missing something here? ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d subdomain.domain.com E-mail address entered: [email protected] <-------------------------------------------------> <-------------------------------------------------> cronjob running on Sun Jan 21 04:48:45 CET 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/subdomain.domain.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal ------------------------------------------------------------------------------- The following certs are not due for renewal yet: /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem (skipped) No renewals were attempted. No hooks were run. ------------------------------------------------------------------------------- [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready You're good until your cert is about to expire, or until you make changes to the subdomains, whichever comes first Quote Link to comment
aptalca Posted January 21, 2018 Share Posted January 21, 2018 5 hours ago, daniel329 said: Oh my word it's 2AM and I'm SO close to getting this working. My other services like sonarr and such are working fine through my duckdns.org domain but NextCloud is throwing a bad gateway error through the domain and when I load the WebUI from UnRaid it just takes me back to the home page of the unraid screen. I have no idea what I'm doing wrong at this point and I would just pay someone to remote in and fix it for me if anyone is interested. Logs are clean. It seems you changed the container port of nextcloud to 444, that should be 443 Can you access it directly? I bet not Quote Link to comment
strike Posted January 21, 2018 Share Posted January 21, 2018 3 hours ago, aptalca said: You're good until your cert is about to expire, or until you make changes to the subdomains, whichever comes first Got it, thanks! Quote Link to comment
Arndroid Posted January 21, 2018 Share Posted January 21, 2018 If I'd request Composer to be added to this Docker, would that be out of line? Since, if I would install it myself onto this Docker via Bash, it would be gone if I install a update of this Docker, right? Quote Link to comment
CHBMB Posted January 21, 2018 Share Posted January 21, 2018 (edited) 11 minutes ago, Arndroid said: If I'd request Composer to be added to this Docker, would that be out of line? Since, if I would install it myself onto this Docker via Bash, it would be gone if I install a update of this Docker, right? Yes, but you could get around this by mapping a script into the container. An example of this would be here... Edited January 21, 2018 by CHBMB Quote Link to comment
Arndroid Posted January 21, 2018 Share Posted January 21, 2018 There doesn't seem to be an event for "after updating Docker X", only cron jobs or Array events, but I can run it manually. But that might possibly kinda work, yea. Let the script bash into the docker, and execute a install composer command again. My familiarity with Composer is quite minimal still. I am not sure if it needs to retain some data (which would be lost) in order to keep working with some composer projects. ((Like globally) installed dependencies etc.) Quote Link to comment
CHBMB Posted January 21, 2018 Share Posted January 21, 2018 (edited) 1 minute ago, Arndroid said: There doesn't seem to be an event for "after updating Docker X", only cron jobs or Array events, but I can run it manually. But that might possibly kinda work, yea. Let the script bash into the docker, and execute a install composer command again. My familiarity with Composer is quite minimal still. I am not sure if it needs to retain some data (which would be lost) in order to keep working with some composer projects. ((Like globally) installed dependencies etc.) Just make sure the script you use has all the dependencies you require. Key after that will be making sure any user config data is kep in /config somewhere. You can map files as well as directories, so it should be possible, but, like you I have no experience with composer. Also I edited my first post with a different method that I originally suggested. Edited January 21, 2018 by CHBMB Quote Link to comment
Arndroid Posted January 21, 2018 Share Posted January 21, 2018 1 hour ago, CHBMB said: Yes, but you could get around this by mapping a script into the container. An example of this would be here... Thanks! So I should put something like: -v /tmp/user.scripts/dockerScripts/Add Composer To Docker/script:/etc/cont-init.d/40-composer Under "Post Arguments:" in the Letsencrypt Docker Template, right? And than in the Bash script file to which I point it, just do something like: #!/bin/sh cd /tmp php -r "copy('https://getcomposer.org/installer', '/tmp/composer-setup.php');" php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer composer --version #echo composer version to log to verify installation Quote Link to comment
CHBMB Posted January 21, 2018 Share Posted January 21, 2018 (edited) 38 minutes ago, Arndroid said: Thanks! So I should put something like: -v /tmp/user.scripts/dockerScripts/Add Composer To Docker/script:/etc/cont-init.d/40-composer Under "Post Arguments:" in the Letsencrypt Docker Template, right? And than in the Bash script file to which I point it, just do something like: #!/bin/sh cd /tmp php -r "copy('https://getcomposer.org/installer', '/tmp/composer-setup.php');" php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer composer --version #echo composer version to log to verify installation God only knows what you actually need in the script, but -v means it can be mounted in the volume bit of your template, like this..... Just make sure you've chmod +x and it has the right perms. Edited January 21, 2018 by CHBMB 1 Quote Link to comment
DieFalse Posted January 21, 2018 Share Posted January 21, 2018 Ok, for the life of me, following as many different guides as I could so far, I still can not get this to work. I own a domain name and have my.domain.com set to forward to my IP. I have setup LE and keep getting this error: Failed authorization procedure. my.xxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxx.com/.well-known/acme-challenge/1Eq0-WkG_ENPwv59yFCqtUfWQ2CqYo8F0-Bm4hXTheY: "<?xml version="1.0" encoding="iso-8859-1"?> What causes this error? Quote Link to comment
CHBMB Posted January 21, 2018 Share Posted January 21, 2018 4 minutes ago, fmp4m said: Ok, for the life of me, following as many different guides as I could so far, I still can not get this to work. I own a domain name and have my.domain.com set to forward to my IP. I have setup LE and keep getting this error: Failed authorization procedure. my.xxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxx.com/.well-known/acme-challenge/1Eq0-WkG_ENPwv59yFCqtUfWQ2CqYo8F0-Bm4hXTheY: "<?xml version="1.0" encoding="iso-8859-1"?> What causes this error? Quote Link to comment
DieFalse Posted January 21, 2018 Share Posted January 21, 2018 Run Command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Chicago" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"=xxxxxx.com" -e "SUBDOMAINS"="my," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -p 81:80/tcp -p 7443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Firewall fwding: lan-interface eth1 rule 1 { description encrypt forward-to { address 192.168.1.175 port 81 } original-port 80 protocol tcp_udp } rule 2 { description encrypt2 forward-to { address 192.168.1.175 port 7443 } original-port 443 protocol tcp_udp } Error: Failed authorization procedure. my.xxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxx.com/.well-known/acme-challenge/1Eq0-WkG_ENPwv59yFCqtUfWQ2CqYo8F0-Bm4hXTheY: "<?xml version="1.0" encoding="iso-8859-1"?> Quote Link to comment
CHBMB Posted January 21, 2018 Share Posted January 21, 2018 7 minutes ago, fmp4m said: Run Command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Chicago" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"=xxxxxx.com" -e "SUBDOMAINS"="my," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -p 81:80/tcp -p 7443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Firewall fwding: lan-interface eth1 rule 1 { description encrypt forward-to { address 192.168.1.175 port 81 } original-port 80 protocol tcp_udp } rule 2 { description encrypt2 forward-to { address 192.168.1.175 port 7443 } original-port 443 protocol tcp_udp } Error: Failed authorization procedure. my.xxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxx.com/.well-known/acme-challenge/1Eq0-WkG_ENPwv59yFCqtUfWQ2CqYo8F0-Bm4hXTheY: "<?xml version="1.0" encoding="iso-8859-1"?> You sure you got the correct WAN ip address allocated to your domain or dynamic DNS. Quote Link to comment
DieFalse Posted January 21, 2018 Share Posted January 21, 2018 (edited) Yes, I have forwarded from my subdomain.domain.com to my WAN ip. I use this same setup different.domain.com with no issues. If I went to http://sub.domain.com:anyport it will still resolve and is pingable. Tracert shows it going to my machine. Full Log (took a min to clean): -------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d my.xxxxxxx.comE-mail address entered: [email protected]Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdusage:certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,it will attempt to use a webserver both for obtaining and installing thecertificate.certbot: error: argument --cert-path: No such file or directoryGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for my.xxxxxxx.comWaiting for verification...Cleaning up challengesFailed authorization procedure. my.xxxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxxx.com/.well-known/acme-challenge/dgTrPK7WHHxA87urYp9N1s12CdEYXcPhbZgOOsWEOag: "<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www."IMPORTANT NOTES:- The following errors were reported by the server:Domain: my.xxxxxxx.comType: unauthorizedDetail: Invalid response fromhttp://my.xxxxxxx.com/.well-known/acme-challenge/dgTrPK7WHHxA87urYp9N1s12CdEYXcPhbZgOOsWEOag:"<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www."To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. Helpful or Useless info: Going to http://127.0.0.1:81/ does not open any page... nor https://127.0.0.1:7443/ Edited January 21, 2018 by fmp4m Quote Link to comment
aptalca Posted January 22, 2018 Share Posted January 22, 2018 6 hours ago, fmp4m said: Yes, I have forwarded from my subdomain.domain.com to my WAN ip. I use this same setup different.domain.com with no issues. If I went to http://sub.domain.com:anyport it will still resolve and is pingable. Tracert shows it going to my machine. Full Log (took a min to clean): -------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d my.xxxxxxx.comE-mail address entered: [email protected]Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdusage:certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,it will attempt to use a webserver both for obtaining and installing thecertificate.certbot: error: argument --cert-path: No such file or directoryGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for my.xxxxxxx.comWaiting for verification...Cleaning up challengesFailed authorization procedure. my.xxxxxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.xxxxxxx.com/.well-known/acme-challenge/dgTrPK7WHHxA87urYp9N1s12CdEYXcPhbZgOOsWEOag: "<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www."IMPORTANT NOTES:- The following errors were reported by the server:Domain: my.xxxxxxx.comType: unauthorizedDetail: Invalid response fromhttp://my.xxxxxxx.com/.well-known/acme-challenge/dgTrPK7WHHxA87urYp9N1s12CdEYXcPhbZgOOsWEOag:"<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www."To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. Helpful or Useless info: Going to http://127.0.0.1:81/ does not open any page... nor https://127.0.0.1:7443/ Invalid response could mean letsencrypt is reaching a different web server through port 80. Is your router interface available on port 80 from the wan? Try going to your ip at port 80 from the outside and see what you get Quote Link to comment
IndianaJoe1216 Posted January 22, 2018 Share Posted January 22, 2018 46 minutes ago, aptalca said: Invalid response could mean letsencrypt is reaching a different web server through port 80. Is your router interface available on port 80 from the wan? Try going to your ip at port 80 from the outside and see what you get This is exactly the same error I am currently getting. I have made the swap to verify over port 80 but the issue is that my ISP blocks inbound 80 traffic for some reason. Is there another way to verify this so I can get external access back up and running? Quote Link to comment
matthope Posted January 22, 2018 Share Posted January 22, 2018 On 19/01/2018 at 9:15 AM, aptalca said: Would you be willing to test that branch? It is currently untested. I can provide instructions, let me know Yup, just tell me how. However, If you want me to try the dns branch on github, I almost certain it won't work, since you cannot use the parameters --non-interactive and --manual together with certbot. I suggest you to use thoses three parameters instead of --non-interactive : --agree-tos --manual-public-ip-logging-ok --no-eff-email. Also the parameter --preferred-challenges=http should be --preferred-challenges=dns instead. Github: 50-config [line 147] certbot certonly --non-interactive --renew-by-default --manual --preferred-challenges=http --manual-auth-hook /config/authenticator.sh --manual-cleanup-hook /config/cleanup.sh --rsa-key-size 4096 $EMAILPARAM --agree-tos $URLS Quote Link to comment
matthope Posted January 22, 2018 Share Posted January 22, 2018 1 hour ago, IndianaJoe1216 said: This is exactly the same error I am currently getting. I have made the swap to verify over port 80 but the issue is that my ISP blocks inbound 80 traffic for some reason. Is there another way to verify this so I can get external access back up and running? If your provider block the port 80, the only other way at the moment is the dns challenge, I suggest you to read the forum from this post. However, it require you to use a dns provider with an API, such as cloudflare, and 2 scripts specific to your dns provider. Quote Link to comment
drumstyx Posted January 22, 2018 Share Posted January 22, 2018 (edited) I'm still getting timeouts when it's trying to validate. It's so close, and I've absolutely verified that port 80 externally shows the ACME challenge server from my phone's LTE connection. Of course, that only runs for a few moments, but I definitely see it. No idea why it might be timing out though. domain is mydomain.duckdns.org, subdomains are a few domains I want (plex, etc). results are:IMPORTANT NOTES:- The following errors were reported by the server:Domain: davos.mysubdomain.duckdns.orgType: connectionDetail: Fetchinghttp://davos.mysubdomain.duckdns.org/.well-known/acme-challenge/6yEcc_agXaATurFQkpnroYJ92ttRYm8CFH917c3SFOA:TimeoutDomain: mysubdomain.duckdns.orgType: connectionDetail: Fetchinghttp://mysubdomain.duckdns.org/.well-known/acme-challenge/yrV6mb_tNYzND85MFhRIlyos_rQDJHJgDjoddQxAlL8:TimeoutDomain: sonarr.mysubdomain.duckdns.orgType: connectionDetail: Fetchinghttp://sonarr.mysubdomain.duckdns.org/.well-known/acme-challenge/uOwuhYS-vgDTDTBK-77wfo3SzaDxZe-i1tOgd0wW_P4:TimeoutDomain: radarr.mysubdomain.duckdns.orgType: connectionDetail: Fetchinghttp://radarr.mysubdomain.duckdns.org/.well-known/acme-challenge/GNBwPGr0Olj5UYcxJjsCI9xZj1gVTPeDRloYiq70elg:TimeoutDomain: plex.mysubdomain.duckdns.orgType: connectionDetail: Fetchinghttp://plex.mysubdomain.duckdns.org/.well-known/acme-challenge/zl35PWM5PciqgMhMJHbAzPityt2nifmpe-q2nGnv7WE:TimeoutVerified that port 80 is not blocked by forwarding 80:80 on my router temporarily, and yep, there was my unraid config. What's going on here? Like I said, I've confirmed the server itself is accessible on port 80 from an external connection, so the only thing I can think of is the paths are borked -- how would I go about validating that things are where they're supposed to be? Edited January 22, 2018 by drumstyx Quote Link to comment
DieFalse Posted January 22, 2018 Share Posted January 22, 2018 Ok, so I found that upnp was forcing a separate port 80 config. This caused the conflict. I cleared my conflict and now have a cert. In configuring the reverse proxy, any http(s)://my.domain.com/SERVICE pulls the main html and not the service. Quote Link to comment
Ding Dong Del Posted January 22, 2018 Share Posted January 22, 2018 6 hours ago, fmp4m said: upnp was forcing a separate port 80 config @fmp4m when you talk about upnp forcing a seperate config, how did you check / determine that? I've been using this LE container for months fine until the tls method was disabled. I've been pulling the little hair I have left out trying to work out why HTTP val is failing for me. I've tracked it down to, within the docker container for LE - when I look at the debug log, I see it throwing an error that it can't bind to the port that I have said to use for HTTP. My next steps were to try and track down why the bind (for the LE webserver that is spun up for validation when --standalone is being used) is failing - I wonder if you are on to something. (I've attached a screenshot of the error - I've had to fly out of town this morning so can't get to more log detail at this time, sorry.) Based on having had this working previously (and "admin'ing" and unraid set up at a friends house where it is working fine there - I *haven't* upgraded their LE container just yet.....) I am very confident that I have my configs set up correctly. I must be doing something wrong/differently. There is absolutely nothing listening on *any* port within the container itself (as you can also see from the screen shot below) - well you could if I hadn't snipped it in my rush to get out the door - but trust me, there was NOTHING returned from the command below. Quote Link to comment
aptalca Posted January 22, 2018 Share Posted January 22, 2018 22 minutes ago, Ding Dong Del said: @fmp4m when you talk about upnp forcing a seperate config, how did you check / determine that? I've been using this LE container for months fine until the tls method was disabled. I've been pulling the little hair I have left out trying to work out why HTTP val is failing for me. I've tracked it down to, within the docker container for LE - when I look at the debug log, I see it throwing an error that it can't bind to the port that I have said to use for HTTP. My next steps were to try and track down why the bind (for the LE webserver that is spun up for validation when --standalone is being used) is failing - I wonder if you are on to something. (I've attached a screenshot of the error - I've had to fly out of town this morning so can't get to more log detail at this time, sorry.) Based on having had this working previously (and "admin'ing" and unraid set up at a friends house where it is working fine there - I *haven't* upgraded their LE container just yet.....) I am very confident that I have my configs set up correctly. I must be doing something wrong/differently. There is absolutely nothing listening on *any* port within the container itself (as you can also see from the screen shot below) - well you could if I hadn't snipped it in my rush to get out the door - but trust me, there was NOTHING returned from the command below. Check if there's anything listening on the host Quote Link to comment
aptalca Posted January 22, 2018 Share Posted January 22, 2018 (edited) 10 hours ago, matthope said: Yup, just tell me how. However, If you want me to try the dns branch on github, I almost certain it won't work, since you cannot use the parameters --non-interactive and --manual together with certbot. I suggest you to use thoses three parameters instead of --non-interactive : --agree-tos --manual-public-ip-logging-ok --no-eff-email. Also the parameter --preferred-challenges=http should be --preferred-challenges=dns instead. Github: 50-config [line 147] certbot certonly --non-interactive --renew-by-default --manual --preferred-challenges=http --manual-auth-hook /config/authenticator.sh --manual-cleanup-hook /config/cleanup.sh --rsa-key-size 4096 $EMAILPARAM --agree-tos $URLS Thanks for the heads up. Http/dns was a typo. With regards to the options, the certbot options make no sense because automation is always an afterthought for them. And their documentation is sub par. I added the noeffemail one (must be new, first I'm seeing it) as well as the ip logging one. But nowhere does it say you can't use non interactive with manual. Oh well. I removed it anyway. In order to test, you can clone the github repo, enter the folder, and do "git checkout dns" and then build a docker image locally with "docker build -t lednstest ." (don't forget the period at the end) it will build a local image with the name "lednstest" Then you can create a new container with the same options, but instead of using "linuxserver/letsencrypt" at the end, use "lednstest" (or in the unraid gui, change the image repo in advanced settings) Make sure you set the variable DNSVAL to true, and have your authenticator.sh and cleanup.sh scripts in the config folder. Let me know if that's clear Edited January 22, 2018 by aptalca Quote Link to comment
Diggewuff Posted January 22, 2018 Share Posted January 22, 2018 Hey, today I tried to switch my letsencrypt container from Bridge network mode to the new mode in unraid 6.4.0 where I can chose a dedicated IP for the container. So far so good. I've chosen a new ip 192.168.1.20 and changed the mapping of the ports 80 and 443 on my router to that new IP. From then on I wasn't able to reach my domains from WAN anymore. trying to access them from LAN is giving me that error: Quote 2018/01/22 18:18:14 [error] 351#351: *112 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.1.1, server: beast.joschamiddendorf.de, request: "GET / HTTP/2.0", upstream: "http://192.168.1.5:80/", host: "subdomain.domain.de" 2018/01/22 18:18:14 [error] 351#351: *112 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.1.1, server: subdomain.domain.de, request: "GET /plugins/ipmi/include/ipmi_temp.php?unit=C&dot=. HTTP/2.0", upstream: "http://192.168.1.5:80/plugins/ipmi/include/ipmi_temp.php?unit=C&dot=.", host: "subdomain.domain.de", referrer: "https://subdomain.domain.de/Main" Furthermore I'm not able to ping any ip dresses on my local network from inside of the container. I already disabled every firewall rule on my Router. Does anyone has an idea? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.