aptalca Posted February 2, 2018 Share Posted February 2, 2018 1 hour ago, statecowboy said: So I was looking through my docker settings cleaning stuff up and noticed I had a typo in my email address. I changed it not even thinking about the fact this would mess up with cert. Can someone please tell me how to force it to re-issue a new cert? I tried simply restarting the docker but that did not work. This is the error I'm getting now: nginx: [emerg] duplicate upstream "backend" in /config/nginx/site-confs/default.bak:1 Nothing wrong with your cert. You have a duplicate site config. Move it elsewhere Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 I've upgraded to 6.4.0 from 6.3.5 and in the process, wiped my cache drive with my docker containers. However, I managed to restore, added the HTTPVAL=True, changed port forwarding etc, but on firing up the LE docker, it starts, but I get these messages; ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d *****.*****.***** E-mail address entered: *****@*****.*** Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Where have I gone wrong, as I bet it's something simple? Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 @WannabeMKII Can you post some more information, specifically the things I mention in my post linked below. Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 (edited) OK, I'm doing my best here, but I'm not great at the technical stuff... Port 80 is forwarded to port 81. Sorry, not sure how to run, run commands? Is there a guide, as happy to provide if I have a few pointers? FYI - I use dnsmadeeasy, which I saw mentioned somewhere in this thread for testing if that helps? Edited February 2, 2018 by WannabeMKII Wrong image uploaded. Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 If the Private IP is your internal IP address, there's no need to black it out. Docker run command instructions are in my signature. Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 Sorry, paranoid I guess. Here's the run command; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="10.0.0.220" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "TCP_PORT_80"="81" -e "TCP_PORT_443"="443" -e "EMAIL"="*****@*****.***" -e "URL"="*****.*****" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="True" -e "PUID"="99" -e "PGID"="100" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt fe5d2e9caaf15a0373feb2834d6b278c4c533ba3d8f3a6149accdffea4070dc1 The command finished successfully! Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 OK, so that all looks OK. Check port 80 is open here. Check your DNS is correct here. Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 Good news. OK, so it's saying port 80 isn't open? Here's a screenshot. IP is correct though. Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 @WannabeMKII Post a redacted screenshot of your LetsEncrypt setup page. Like this: Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 Here you go... Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 Here you go...OK, so you are going to have to do a bit of research here, but check your ISP isn't blocking port 80.Sent from my LG-H815 using Tapatalk Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 (edited) My ISP, BT, don't block port 80, as I've used it in the past. Infact, I was using up until I updated unraid to 6.4. I'm really confused why port 80 is showing as closed though when the port is open on the router and BT don't block it? Strange, it's also reporting 443 as closed and I was also using that yesterday up until the update in unraid? Edited February 2, 2018 by WannabeMKII Added 443 comments. Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 OK, so I've opened another port as an experiment and it's worked perfectly. Would LetsEncrypt not respond or report the ports as closed? Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 I wonder if something has gone wrong between the backup and restore? Quote Link to comment
JonathanM Posted February 2, 2018 Share Posted February 2, 2018 58 minutes ago, CHBMB said: OK, so that all looks OK. Check port 80 is open here. Check your DNS is correct here. I don't think canyouseeme will work if there isn't an answering service on the port. Docker not started=no answer. Perhaps we need a quick test docker with no unraid files mapped to exploit that answers on configurable ports, that way you can spin that up check for connectivity. Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 How would I do that? Quote Link to comment
WannabeMKII Posted February 2, 2018 Share Posted February 2, 2018 I'm running Radarr, so opened the port for the container on my router to the IP the docker is running and entered the IP followed by the Radarr port and it opened without a problem. Is that what you mean? I'm just trying to help out, as this is really strange and really frustrating, so keen to help find the resolution. Quote Link to comment
saarg Posted February 2, 2018 Share Posted February 2, 2018 1 hour ago, WannabeMKII said: Good news. OK, so it's saying port 80 isn't open? Here's a screenshot. IP is correct though. You run letsencrypt on its own IP, that means you are not using the port mappings at all. Your port forwarding in your router is then wrong as you should forward 80 to 80 and 443 to 443. You have forwarded 80 to 81. Quote Link to comment
CHBMB Posted February 2, 2018 Share Posted February 2, 2018 You run letsencrypt on its own IP, that means you are not using the port mappings at all. Your port forwarding in your router is then wrong as you should forward 80 to 80 and 443 to 443. You have forwarded 80 to 81.Damn, I should have spotted that!Sent from my LG-H815 using Tapatalk Quote Link to comment
aptalca Posted February 3, 2018 Share Posted February 3, 2018 8 hours ago, WannabeMKII said: I've upgraded to 6.4.0 from 6.3.5 and in the process, wiped my cache drive with my docker containers. However, I managed to restore, added the HTTPVAL=True, changed port forwarding etc, but on firing up the LE docker, it starts, but I get these messages; ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d *****.*****.***** E-mail address entered: *****@*****.*** Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Where have I gone wrong, as I bet it's something simple? Set HTTPVAL to "true" not "True" Quote Link to comment
saarg Posted February 3, 2018 Share Posted February 3, 2018 11 hours ago, CHBMB said: Damn, I should have spotted that! Sent from my LG-H815 using Tapatalk You should But I guess you were busy testing and packing usb cards 1 Quote Link to comment
DZMM Posted February 3, 2018 Share Posted February 3, 2018 I'm a bit confused about renewals as I'm getting emails from Let's Encrypt saying my cerys are expiring soon. Do I just ignore if the docker is working? I made changes to my domains just last week and in the logs it said obtaining new certificate, but I'm still getting warning emails??? Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 OK, so I've change port forwarding to 80, 80 and the internal IP. I've changed HTTPVAL to 'true' from 'True'. On running the docker, I get the following in the logs; Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Any other ideas? Quote Link to comment
strike Posted February 3, 2018 Share Posted February 3, 2018 (edited) 11 minutes ago, WannabeMKII said: OK, so I've change port forwarding to 80, 80 and the internal IP. I've changed HTTPVAL to 'true' from 'True'. On running the docker, I get the following in the logs; Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Any other ideas? You'll also need to change the host port on the container to 80, right now it's 81, if you didn't change it already. Edited February 3, 2018 by strike Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 It appears to be a DNS issue after fixing all other problems. I'm hoping to test the dnsmadeeasy setup, so I've PM'd and hoping to hear back so I can get back online... Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.