February 4, 20188 yr So I am trying to switch the validation from HTTP to TLS-SNI but I am getting an error Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I have made sure all my ports are lined up as well. Not sure what I am missing here. Any help is greatly appreciated.
February 4, 20188 yr TLS-SNI currently isn't supported, LE have disabled it. It's included in the container only in case they reenable it at a later date. https://github.com/linuxserver/docker-letsencrypt#parameters Edited February 4, 20188 yr by CHBMB
February 4, 20188 yr 6 minutes ago, CHBMB said: TLS-SNI currently isn't supported, LE have disabled it. It's included in the container only in case they reenable it at a later date. https://github.com/linuxserver/docker-letsencrypt#parameters Ooooooh, I get it now. That makes sense thank you.
February 4, 20188 yr I have run into a strange problem. HTTPS works perfectly however now nginx is ignoring port 80 no matter what. going to port 80 with proper mapping and all reports connection refused. Is there somewhere in the nginx config that controls regular http access?
February 4, 20188 yr Yes, in the "default" file, if you want nginx to respond on port 80, you have to configure the nginx server to do so. Response to the http challenge isn't done from nginx, completely separate process.
February 4, 20188 yr 3 minutes ago, CHBMB said: Yes, in the "default" file, if you want nginx to respond on port 80, you have to configure the nginx server to do so. Response to the http challenge isn't done from nginx, completely separate process. Got ya... I must have broke something then. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain ::
February 4, 20188 yr 2 minutes ago, fmp4m said: Got ya... I must have broke something then. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: That suggests you haven't even got to the nginx part yet, that's the LE challenge......
February 4, 20188 yr 1 minute ago, CHBMB said: That suggests you haven't even got to the nginx part yet, that's the LE challenge...... Yea, I got that part after you said it was a separate process. I don't know what broke, Its on port 80 and 443 with forwarding. I checked by moving the mapping of another process to port 80 and 443 and its not blocked by isp. Maybe I need to hose it. strange.
February 4, 20188 yr 28 minutes ago, fmp4m said: Yea, I got that part after you said it was a separate process. I don't know what broke, Its on port 80 and 443 with forwarding. I checked by moving the mapping of another process to port 80 and 443 and its not blocked by isp. Maybe I need to hose it. strange. Yep.. I broke something. After getting the LE challenge fixed and server up, no response on http or https. [cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.Server ready *** Found it. default had the old ports in it. updated and all is back online. Edited February 4, 20188 yr by fmp4m
February 4, 20188 yr 2 hours ago, CHBMB said: That's fine as long as your firewall/router is forwarding 443 externally to 442 on your Unraid box. It doesn't sound like that's what is causing the error though. It used to work with the settings I had before which is why i'm not sure why it would just stop working overnight.
February 4, 20188 yr 4 hours ago, Invincible said: The latest update (from last night) seems to have broken something for me. I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP. I also noticed that the HTTPVAL setting was missing from the show more settings tab. Any ideas what would have broken the config for me? Here are the logs: [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Backwards compatibility check. . . 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d ******.duckdns.org E-mail address entered: ********** Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ******.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: ******.duckdns.org Type: unauthorized Detail: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952 The second screenshot looks like your router is forwarding port 80 to port 80 on unraid for tcp, and port 81 to 81 on unraid for udp. What you need is to forward port 80 to port 81 for tcp. Right now, letsencrypt servers are connecting to your unraid web gui
February 4, 20188 yr 11 hours ago, WannabeMKII said: Ah ha, adding "tls-sni" = "true" has got me back up and running! Port 80 is still appearing as closed though? Now just to get nzbhydra2 actually loading properly. Superb news though and really appreciate the constant help from everyone, absolutely legendary! This container does not recognize "tls-sni" = "true", so something else you did must have fixed it.
February 4, 20188 yr 8 minutes ago, aptalca said: The second screenshot looks like your router is forwarding port 80 to port 80 on unraid for tcp, and port 81 to 81 on unraid for udp. What you need is to forward port 80 to port 81 for tcp. Right now, letsencrypt servers are connecting to your unraid web gui Looks like there was a separate section on my router to configure this. That seemed to fix it, thanks!
February 5, 20188 yr Hi guys, I am getting the following error: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: INSERTDOMAINHERE.com,www.INSERTDOMAINHERE.com: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container. Some background. I had just done something on my unraid server and saw a notification that there was an update available for the letsencrypt docker. I updated and this is the error I received. Any ideas? I will be checking DNS to make sure nothing is wrong there, but it's highly unlikely as everything was working just fine before updating the docker. Maybe also worth noting is I validate via http (and the flag is set to true). UPDATE - I don't know why but deleting my docker an reinstalling fixed it. Edited February 5, 20188 yr by statecowboy
February 6, 20188 yr Hi there, i've using this docker for a while in unraid and it works perfectly. Thanks for that! I wanted to move it to a raspberry pi, and I found you already have a GitHub with all necessary, but you did not publish an image on docker hub, could you this? Thanks in advance.
February 6, 20188 yr @Sensei73 we have a separate repo for arm images refer to our main list here for available images list on the right is for armxx images and any ending --aarch64 are for aarch64 only
February 6, 20188 yr @sparklyballs thanks for the quick answer! Found it! I will have to clone it and change it to 32 bits, rip 2 powered!! thanks! edit: not so easy! you used a custom image! edit2: never mind you have a 32 bits image also! You are perfect! Edited February 6, 20188 yr by Sensei73
February 7, 20188 yr So I just updated my container by removing the HTTPVAL variable and replacing it with VALIDATION=http. Nothing else changed (already was forwarding 80 to get HTTPVAL working). Now I'm getting the following for all my certs: Type: unauthorized Detail: The key authorization file from the server did not match this challenge Edited February 7, 20188 yr by IamSpartacus
February 7, 20188 yr 54 minutes ago, IamSpartacus said: So I just updated my container by removing the HTTPVAL variable and replacing it with VALIDATION=http. Nothing else changed (already was forwarding 80 to get HTTPVAL working). Now I'm getting the following for all my certs: Type: unauthorized Detail: The key authorization file from the server did not match this challenge Full log?
February 10, 20188 yr I've been pulling my hair out this week reading through this whole thread and trying what was suggested and its just not working. Perhaps I'm just not grasping it for some silly reason? Any help would be appreciated. Thanks! Here's screenshots of what my configurations and errors look like.
February 10, 20188 yr You've got http port defined twice, so remove one, and remove HTTPVAL = FALSE (the whole variable)
February 10, 20188 yr I did get letsencrypt working and all. is this the right place to find out whats wrong with nginx server? possibly a tutorial on how to set it up with sonarr etc? I get error on the upstream *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: XX.XX.XX.XX
February 10, 20188 yr 4 hours ago, torn8o said: I did get letsencrypt working and all. is this the right place to find out whats wrong with nginx server? possibly a tutorial on how to set it up with sonarr etc? I get error on the upstream *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: XX.XX.XX.XX Post your site config. Make sure the ip you defined is correct and valid (no localhost or 127.0.0.1, etc.)
February 10, 20188 yr Hi, I have a special question regarding letsencrypt together with nextcloud. I have a Static IP with a Domain for letsencrpyt. This IP I am mapping on my Router to letsencrypt. Letsencrpyt is then proxying to the nextcloud container. If I now setup the Nextcloud-App on my internal client to the domain, then everything works fine and I am not getting any (certificate)-error. The big disadvantage is that any traffic from the client to nexcloud (via letsencrypt) is going via the Router instead directly. The router is a USG from Unifi with enabled IDS/IPS which limits the troughput to 80Mbit/s which is more then enough for the internet but not for the internal Gigabit Connection. So If I transfer big files via nextcloud the Router will hit his maximum throughbut. I could use internaly the IP Adress of the nextcloud container, but then I will always get an Security Warning... Any other ideas? Br, Johannes
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.