Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

So I am trying to switch the validation from HTTP to TLS-SNI but I am getting an error

Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

I have made sure all my ports are lined up as well.

image.thumb.png.639820de7285f5c6f61755461a913978.png

image.thumb.png.42fefbb7831afc0b5140bc59e7d4573a.png

image.thumb.png.b022a1a2f9dd632f833764fa864dae2f.png

 

Not sure what I am missing here.

 

Any help is greatly appreciated.

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

I have run into a strange problem.    HTTPS works perfectly however now nginx is ignoring port 80 no matter what.   going to port 80 with proper mapping and all reports connection refused.    Is there somewhere in the nginx config that controls regular http access?

Yes, in the "default" file, if you want nginx to respond on port 80, you have to configure the nginx server to do so.

 

Response to the http challenge isn't done from nginx, completely separate process.

3 minutes ago, CHBMB said:

Yes, in the "default" file, if you want nginx to respond on port 80, you have to configure the nginx server to do so.

 

Response to the http challenge isn't done from nginx, completely separate process.

 

 

Got ya... I must have broke something then.

 

(http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain ::

2 minutes ago, fmp4m said:

 

 

Got ya... I must have broke something then.

 

(http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain ::

 

That suggests you haven't even got to the nginx part yet, that's the LE challenge......

1 minute ago, CHBMB said:

 

That suggests you haven't even got to the nginx part yet, that's the LE challenge......

 

Yea,  I got that part after you said it was a separate process.  I don't know what broke,   Its on port 80 and 443 with forwarding.  I checked by moving the mapping of another process to port 80 and 443 and its not blocked by isp.    Maybe I need to hose it.   strange.

28 minutes ago, fmp4m said:

 

Yea,  I got that part after you said it was a separate process.  I don't know what broke,   Its on port 80 and 443 with forwarding.  I checked by moving the mapping of another process to port 80 and 443 and its not blocked by isp.    Maybe I need to hose it.   strange.

 

Yep.. I broke something.  After getting the LE challenge fixed and server up,   no response on http or https.

 

[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

 

*** Found it.  default had the old ports in it.    updated and all is back online.

Edited by fmp4m

2 hours ago, CHBMB said:

 

That's fine as long as your firewall/router is forwarding 443 externally to 442 on your Unraid box.

 

It doesn't sound like that's what is causing the error though.

It used to work with the settings I had before which is why i'm not sure why it would just stop working overnight.

4 hours ago, Invincible said:

The latest update (from last night) seems to have broken something for me.

I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP.

I also noticed that the HTTPVAL setting was missing from the show more settings tab.

 

Any ideas what would have broken the config for me?

Here are the logs:

 



[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ******.duckdns.org
E-mail address entered: **********
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ******.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html>

<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: ******.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952

 

image.png.109f66b63c8a21cd4f569d671a1c5281.png

 

image.png.57d6546676f07304bf73596ace9cc7bb.png

 

 

 

 

 

The second screenshot looks like your router is forwarding port 80 to port 80 on unraid for tcp, and port 81 to 81 on unraid for udp. What you need is to forward port 80 to port 81 for tcp. Right now, letsencrypt servers are connecting to your unraid web gui

11 hours ago, WannabeMKII said:

 

Ah ha, adding "tls-sni" = "true" has got me back up and running!

 

Port 80 is still appearing as closed though?

 

Now just to get nzbhydra2 actually loading properly.

 

Superb news though and really appreciate the constant help from everyone, absolutely legendary!

 

This container does not recognize "tls-sni" = "true", so something else you did must have fixed it.

8 minutes ago, aptalca said:

 

The second screenshot looks like your router is forwarding port 80 to port 80 on unraid for tcp, and port 81 to 81 on unraid for udp. What you need is to forward port 80 to port 81 for tcp. Right now, letsencrypt servers are connecting to your unraid web gui

 

Looks like there was a separate section on my router to configure this. That seemed to fix it, thanks!

Hi guys, I am getting the following error:

 

There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: INSERTDOMAINHERE.com,www.INSERTDOMAINHERE.com: see https://letsencrypt.org/docs/rate-limits/

 

Please see the logfiles in /var/log/letsencrypt for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container.

 

Some background.  I had just done something on my unraid server and saw a notification that there was an update available for the letsencrypt docker.  I updated and this is the error I received.  Any ideas?  I will be checking DNS to make sure nothing is wrong there, but it's highly unlikely as everything was working just fine before updating the docker.  

 

Maybe also worth noting is I validate via http (and the flag is set to true).

 

UPDATE - I don't know why but deleting my docker an reinstalling fixed it.

Edited by statecowboy

Hi there, i've using this docker for a while in unraid and it works perfectly. Thanks for that!

 

I wanted to move it to a raspberry pi, and I found you already have a GitHub with all necessary, but you did not publish an image on docker hub, could you this? Thanks in advance.

@Sensei73 we have a separate repo for arm images

 

refer to our main list here for available images 

 

list on the right is for armxx images and any ending --aarch64 are for aarch64 only

@sparklyballs

thanks for the quick answer! Found it! I will have to clone it and change it to 32 bits, rip 2 powered!! thanks!

 

edit: not so easy! you used a custom image!

edit2: never mind you have a 32 bits image also! 

 

You are perfect!

Edited by Sensei73

So I just updated my container by removing the HTTPVAL variable and replacing it with VALIDATION=http.  Nothing else changed (already was forwarding 80 to get HTTPVAL working).  Now I'm getting the following for all my certs:

 

   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge

 

Edited by IamSpartacus

54 minutes ago, IamSpartacus said:

So I just updated my container by removing the HTTPVAL variable and replacing it with VALIDATION=http.  Nothing else changed (already was forwarding 80 to get HTTPVAL working).  Now I'm getting the following for all my certs:

 


   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge

 

 

Full log?

5 minutes ago, aptalca said:

 

Full log?

 

PM'd.

I've been pulling my hair out this week reading through this whole thread and trying what was suggested and its just not working. Perhaps I'm just not grasping it for some silly reason? Any help would be appreciated. Thanks!

 

Here's screenshots of what my configurations and errors look like. 

 

Unraid UpdateContainer (1).png

Log for  letsencrypt.png

ASUS Wireless Router RT N66U   Virtual Server   Port Forwarding.png

You've got http port defined twice, so remove one, and remove HTTPVAL = FALSE (the whole variable)

I did get letsencrypt working and all. is this the right place to find out whats wrong with nginx server? possibly a tutorial on how to set it up with sonarr etc? I get error on the upstream

*1 connect() failed (113: Host is unreachable) while connecting to upstream, client: XX.XX.XX.XX 

4 hours ago, torn8o said:

I did get letsencrypt working and all. is this the right place to find out whats wrong with nginx server? possibly a tutorial on how to set it up with sonarr etc? I get error on the upstream

*1 connect() failed (113: Host is unreachable) while connecting to upstream, client: XX.XX.XX.XX 

 

Post your site config. Make sure the ip you defined is correct and valid (no localhost or 127.0.0.1, etc.)

Hi,

 

I have a special question regarding letsencrypt together with nextcloud.

 

I have a Static IP with a Domain for letsencrpyt.

This IP I am mapping on my Router to letsencrypt.

Letsencrpyt is then proxying to the nextcloud container.

 

If I now setup the Nextcloud-App on my internal client to the domain, then everything works fine and I am not getting any (certificate)-error. 

The big disadvantage is that any traffic from the client to nexcloud (via letsencrypt) is going via the Router instead directly. The router is a USG from Unifi with enabled IDS/IPS which limits the troughput to 80Mbit/s which is more then enough for the internet but not for the internal Gigabit Connection. So If I transfer big files via nextcloud the Router will hit his maximum throughbut.

 

I could use internaly the IP Adress of the nextcloud container, but then I will always get an Security Warning...

 

Any other ideas?

 

Br,

Johannes

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.