aptalca Posted September 5, 2019 Share Posted September 5, 2019 2 hours ago, fachizel90 said: Hi my certificates seem to have expired and arent renewing properly. Everything shows an insecure connection error. I managed to find a command that forces a renewal but it failed also. Please Help. We do not support users running manual commands. The readme contains info on how to troubleshoot renewal issues. In your case, either your ip on duckdns is wrong or your port isn't forwarded properly Quote Link to comment
MothyTim Posted September 5, 2019 Share Posted September 5, 2019 I found this on Ubiquity’s website, not sure what I need from it to make UNMS work? Like I said previously I can get the GUI page but can’t see my devices, that was by editing the UniFi template! Hoping that someone with mor knowledge can help? map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; server_name unms.example.com; client_max_body_size 4G; location / { proxy_redirect off; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080/; } } server { listen 443 ssl http2; server_name unms.example.com; ssl_certificate /etc/letsencrypt/live/unms.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/unms.example.com/privkey.pem; ssl on; set $upstream 127.0.0.1:8443; location / { proxy_pass https://$upstream; proxy_redirect https://$upstream https://$server_name; proxy_cache off; proxy_store off; proxy_buffering off; proxy_http_version 1.1; proxy_read_timeout 36000s; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Referer ""; client_max_body_size 0; } } Quote Link to comment
dr_drei Posted September 5, 2019 Share Posted September 5, 2019 (edited) I would really appreciate your help: Quote [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=[x] URL=[x] SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=dns DNSPLUGIN=cloudflare EMAIL=[x] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing Wildcard cert for only the subdomains of [x] will be requested E-mail address entered: [x] dns validation via cloudflare plugin is selected Certificate exists; parameters unchanged; starting nginx creating GeoIP2 database [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready and I can't access my subdomains since I came back to Unraid after a few weeks. The SSL certificate had to be renewed and it seems to be fine when I check it with an SSL checker. The subdomains won't though, if that is of relevance. I'm not sure if that is good or not. a) Does not being able to access my subdomains has a conneciton to the error(s) I get in the report? b) How can I fix it? I followed Spaceinvaderone's videos to setting up a reverse proxy with letsencrypt using a wildcard. Thank you all for your input! Edit: Subdomains are accessible again. The LetsEncrypt error persists though. Edited September 6, 2019 by dr_drei Quote Link to comment
fachizel90 Posted September 5, 2019 Share Posted September 5, 2019 6 hours ago, aptalca said: We do not support users running manual commands. The readme contains info on how to troubleshoot renewal issues. In your case, either your ip on duckdns is wrong or your port isn't forwarded properly Hi thanks for the reply, It was working fine until the certs expired three months in. I did upgrade my router to a OPNsense firewall. Will revert back to old router and see if that helps with renewing the certs. Quote Link to comment
saarg Posted September 6, 2019 Share Posted September 6, 2019 6 hours ago, fachizel90 said: Hi thanks for the reply, It was working fine until the certs expired three months in. I did upgrade my router to a OPNsense firewall. Will revert back to old router and see if that helps with renewing the certs. Or you could simply post your docker run command (in case you didn't. On phone and too lazy to scroll) and a screenshot of the port forwarding in your opnsense firewall. Quote Link to comment
jowi Posted September 6, 2019 Share Posted September 6, 2019 I just recieved an email from letsencrypt regarding renewal of certificates (e.g. for nextcloud). I followed SpaceInvaderOne's guide for installing LetsEncrypt but i don't recall installing any certificates, let alone renewing them? What do i need to do? Quote Link to comment
fachizel90 Posted September 6, 2019 Share Posted September 6, 2019 5 hours ago, saarg said: Or you could simply post your docker run command (in case you didn't. On phone and too lazy to scroll) and a screenshot of the port forwarding in your opnsense firewall. Do you mean the container logs? Apologies I'm not sure where to find the docker run command. Quote ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Australia/Sydney URL=duckdns.org SUBDOMAINS=1231eb,1231,1231cloud,1231collab,1231books,1231sonic EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d 1231eb.duckdns.org -d 1231.duckdns.org -d 1231cloud.duckdns.org -d 1231collab.duckdns.org -d 1231books.duckdns.org -d 1231sonic.duckdns.org E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx creating GeoIP2 database [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Screenshot of OPNsense port forward https://imgur.com/bBh90eV Thanks Alot Quote Link to comment
Squid Posted September 6, 2019 Share Posted September 6, 2019 1 hour ago, fachizel90 said: Do you mean the container logs? Apologies I'm not sure where to find the docker run command. Quote Link to comment
jowi Posted September 6, 2019 Share Posted September 6, 2019 8 hours ago, jowi said: I just recieved an email from letsencrypt regarding renewal of certificates (e.g. for nextcloud). I followed SpaceInvaderOne's guide for installing LetsEncrypt but i don't recall installing any certificates, let alone renewing them? What do i need to do? Looks like logging into the console of the letsencrypt docker and running the command 'certbot renew' did the trick. Quote Link to comment
aptalca Posted September 6, 2019 Share Posted September 6, 2019 35 minutes ago, jowi said: Looks like logging into the console of the letsencrypt docker and running the command 'certbot renew' did the trick. Or you could have read the instructions in the readme, which talks about renewals. We do not support running manual commands inside the container. You're on your own from this point on Quote Link to comment
jowi Posted September 6, 2019 Share Posted September 6, 2019 2 minutes ago, aptalca said: Or you could have read the instructions in the readme, which talks about renewals. We do not support running manual commands inside the container. You're on your own from this point on i forgot what a great community this is if you are not an autistic bearded linux freak with asperger from the 70s. Damn. well thanks for your ‘help’. Quote Link to comment
aptalca Posted September 6, 2019 Share Posted September 6, 2019 4 minutes ago, jowi said: i forgot what a great community this is if you are not an autistic bearded linux freak with asperger from the 70s. Damn. well thanks for your ‘help’. RTFM is universal; applies to people of all ages, genders and medical conditions. Quote Link to comment
ijuarez Posted September 6, 2019 Share Posted September 6, 2019 8 minutes ago, jowi said: i forgot what a great community this is if you are not an autistic bearded linux freak with asperger from the 70s. Damn. well thanks for your ‘help’. a linux freak with Asperger.....I have not met one yet.. put that on my bucket list. 1 Quote Link to comment
newillusions Posted September 7, 2019 Share Posted September 7, 2019 Hi all. Anybody able to help out with this issue? I added a new subdomain [I've successfully set up several others so far], and started getting this: dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 160, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw) File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 57, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 603, in urlopen chunked=chunked) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 843, in _validate_conn conn.connect() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 316, in connect conn = self._new_conn() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e) urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again')) During handling of the above exception, another exception occurred: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again')) Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file. cloudflare.ini hasn't been touched, but I re-verified the login / api info and it's still correct... any ideas? Quote Link to comment
FireFtw Posted September 7, 2019 Share Posted September 7, 2019 I'm having issues getting a few dockers set up. Booksonic is a strange one, here is my config server { listen 443 ssl; listen [::]:443 ssl; server_name booksonic.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_booksonic booksonic; proxy_pass http://$upstream_booksonic:4040; } } Which gives me this when I actually try and navigate to it Clicking on the link actually brings me to where I want to be the webUI for the docker has it set to http://10.0.0.10:4040/booksonic which gets redirected like it should, but how to set up the equivalent with nginx or a DNS config I don't know. Then we have gotify, which doesn't work at all. I just get a bad gateway. server { listen 443 ssl; listen [::]:443 ssl; server_name gotify.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_gotify gotify; proxy_pass http://$upstream_gotify:1400; } } This is regular docker container, not one that was setup for unraid. Not sure if that means there's something to set up that I don't know about. Quote Link to comment
aptalca Posted September 8, 2019 Share Posted September 8, 2019 18 hours ago, newillusions said: Hi all. Anybody able to help out with this issue? I added a new subdomain [I've successfully set up several others so far], and started getting this: dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 160, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw) File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 57, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 603, in urlopen chunked=chunked) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 843, in _validate_conn conn.connect() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 316, in connect conn = self._new_conn() File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e) urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again')) During handling of the above exception, another exception occurred: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x1483b7300400>: Failed to establish a new connection: [Errno -3] Try again')) Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file. cloudflare.ini hasn't been touched, but I re-verified the login / api info and it's still correct... any ideas? Update: this was solved on discord. Pihole / dns settings were preventing outgoing connection to letsencrypt servers 1 Quote Link to comment
MrGamecase Posted September 8, 2019 Share Posted September 8, 2019 8 hours ago, aptalca said: Update: this was solved on discord. Pihole / dns settings were preventing outgoing connection to letsencrypt servers Hi aptalca How was this resolved in the end as i'm currently struggling with the same thing... id like to use pihole for the entirety of my network... 1 Quote Link to comment
j0nnymoe Posted September 8, 2019 Share Posted September 8, 2019 1 hour ago, MrGamecase said: Hi aptalca How was this resolved in the end as i'm currently struggling with the same thing... id like to use pihole for the entirety of my network... Just make sure your unraid server isn't using the pihole DNS. 1 Quote Link to comment
bengele Posted September 9, 2019 Share Posted September 9, 2019 Hi all, is there a way to include: Latest NGINX Plus (no extra build steps required) or latest NGINX open source built with the --with-stream configuration flag i want to Reverse Proxy a Teamspeak. MFG Bengele Quote Link to comment
saarg Posted September 9, 2019 Share Posted September 9, 2019 39 minutes ago, bengele said: Hi all, is there a way to include: Latest NGINX Plus (no extra build steps required) or latest NGINX open source built with the --with-stream configuration flag i want to Reverse Proxy a Teamspeak. MFG Bengele It's built with stream. https://git.alpinelinux.org/aports/tree/main/nginx/APKBUILD?h=3.10-stable Quote Link to comment
Toobie Posted September 9, 2019 Share Posted September 9, 2019 Just make sure your unraid server isn't using the pihole DNS.Or at least check the query log.If the pihole is correctly configured, everything on the network goes over the pihole.So may the letsencrypt servers are blacklisted.Sent from my MI 6 using Tapatalk Quote Link to comment
j0nnymoe Posted September 9, 2019 Share Posted September 9, 2019 1 hour ago, Toobie said: Or at least check the query log. If the pihole is correctly configured, everything on the network goes over the pihole. So may the letsencrypt servers are blacklisted. Sent from my MI 6 using Tapatalk I believe the issue is actually when you run PiHole as a container with it's own IP, there are docker security features that stop docker macvlan IP's communicating with each other. So when you have Letencrypt on it's own net and Pihole on it's own ip, if unraid it setup to check pihole for dns, letsencrypt is able to talk to pihole. I always suggest to people if their wanting to run pihole/adguard on your network, run it from a dedicated device. Quote Link to comment
Toobie Posted September 9, 2019 Share Posted September 9, 2019 I believe the issue is actually when you run PiHole as a container with it's own IP, there are docker security features that stop docker macvlan IP's communicating with each other. So when you have Letencrypt on it's own net and Pihole on it's own ip, if unraid it setup to check pihole for dns, letsencrypt is able to talk to pihole. I always suggest to people if their wanting to run pihole/adguard on your network, run it from a dedicated device.Sorry my fault.I'm running pihole on a pi and predicted that it should be run dedicated.Sent from my MI 6 using Tapatalk Quote Link to comment
j0nnymoe Posted September 9, 2019 Share Posted September 9, 2019 26 minutes ago, Toobie said: Sorry my fault. I'm running pihole on a pi and predicted that it should be run dedicated. Sent from my MI 6 using Tapatalk Yea no worries - I've always ran PiHole/Adguard on a dedicated Pi aswell so never had this issue. Quote Link to comment
bonienl Posted September 9, 2019 Share Posted September 9, 2019 31 minutes ago, j0nnymoe said: I always suggest to people if their wanting to run pihole/adguard on your network, run it from a dedicated device. I have six pihole containers running, acting as the local DNS server for their designated network. This runs flawless (though I am not using letsencrypt) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.