xthursdayx Posted January 22, 2020 Share Posted January 22, 2020 I just just received an email from Letsencrypt telling me that I need to renew my certificate because it will expire in 19 days, however when I check my Letsencrypt logs I see this: <-------------------------------------------------> cronjob running on Tue Jan 21 02:08:00 EST 2020 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/my.site.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/my.site/fullchain.pem expires on 2020-04-16 (skipped) No renewals were attempted. No hooks were run. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Any suggestions for how I can figure out what's going on? Thanks. Quote Link to comment
aptalca Posted January 22, 2020 Share Posted January 22, 2020 19 minutes ago, xthursdayx said: /etc/letsencrypt/live/my.site/fullchain.pem expires on 2020-04-16 (skipped) That email means, "one of the certs that you received with that email address is expiring". In this case, it's not the cert that your server is currently using. Quote Link to comment
maestripieritimo Posted January 22, 2020 Share Posted January 22, 2020 Hello everybody, i wanted to install this container and it failed giving me the following error: 8c411aab6af9fba2f9d3d982c8ac842944fcf80c320d4f90cfe0a3f9c22d181e /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (0ca54bc2bc38d42e5657046a19a28e0acc414439f640a0cba7bf4b711ff43e10): Error starting userland proxy: listen tcp 0.0.0.0:445: bind: address already in use. Don't really know what's up or how to fix it, any suggestions would be greatly appreciated. i tried installing it on the bridge and on a custom network, both times same error. Thanks in advance, Timo Quote Link to comment
jrlee Posted January 22, 2020 Share Posted January 22, 2020 I am having a problem getting letsencrypt to work in Unraid. I followed the instruction provided on spaceinvader one video and I am getting this in the letsencrypt log: http-01 challenge for sflalife-bw.ddns.net http-01 challenge for sflalife.ddns.net Waiting for verification... Challenge failed for domain sflalife-bw.ddns.net Challenge failed for domain sflalife.ddns.net I am forwarding the following ports in pfsense: WAN HTTP (80) > Unraid server IP port 180 WAN HTTPS (443) > Unraid server IP port 1443 I am using a custom network ‘proxynet’ and I can see letsencrypt is getting an IP. I am using a VPN for my entire local network and have set up an alias for unraid to bypass the VPN and connect through the ISP provided public IP. I have pfblocker set up in pfsense which is used to block adds. I have tried disabling each on these services to see if they are the problem. I am using No-IP for my subdomains. When I ping my subdomain, it resolves to my current external IP number. I know I am missing something, I just can’t figure out what it is. Hopefully someone out there has a similar setup and has had success getting letsencrypt to work. Quote Link to comment
xthursdayx Posted January 23, 2020 Share Posted January 23, 2020 On 1/21/2020 at 7:43 PM, aptalca said: That email means, "one of the certs that you received with that email address is expiring". In this case, it's not the cert that your server is currently using. Ah okay, thanks. I was just a little concerned because it listed all of the domains/subdomains I certify through the Letsencrypt container, and I'd never received one of these emails over the last three or four years of using Letsencrypt. Quote Link to comment
manderso Posted January 24, 2020 Share Posted January 24, 2020 (edited) I've had this container running for some time, and until recently it's been fine. However, my certs now aren't being renewed. I'm being told that the cert I have assigned to my nextcloud instance has expired. I'm getting the following logs in my letsencrypt container: nginx: [emerg] still could not bind() nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) I hope someone can help with this. I'm not sure what to do. There are no other apps that are using 180/1443 on the unraid server. Edited January 24, 2020 by manderso Quote Link to comment
Kira Posted January 24, 2020 Share Posted January 24, 2020 (edited) I setup router port forwarding for letsencypt 80 > 8080 and 443 > 8443 I am using xxxx.ddns.net services I have also create a custom network "proxynet" The log file showing "Server Ready" but when I am trying to access my sites like next.ddns.net (example), I get error "The site can't be reach", "ERR_CONNECTION_RESET". I can ping next.ddns.net though What other information I need to provide? Please help Update: Found out the issue, it seems I cant resolved dyndns on the same network, anyone know how to solve this? Update 2: Fixed, CTF broke NAT loopback Edited January 24, 2020 by Kira Quote Link to comment
aptalca Posted January 24, 2020 Share Posted January 24, 2020 13 hours ago, manderso said: I've had this container running for some time, and until recently it's been fine. However, my certs now aren't being renewed. I'm being told that the cert I have assigned to my nextcloud instance has expired. I'm getting the following logs in my letsencrypt container: nginx: [emerg] still could not bind() nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) nginx: [emerg] bind() to [::]:443 failed (98: Address in use) I hope someone can help with this. I'm not sure what to do. There are no other apps that are using 180/1443 on the unraid server. Did you change it to host networking? Because right now nginx isn't even starting. You said "I'm being told that the cert. . . has expired". Who told you that? Email or browser? Quote Link to comment
sse450 Posted January 24, 2020 Share Posted January 24, 2020 Onlyoffice DS docker needs the certificates installed in /mnt/user/appdata/onlyofficeds/Data/certs folder. I copied the certs from letsencrypt to this folder. It works. But, I need to find a way to automate the certs from LE docker as the static LE certs in onlyoffice docker will expire in max. 3 months. How can I do that? Does a symbolic link to LE certs work? Or should I set a cron job to copy LE certs everyday? Thanks. Quote Link to comment
manderso Posted January 24, 2020 Share Posted January 24, 2020 4 hours ago, aptalca said: Did you change it to host networking? Because right now nginx isn't even starting. You said "I'm being told that the cert. . . has expired". Who told you that? Email or browser? That came from nextcloud that said my cert had expired. And I haven't changed any settings, including networking. I had followed spaceinvaders guide for setting up nextcloud behind a letsencrypt cert, and that's using a proxynet network I setup for this purpose. Quote Link to comment
saarg Posted January 24, 2020 Share Posted January 24, 2020 1 hour ago, manderso said: That came from nextcloud that said my cert had expired. And I haven't changed any settings, including networking. I had followed spaceinvaders guide for setting up nextcloud behind a letsencrypt cert, and that's using a proxynet network I setup for this purpose. What do you mean by nextcloud told you? Quote Link to comment
izarkhin Posted January 25, 2020 Share Posted January 25, 2020 (edited) 23 hours ago, Kira said: I setup router port forwarding for letsencypt 80 > 8080 and 443 > 8443 I am using xxxx.ddns.net services I have also create a custom network "proxynet" The log file showing "Server Ready" but when I am trying to access my sites like next.ddns.net (example), I get error "The site can't be reach", "ERR_CONNECTION_RESET". I can ping next.ddns.net though What other information I need to provide? Please help Update: Found out the issue, it seems I cant resolved dyndns on the same network, anyone know how to solve this? Update 2: Fixed, CTF broke NAT loopback How did you fix it exactly? I'm having the same issue. Update: issue fixed. Thank you for pointing to CTF being the root cause! I've been fiddling with my router settings for almost 3 weeks now Edited January 25, 2020 by izarkhin Quote Link to comment
aptalca Posted January 25, 2020 Share Posted January 25, 2020 15 hours ago, sse450 said: Onlyoffice DS docker needs the certificates installed in /mnt/user/appdata/onlyofficeds/Data/certs folder. I copied the certs from letsencrypt to this folder. It works. But, I need to find a way to automate the certs from LE docker as the static LE certs in onlyoffice docker will expire in max. 3 months. How can I do that? Does a symbolic link to LE certs work? Or should I set a cron job to copy LE certs everyday? Thanks. It's explained in the readme Quote Link to comment
phyzical Posted January 25, 2020 Share Posted January 25, 2020 Hey again! is there any references you can provide in regards to php-fpm setup. Or is this out of the scope of the docker configs and just requires manually connecting to the box and adding the appropriate confs fpm side? Thanks! Quote Link to comment
manderso Posted January 25, 2020 Share Posted January 25, 2020 23 hours ago, saarg said: What do you mean by nextcloud told you? Looking at page information, on the security tab in firefox, for my nextcloud page, I see Verified by: Let's Encrypt, Expires on: December 28, 2019. Quote Link to comment
aptalca Posted January 25, 2020 Share Posted January 25, 2020 4 hours ago, phyzical said: Hey again! is there any references you can provide in regards to php-fpm setup. Or is this out of the scope of the docker configs and just requires manually connecting to the box and adding the appropriate confs fpm side? Thanks! What are you trying to do? Php is already set up and ready to go. The default nginx site config has a php block that works out of the box for the main server block. Quote Link to comment
phyzical Posted January 26, 2020 Share Posted January 26, 2020 4 hours ago, aptalca said: What are you trying to do? Php is already set up and ready to go. The default nginx site config has a php block that works out of the box for the main server block. hey sorry, yeah i saw there was a www block but im trying to add additional apps Quote Link to comment
saarg Posted January 26, 2020 Share Posted January 26, 2020 15 hours ago, manderso said: Looking at page information, on the security tab in firefox, for my nextcloud page, I see Verified by: Let's Encrypt, Expires on: December 28, 2019. Did you copy the certificate from the letsencrypt container to the Nextcloud container? If you are using reverse proxy, check what the browser says about the certificate. Quote Link to comment
aptalca Posted January 26, 2020 Share Posted January 26, 2020 15 hours ago, phyzical said: hey sorry, yeah i saw there was a www block but im trying to add additional apps Just replicate that php block for any server blocks you need Quote Link to comment
blackpanther989 Posted January 26, 2020 Share Posted January 26, 2020 (edited) Is there a way to get this container to request multiple certs for different domains. not adding an extra domain to the main cert. IE: 1 cert per domain. with wildcards? Edited January 26, 2020 by blackpanther989 Quote Link to comment
aptalca Posted January 26, 2020 Share Posted January 26, 2020 1 hour ago, blackpanther989 said: Is there a way to get this container to request multiple certs for different domains. not adding an extra domain to the main cert. IE: 1 cert per domain. with wildcards? No Quote Link to comment
phyzical Posted January 27, 2020 Share Posted January 27, 2020 8 hours ago, aptalca said: Just replicate that php block for any server blocks you need i figured it was that simple but the part that i dont know is how does each block line up with a particular app. but.. now that i think about it, what i remember from when i used guis ispconfig ect. The blocks line up with a user not a nginx server directive. or am i wrong on that? thanks! Quote Link to comment
aptalca Posted January 27, 2020 Share Posted January 27, 2020 2 hours ago, phyzical said: i figured it was that simple but the part that i dont know is how does each block line up with a particular app. but.. now that i think about it, what i remember from when i used guis ispconfig ect. The blocks line up with a user not a nginx server directive. or am i wrong on that? thanks! ?? Php-fpm is just a processor. Your index file and root directive tell nginx where the necessary files are. When php files are called, they are sent to the processor. What exactly are you trying to accomplish here? What are these apps you're referring to? Quote Link to comment
phyzical Posted January 27, 2020 Share Posted January 27, 2020 46 minutes ago, aptalca said: ?? Php-fpm is just a processor. Your index file and root directive tell nginx where the necessary files are. When php files are called, they are sent to the processor. What exactly are you trying to accomplish here? What are these apps you're referring to? so what i mean is i want to have a seperate pool per nginx server directive. so one pool for be website-a and another for website-b. im just trying to acheive separation of envs through php-fpm. so i add a new pool for [website-a] how does it line up with website-a server directive sorry if my not being clear enough thanks! Quote Link to comment
sse450 Posted January 27, 2020 Share Posted January 27, 2020 On 1/25/2020 at 8:16 AM, aptalca said: It's explained in the readme @aptalca , thank you for indicating the readme file. I successfully mounted LE config folder to onlyoffice docker. Howver, I still need to present the certs in the filenames onlyoffice required onlyoffice.crt, onlyoffice.key. Should I use "ln -s" or create a cron job to copy LE certs in the filenames required? I would appreciate any advice. Thank you. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.