Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

I just just received an email from Letsencrypt telling me that I need to renew my certificate because it will expire in 19 days, however when I check my Letsencrypt logs I see this:

<------------------------------------------------->
cronjob running on Tue Jan 21 02:08:00 EST 2020
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/my.site.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/my.site/fullchain.pem expires on 2020-04-16 (skipped)
No renewals were attempted.
No hooks were run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Any suggestions for how I can figure out what's going on? Thanks.  

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

19 minutes ago, xthursdayx said:

/etc/letsencrypt/live/my.site/fullchain.pem expires on 2020-04-16 (skipped)

 

That email means, "one of the certs that you received with that email address is expiring". In this case, it's not the cert that your server is currently using.

Hello everybody,

 

i wanted to install this container and it failed giving me the following error:

8c411aab6af9fba2f9d3d982c8ac842944fcf80c320d4f90cfe0a3f9c22d181e
/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (0ca54bc2bc38d42e5657046a19a28e0acc414439f640a0cba7bf4b711ff43e10): Error starting userland proxy: listen tcp 0.0.0.0:445: bind: address already in use.

Don't really know what's up or how to fix it, any suggestions would be greatly appreciated.

i tried installing it on the bridge and on a custom network, both times same error.

Thanks in advance,

Timo

 

I am having a problem getting letsencrypt to work in Unraid. I followed the instruction provided on spaceinvader one video and I am getting this in the letsencrypt log:

http-01 challenge for sflalife-bw.ddns.net
http-01 challenge for sflalife.ddns.net
Waiting for verification...
Challenge failed for domain sflalife-bw.ddns.net
Challenge failed for domain sflalife.ddns.net

 

I am forwarding the following ports in pfsense:

WAN HTTP (80) > Unraid server IP port 180

WAN HTTPS (443) > Unraid server IP port 1443

 

I am using a custom network ‘proxynet’ and I can see letsencrypt is getting an IP.

I am using a VPN for my entire local network and have set up an alias for unraid to bypass the VPN and connect through the ISP provided public IP.

I have pfblocker set up in pfsense which is used to block adds.

I have tried disabling each on these services to see if they are the problem.

I am using No-IP for my subdomains. When I ping my subdomain, it resolves to my current external IP number.

I know I am missing something, I just can’t figure out what it is.

Hopefully someone out there has a similar setup and has had success getting letsencrypt to work.

On 1/21/2020 at 7:43 PM, aptalca said:

 

That email means, "one of the certs that you received with that email address is expiring". In this case, it's not the cert that your server is currently using.

Ah okay, thanks. I was just a little concerned because it listed all of the domains/subdomains I certify through the Letsencrypt container, and I'd never received one of these emails over the last three or four years of using Letsencrypt. 

I've had this container running for some time, and until recently it's been fine. However, my certs now aren't being renewed. I'm being told that the cert I have assigned to my nextcloud instance has expired. I'm getting the following logs in my letsencrypt container:

nginx: [emerg] still could not bind()
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)

I hope someone can help with this. I'm not sure what to do. There are no other apps that are using 180/1443 on the unraid server.

Edited by manderso

I setup router port forwarding for letsencypt 80 > 8080 and 443 > 8443

I am using xxxx.ddns.net services

I have also create a custom network "proxynet"

The log file showing "Server Ready"

 

but when I am trying to access my sites like next.ddns.net (example), I get error "The site can't be reach", "ERR_CONNECTION_RESET". I can ping next.ddns.net though

 

What other information I need to provide? Please help

 

Update:

Found out the issue, it seems I cant resolved dyndns on the same network, anyone know how to solve this?

 

Update 2:

Fixed, CTF broke NAT loopback

Edited by Kira

13 hours ago, manderso said:

I've had this container running for some time, and until recently it's been fine. However, my certs now aren't being renewed. I'm being told that the cert I have assigned to my nextcloud instance has expired. I'm getting the following logs in my letsencrypt container:


nginx: [emerg] still could not bind()
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)

I hope someone can help with this. I'm not sure what to do. There are no other apps that are using 180/1443 on the unraid server.

Did you change it to host networking?

Because right now nginx isn't even starting.

 

You said "I'm being told that the cert. . . has expired". Who told you that? Email or browser?

Onlyoffice DS docker needs the certificates installed in /mnt/user/appdata/onlyofficeds/Data/certs folder. I copied the certs from letsencrypt to this folder. It works. But, I need to find a way to automate the certs from LE docker as the static LE certs in onlyoffice docker will expire in max. 3 months. How can I do that? Does a symbolic link to LE certs work? Or should I set a cron job to copy LE certs everyday?

Thanks.

4 hours ago, aptalca said:

Did you change it to host networking?

Because right now nginx isn't even starting.

 

You said "I'm being told that the cert. . . has expired". Who told you that? Email or browser?

That came from nextcloud that said my cert had expired.

And I haven't changed any settings, including networking. I had followed spaceinvaders guide for setting up nextcloud behind a letsencrypt cert, and that's using a proxynet network I setup for this purpose.

1 hour ago, manderso said:

That came from nextcloud that said my cert had expired.

And I haven't changed any settings, including networking. I had followed spaceinvaders guide for setting up nextcloud behind a letsencrypt cert, and that's using a proxynet network I setup for this purpose.

What do you mean by nextcloud told you?

23 hours ago, Kira said:

I setup router port forwarding for letsencypt 80 > 8080 and 443 > 8443

I am using xxxx.ddns.net services

I have also create a custom network "proxynet"

The log file showing "Server Ready"

 

but when I am trying to access my sites like next.ddns.net (example), I get error "The site can't be reach", "ERR_CONNECTION_RESET". I can ping next.ddns.net though

 

What other information I need to provide? Please help

 

Update:

Found out the issue, it seems I cant resolved dyndns on the same network, anyone know how to solve this?

 

Update 2:

Fixed, CTF broke NAT loopback

How did you fix it exactly? I'm having the same issue.

 

Update: issue fixed. Thank you for pointing to CTF being the root cause! I've been fiddling with my router settings for almost 3 weeks now :)

Edited by izarkhin

15 hours ago, sse450 said:

Onlyoffice DS docker needs the certificates installed in /mnt/user/appdata/onlyofficeds/Data/certs folder. I copied the certs from letsencrypt to this folder. It works. But, I need to find a way to automate the certs from LE docker as the static LE certs in onlyoffice docker will expire in max. 3 months. How can I do that? Does a symbolic link to LE certs work? Or should I set a cron job to copy LE certs everyday?

Thanks.

It's explained in the readme

Hey again!

 

is there any references you can provide in regards to php-fpm setup.

 

Or is this out of the scope of the docker configs and just requires manually connecting to the box and adding the appropriate confs fpm side?

 

Thanks!

23 hours ago, saarg said:

What do you mean by nextcloud told you?

Looking at page information, on the security tab in firefox, for my nextcloud page, I see

Verified by: Let's Encrypt,

Expires on: December 28, 2019.

4 hours ago, phyzical said:

Hey again!

 

is there any references you can provide in regards to php-fpm setup.

 

Or is this out of the scope of the docker configs and just requires manually connecting to the box and adding the appropriate confs fpm side?

 

Thanks!

What are you trying to do?

 

Php is already set up and ready to go. The default nginx site config has a php block that works out of the box for the main server block.

4 hours ago, aptalca said:

What are you trying to do?

 

Php is already set up and ready to go. The default nginx site config has a php block that works out of the box for the main server block.

hey

 

sorry, yeah i saw there was a www block but im trying to add additional apps

15 hours ago, manderso said:

Looking at page information, on the security tab in firefox, for my nextcloud page, I see

Verified by: Let's Encrypt,

Expires on: December 28, 2019.

Did you copy the certificate from the letsencrypt container to the Nextcloud container?

If you are using reverse proxy, check what the browser says about the certificate.

15 hours ago, phyzical said:

hey

 

sorry, yeah i saw there was a www block but im trying to add additional apps

Just replicate that php block for any server blocks you need

Is there a way to get this container to request multiple certs for different domains.  not adding an extra domain to the main cert.

 

IE: 1 cert per domain. with wildcards?

Edited by blackpanther989

1 hour ago, blackpanther989 said:

Is there a way to get this container to request multiple certs for different domains.  not adding an extra domain to the main cert.

 

IE: 1 cert per domain. with wildcards?

No

8 hours ago, aptalca said:

Just replicate that php block for any server blocks you need

i figured it was that simple but the part that i dont know is how does each block line up with a particular app.

 

but.. now that i think about it, what i remember from when i used guis ispconfig ect. The blocks line up with a user not a nginx server directive.

 

or am i wrong on that?

 

thanks!

2 hours ago, phyzical said:

i figured it was that simple but the part that i dont know is how does each block line up with a particular app.

 

but.. now that i think about it, what i remember from when i used guis ispconfig ect. The blocks line up with a user not a nginx server directive.

 

or am i wrong on that?

 

thanks!

?? Php-fpm is just a processor. Your index file and root directive tell nginx where the necessary files are. When php files are called, they are sent to the processor.

 

What exactly are you trying to accomplish here? What are these apps you're referring to?

46 minutes ago, aptalca said:

?? Php-fpm is just a processor. Your index file and root directive tell nginx where the necessary files are. When php files are called, they are sent to the processor.

 

What exactly are you trying to accomplish here? What are these apps you're referring to?

so what i mean is i want to have a seperate pool per nginx server directive. so one pool for be website-a and another for website-b. im just trying to acheive separation of envs through php-fpm.

 

so i add a new pool for [website-a] how does it line up with website-a server directive

 

sorry if my not being clear enough

 

thanks!

On 1/25/2020 at 8:16 AM, aptalca said:

It's explained in the readme

@aptalca , thank you for indicating the readme file. I successfully mounted LE config folder to onlyoffice docker. Howver, I still need to present the certs in the filenames onlyoffice required onlyoffice.crt, onlyoffice.key. Should I use "ln -s" or create a cron job to copy LE certs in the filenames required?

 

I would appreciate any advice. Thank you.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.