stFfn Posted June 22, 2021 Share Posted June 22, 2021 Hey, are there any swag experts out there that are willing to help me? I had my whole system working with swag and i could access my docker over cloudflare and it worked perfectly. after i had a problem with my VPN i deleted my portforwarding settings in my Router (Fritzbox) and redid them. after i recreated my portforwarding settings northing worked anymore. and i dont know why. when i open up a port for a docker directly it works with my static IP. But i want to use Cloudflare to give my selfe a bit more safety. if anyone can wants to help me we could talk in discord. i dont want to clutter this thread any more 😃 Thank You Quote Link to comment
stFfn Posted June 23, 2021 Share Posted June 23, 2021 is noone here firm with swag to help? 😕 I´m really stuck and need some help 😕 Quote Link to comment
Melawen Posted June 23, 2021 Share Posted June 23, 2021 Does rather seem that way at the moment unfortunately. I'm relatively new to Unraid but notice the group do seem to put out a fair amount of dockers (and probably have real jobs too) so hopefully we'll get some responses when they have time. Quote Link to comment
alturismo Posted June 24, 2021 Share Posted June 24, 2021 10 hours ago, stFfn said: is noone here firm with swag to help? 😕 I´m really stuck and need some help 😕 may either start posting here how your setup is or revert your changes as its been working before as you statet. using cloudflare with swag there is in the end only 1 port forwarding in your router necessary, so not much to help there ... external 443 to your swag ssl port, thats it. if you want help in discord, there are 2 active discords, community one and official one, did you try there ? Quote Link to comment
stFfn Posted June 24, 2021 Share Posted June 24, 2021 3 hours ago, alturismo said: may either start posting here how your setup is or revert your changes as its been working before as you statet. using cloudflare with swag there is in the end only 1 port forwarding in your router necessary, so not much to help there ... external 443 to your swag ssl port, thats it. if you want help in discord, there are 2 active discords, community one and official one, did you try there ? Hey i didnt know there are 2 communitys i could ask. where can i find them? i´ve reverted the changes i made but it didnt fix anything.. and yes i know i only have to open that one port... but that didnt do anything. thats why im writing here As you can See i even opened 443 and 1443 i dont know what elese to do Quote Link to comment
alturismo Posted June 24, 2021 Share Posted June 24, 2021 as it looks like your docker is listening on port 1443, you should forward external 443 to swag 1443, remove the 1443 forward and may post a screen from your forwarding rule. like this Quote Link to comment
NLS Posted June 24, 2021 Share Posted June 24, 2021 (edited) A few questions pls. My data: - I have my own domain, but a dynamic IP. - My hosting provider/domain registrar, seems to provide certification for my domains, although I haven't used it yet. - I am currently using no-IP but I want to get off that service (as it needs manual intervention once a month or so) and also have duckdns. - Right now on my registrar DNS service, I set CNAME for my server services with my domain that all go to my no-ip DNS. As I said I prefer to move this to duckdns. Questions: 1) a) Can I configure SWAG both to refresh my duckdns (so not to use an additional container for that) AND provide letsencrypt certificates for my real domain? (and subdomains) b) What is the correct config for that? 2) If I decide to use my domain host issued certs INSTEAD of letsencrypt, can SWAG help me with that (or is there something to be careful when configuring SWAG)? 3) Can NGINX rewrite URL that leads to subdomains or paths, irrelevant if the requested URL points to subdomain or path? Two examples: - User wants to go to https://myservice.mydomain.com... my provider DNS finds a CNAME to mydomain.duckdns.org (and all URL CNAME to same) and this reaches SWAG... can it point this to a service on myserver with https://internaldomain/myservice or https://myservice.internaldomain? - Erm... the opposite. User wants to go to https://remote.mydomain.com/myservice... my provider CNAMEs remote.mydomain.com again to mydomain.duckdns.org. Can then SWAG rewrite this as https://internaldomain/myservice or https://myservice.internaldomain? EDIT: Note on examples above. I personally prefer for user to use https://myservice.mydomain.com notation (and appropriate DNS entry) than using a folder path, EVEN if end service requires folder path (like /webtop for example). EDIT #2: 4) Is there appropriate documentation for the unRAID "version" of the container? (cannot look 222 pages) Also does unRAID "version" support zeroSSL like the "plain" container? Thanks. (please quote if replying to me and use numbers if possible) Edited June 24, 2021 by NLS Quote Link to comment
stFfn Posted June 24, 2021 Share Posted June 24, 2021 1 hour ago, alturismo said: as it looks like your docker is listening on port 1443, you should forward external 443 to swag 1443, remove the 1443 forward and may post a screen from your forwarding rule. like this wow thanks.. im an idiot... -.- that was it. jesus Quote Link to comment
stFfn Posted June 24, 2021 Share Posted June 24, 2021 1 hour ago, NLS said: A few questions pls. My data: - I have my own domain, but a dynamic IP. - My hosting provider/domain registrar, seems to provide certification for my domains, although I haven't used it yet. - I am currently using no-IP but I want to get off that service (as it needs manual intervention once a month or so) and also have duckdns. - Right now on my registrar DNS service, I set CNAME for my server services with my domain that all go to my no-ip DNS. As I said I prefer to move this to duckdns. Questions: 1) a) Can I configure SWAG both to refresh my duckdns (so not to use an additional container for that) AND provide letsencrypt certificates for my real domain? (and subdomains) b) What is the correct config for that? 2) If I decide to use my domain host issued certs INSTEAD of letsencrypt, can SWAG help me with that (or is there something to be careful when configuring SWAG)? 3) Can NGINX rewrite URL that leads to subdomains or paths, irrelevant if the requested URL points to subdomain or path? Two examples: - User wants to go to https://myservice.mydomain.com... my provider DNS finds a CNAME to mydomain.duckdns.org (and all URL CNAME to same) and this reaches SWAG... can it point this to a service on myserver with https://internaldomain/myservice or https://myservice.internaldomain? - Erm... the opposite. User wants to go to https://remote.mydomain.com/myservice... my provider CNAMEs remote.mydomain.com again to mydomain.duckdns.org. Can then SWAG rewrite this as https://internaldomain/myservice or https://myservice.internaldomain? EDIT: Note on examples above. I personally prefer for user to use https://myservice.mydomain.com notation (and appropriate DNS entry) than using a folder path, EVEN if end service requires folder path (like /webtop for example). EDIT #2: 4) Is there appropriate documentation for the unRAID "version" of the container? (cannot look 222 pages) Also does unRAID "version" support zeroSSL like the "plain" container? Thanks. (please quote if replying to me and use numbers if possible) hey sorry i didnt read everything you wrote.. but if you dont have a static IP you could use cloudflare + a cloudflare docker to tell cloudflare your current IP. i think there are some tutorials on youtube on that. and spaceinvaders one ´s youtube videos on letsencrypt + swag help alot with that Quote Link to comment
saarg Posted June 24, 2021 Share Posted June 24, 2021 On 6/23/2021 at 7:57 PM, stFfn said: is noone here firm with swag to help? 😕 I´m really stuck and need some help 😕 On 6/23/2021 at 8:49 PM, Melawen said: Does rather seem that way at the moment unfortunately. I'm relatively new to Unraid but notice the group do seem to put out a fair amount of dockers (and probably have real jobs too) so hopefully we'll get some responses when they have time. We don't read much here anymore. If you want help, you can either use our discourse forum or Discord server. https://www.linuxserver.io/support Quote Link to comment
stFfn Posted June 24, 2021 Share Posted June 24, 2021 1 minute ago, saarg said: We don't read much here anymore. If you want help, you can either use our discourse forum or Discord server. https://www.linuxserver.io/support its all good. i got it fixed 😃 someone helped me. ty 😃 Quote Link to comment
Cytomax Posted June 26, 2021 Share Posted June 26, 2021 I want to start by saying letsencrypt/swag is amazing and i have been running it successfully for the last couple years.... i usually update every few weeks or so... i ran an update today like normal... no recent config changes... and the container keeps crashing... i backed up the container and made a new folder to start from scratch and the container keeps crashing.... Here are the logs... no idea what to do now.... ------------------------------------- swag | _ () swag | | | ___ _ __ swag | | | / __| | | / \ swag | | | \__ \ | | | () | swag | |_| |___/ |_| \__/ swag | swag | swag | Brought to you by linuxserver.io swag | ------------------------------------- swag | swag | To support the app dev(s) visit: swag | Certbot: https://supporters.eff.org/donate/support-work-on-certbot swag | swag | To support LSIO projects visit: swag | https://www.linuxserver.io/donate/ swag | ------------------------------------- swag | GID/UID swag | ------------------------------------- swag | swag | User uid: 1000 swag | User gid: 1000 swag | ------------------------------------- swag | swag | [cont-init.d] 10-adduser: exited 0. swag | [cont-init.d] 20-config: executing... swag | [cont-init.d] 20-config: exited 0. swag | [cont-init.d] 30-keygen: executing... swag | using keys found in /config/keys swag | [cont-init.d] 30-keygen: exited 0. swag | [cont-init.d] 50-config: executing... swag | Variables set: swag | PUID=1000 swag | PGID=1000 swag | TZ=America/New_York swag | URL=*MY MAIN DOMAIN* swag | SUBDOMAINS=*QUICK EDIT* swag | EXTRA_DOMAINS= swag | ONLY_SUBDOMAINS=false swag | VALIDATION=dns swag | CERTPROVIDER= swag | DNSPLUGIN=cloudflare swag | EMAIL=*QUICK EDIT MY EMAIL IS HERE* swag | STAGING=false swag | swag | Using Let's Encrypt as the cert provider swag | SUBDOMAINS entered, processing swag | SUBDOMAINS entered, processing swag | Sub-domains processed are: *QUICK EDIT THERE ARE LOTS OF SUBDOMAINS* swag | E-mail address entered: *QUICK EDIT MY EMAIL IS THERE* swag | dns validation via cloudflare plugin is selected swag | Certificate exists; parameters unchanged; starting nginx swag | Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, swag | and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. swag | [cont-init.d] 50-config: exited 0. swag | [cont-init.d] 60-renew: executing... swag | The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). swag | [cont-init.d] 60-renew: exited 0. swag | [cont-init.d] 70-templates: executing... swag | [cont-init.d] 70-templates: exited 0. swag | [cont-init.d] 90-custom-folders: executing... swag | chown: changing ownership of '/config/custom-cont-init.d': Operation not permitted swag | chown: changing ownership of '/config/custom-services.d': Operation not permitted swag | [cont-init.d] 90-custom-folders: exited 1. swag | [cont-finish.d] executing container finish scripts... swag | [cont-finish.d] done. swag | [s6-finish] waiting for services. swag | [s6-finish] sending all processes the TERM signal. swag | [s6-finish] sending all processes the KILL signal and exiting. swag exited with code 1 Quote Link to comment
saarg Posted June 26, 2021 Share Posted June 26, 2021 25 minutes ago, Cytomax said: I want to start by saying letsencrypt/swag is amazing and i have been running it successfully for the last couple years.... i usually update every few weeks or so... i ran an update today like normal... no recent config changes... and the container keeps crashing... i backed up the container and made a new folder to start from scratch and the container keeps crashing.... Here are the logs... no idea what to do now.... ------------------------------------- swag | _ () swag | | | ___ _ __ swag | | | / __| | | / \ swag | | | \__ \ | | | () | swag | |_| |___/ |_| \__/ swag | swag | swag | Brought to you by linuxserver.io swag | ------------------------------------- swag | swag | To support the app dev(s) visit: swag | Certbot: https://supporters.eff.org/donate/support-work-on-certbot swag | swag | To support LSIO projects visit: swag | https://www.linuxserver.io/donate/ swag | ------------------------------------- swag | GID/UID swag | ------------------------------------- swag | swag | User uid: 1000 swag | User gid: 1000 swag | ------------------------------------- swag | swag | [cont-init.d] 10-adduser: exited 0. swag | [cont-init.d] 20-config: executing... swag | [cont-init.d] 20-config: exited 0. swag | [cont-init.d] 30-keygen: executing... swag | using keys found in /config/keys swag | [cont-init.d] 30-keygen: exited 0. swag | [cont-init.d] 50-config: executing... swag | Variables set: swag | PUID=1000 swag | PGID=1000 swag | TZ=America/New_York swag | URL=*MY MAIN DOMAIN* swag | SUBDOMAINS=*QUICK EDIT* swag | EXTRA_DOMAINS= swag | ONLY_SUBDOMAINS=false swag | VALIDATION=dns swag | CERTPROVIDER= swag | DNSPLUGIN=cloudflare swag | EMAIL=*QUICK EDIT MY EMAIL IS HERE* swag | STAGING=false swag | swag | Using Let's Encrypt as the cert provider swag | SUBDOMAINS entered, processing swag | SUBDOMAINS entered, processing swag | Sub-domains processed are: *QUICK EDIT THERE ARE LOTS OF SUBDOMAINS* swag | E-mail address entered: *QUICK EDIT MY EMAIL IS THERE* swag | dns validation via cloudflare plugin is selected swag | Certificate exists; parameters unchanged; starting nginx swag | Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, swag | and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. swag | [cont-init.d] 50-config: exited 0. swag | [cont-init.d] 60-renew: executing... swag | The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). swag | [cont-init.d] 60-renew: exited 0. swag | [cont-init.d] 70-templates: executing... swag | [cont-init.d] 70-templates: exited 0. swag | [cont-init.d] 90-custom-folders: executing... swag | chown: changing ownership of '/config/custom-cont-init.d': Operation not permitted swag | chown: changing ownership of '/config/custom-services.d': Operation not permitted swag | [cont-init.d] 90-custom-folders: exited 1. swag | [cont-finish.d] executing container finish scripts... swag | [cont-finish.d] done. swag | [s6-finish] waiting for services. swag | [s6-finish] sending all processes the TERM signal. swag | [s6-finish] sending all processes the KILL signal and exiting. swag exited with code 1 Are you using unraid? It doesn't look like you are and then this is not the place for support. The container doesn't crash, it's stopped by something. Quote Link to comment
Cytomax Posted June 26, 2021 Share Posted June 26, 2021 (edited) Sorry i thought this was for all the linuxserver.io containers... im just running it in a manjaro box using docker... So i figured it out... 1.16.0-ls67 and 1.16.0-ls68 dont work for me 1.16.0-ls66 does work for me... Something changed between 1.16.0-ls66 and 1.16.0-ls67 that causes the container to crash Hopefully its just me and its not some bigger problem... Edited June 26, 2021 by Cytomax Quote Link to comment
Melawen Posted June 26, 2021 Share Posted June 26, 2021 (edited) On 6/13/2021 at 3:46 PM, Melawen said: Hi, I've been tinkering around with SWAG today to set up a couple of Docker instances and a VM. After watching SpaceInvader One's YouTube video I've changed my router to now point to the Unraid server instead of the VM and both the Docker instances work, but I'm really struggling with the VM. I have, for a number of years, been using Mail-in-a-Box (https://mailinabox.email/) as my personal mail server on a Ubuntu VM. It works really well and also has inbuilt letsencrypt to automate certificate renewal. Obviously SWAG does this too, but I don't want to mess around with the VM config and break things. I've been reading through this thread and trying to get it working, but I'm just stumped as nothing I do seems to work (which means I'm obviously not doing something right)! For info, MiaB uses box.domain.com as its default and also manages the webserver at www.domain.com. It also has an inbuilt DNS server which you point to from your registrar. The comments I keep seeing from everyone is to change the app to an IP instead of a server name, so this is what my current config file looks like that I've copied from the _template.subdomain.conf and named mail.subdomain.conf. server { listen 443 ssl; listen [::]:443 ssl; server_name mail.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 192.168.1.210; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } I haven't added anything to the SWAG Docker settings other than the initial settings to add the subdomains for the Docker instances, and I'm not sure what or where I should change there (if anything) if I don't want SWAG to manage the letsencrypt certificates for the mail server. Help, please OK, so I've managed to get slightly further with this, but it still doesn't work properly. My VM has a capital M for Mail, so I've changed the server_name to Mail.* and can now get to domain.com or even box.domain.com, but if I try to visit any of the other pages on the website (domain.com/games.html for instance) I get the security error. The same goes for the webmail at box.domain.com/mail. Even worse, if I try www.domain.com it goes straight to the Unraid web frontend. Additionally, Thunderbird keeps popping up with certificate errors asking me to add an exception. I'm not sure what I'm doing wrong. Every place where I see people talk about this, they say all you have to change is the upstream_app to the IP address, and this clearly doesn't seem to be the case. [Edit] Ignore the Unraid web frontend bit. I forgot to change port 80 to the alternate port for SWAG in my router port forwarding. www.domain.com now just gives the same certificate error that all the other pages do. Edited June 26, 2021 by Melawen Quote Link to comment
saarg Posted June 26, 2021 Share Posted June 26, 2021 (edited) 2 hours ago, Cytomax said: Sorry i thought this was for all the linuxserver.io containers... im just running it in a manjaro box using docker... So i figured it out... 1.16.0-ls67 and 1.16.0-ls68 dont work for me 1.16.0-ls66 does work for me... Something changed between 1.16.0-ls66 and 1.16.0-ls67 that causes the container to crash Hopefully its just me and its not some bigger problem... https://linuxserver.io/support Edited June 26, 2021 by saarg Quote Link to comment
Unrayed Posted June 27, 2021 Share Posted June 27, 2021 Hi all, Basic setup is Unraid 6.9.2 with the Swag docker installed and running away perfectly (I use it for a reverse proxy for my family to use Unraid, having followed SpaceInvaderOne's guide to set up.) The docker itself works perfectly, My family and I can access my Emby library from on and off the lan (duckdns used also.) However, I received an email recently from [email protected], stating my Swag certificates were expiring soon. My server turns off every evening at midnight, and starts back up every day at 16:00, so having googled this problem, most advice was that simply restarting the Swag docker would renew the certs (obviously this isn't happening for me, as my whole server restarts daily.) I found some info which allowed me to renew my certificates manually, by using the following instructions: Open console for the specific docker (Swag) by clicking the docker name, and then choosing the console. Type: certbot renew ^^ This seems to have resolved the issue of the cert not renewing automatically. However I'm concerned that I'll have to do this every few months & maybe forget altogether. So my question is this, how on earth can I automate the renewal myself? I can access the terminal through the Unraid GUI, but after that I'm lost. I'm comfortable typing in commands, but automating this process is a step beyond my knowledge. I have the User Scripts plugin installed, and I use this to shutdown my system every night. As for how I'd use this plugin though to automate cert renewal, I'm not sure. I think I'd have to write a script, and then point to that script in the plugin & then set the schedule? Can anyone help? EDIT: This is from my Swag docker log [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. So perhaps the docker is set to renew automatically at 02:08 - and therein lies the problem because my Server is offline at that time? Quote Link to comment
saarg Posted June 27, 2021 Share Posted June 27, 2021 9 hours ago, Unrayed said: Hi all, Basic setup is Unraid 6.9.2 with the Swag docker installed and running away perfectly (I use it for a reverse proxy for my family to use Unraid, having followed SpaceInvaderOne's guide to set up.) The docker itself works perfectly, My family and I can access my Emby library from on and off the lan (duckdns used also.) However, I received an email recently from [email protected], stating my Swag certificates were expiring soon. My server turns off every evening at midnight, and starts back up every day at 16:00, so having googled this problem, most advice was that simply restarting the Swag docker would renew the certs (obviously this isn't happening for me, as my whole server restarts daily.) I found some info which allowed me to renew my certificates manually, by using the following instructions: Open console for the specific docker (Swag) by clicking the docker name, and then choosing the console. Type: certbot renew ^^ This seems to have resolved the issue of the cert not renewing automatically. However I'm concerned that I'll have to do this every few months & maybe forget altogether. So my question is this, how on earth can I automate the renewal myself? I can access the terminal through the Unraid GUI, but after that I'm lost. I'm comfortable typing in commands, but automating this process is a step beyond my knowledge. I have the User Scripts plugin installed, and I use this to shutdown my system every night. As for how I'd use this plugin though to automate cert renewal, I'm not sure. I think I'd have to write a script, and then point to that script in the plugin & then set the schedule? Can anyone help? EDIT: This is from my Swag docker log [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. So perhaps the docker is set to renew automatically at 02:08 - and therein lies the problem because my Server is offline at that time? You either need to modify when the Cron job is running or leave your server running. Quote Link to comment
Unrayed Posted June 28, 2021 Share Posted June 28, 2021 (edited) 23 hours ago, saarg said: You either need to modify when the Cron job is running or leave your server running. Cheers, I've got this far with Unraid but cron is something I've no experience of (other than a predefined user script to shut the server down for me at night.) Is the file to control this a global file, or specific to each docker? I'm comfortable editing, & using a cron calculator to figure out what time I'd like, I just don't know what to actually edit! Would appreciate any help you might throw my way EDIT: I'm looking at the file located at /mnt/cache/appdata/swag/crontabs/root Using Notepad++, I can open this file on Windows and it shows: # do daily/weekly/monthly maintenance # min hour day month weekday command */15 * * * * run-parts /etc/periodic/15min 0 * * * * run-parts /etc/periodic/hourly 0 2 * * * run-parts /etc/periodic/daily 0 3 * * 6 run-parts /etc/periodic/weekly 0 5 1 * * run-parts /etc/periodic/monthly # renew letsencrypt certs 8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 Is it case of editing one of these values, to change renewal time from the default of 2am to a time of my choosing? Edited June 28, 2021 by Unrayed Quote Link to comment
saarg Posted June 28, 2021 Share Posted June 28, 2021 6 hours ago, Unrayed said: Cheers, I've got this far with Unraid but cron is something I've no experience of (other than a predefined user script to shut the server down for me at night.) Is the file to control this a global file, or specific to each docker? I'm comfortable editing, & using a cron calculator to figure out what time I'd like, I just don't know what to actually edit! Would appreciate any help you might throw my way EDIT: I'm looking at the file located at /mnt/cache/appdata/swag/crontabs/root Using Notepad++, I can open this file on Windows and it shows: # do daily/weekly/monthly maintenance # min hour day month weekday command */15 * * * * run-parts /etc/periodic/15min 0 * * * * run-parts /etc/periodic/hourly 0 2 * * * run-parts /etc/periodic/daily 0 3 * * 6 run-parts /etc/periodic/weekly 0 5 1 * * run-parts /etc/periodic/monthly # renew letsencrypt certs 8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 Is it case of editing one of these values, to change renewal time from the default of 2am to a time of my choosing? Yes I think you can just edot the file and set the time to when your server is on. Restart the container after modifying the file. 1 Quote Link to comment
Unrayed Posted June 29, 2021 Share Posted June 29, 2021 @saarg many thanks for your help. I've edited and uploaded the file to the server now. I've changed the cron expression to "30 20 1 * *" which I believe is the first of every month. Hopefully that'll sort things not autorenewing Quote Link to comment
robobub Posted June 30, 2021 Share Posted June 30, 2021 (edited) Anyone familiar with this cert renewal error? I set it up how I interpreted spaceinvaderone's video, which had subdomains as the separate variable from the dns provider that I don't own. The description though seems to imply putting the subdomain.provider.com as one variable under domain name. Which is correct? Quote 20:37:27,070:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/myurl.com/fullchain.pem ( failure) 2021-06-29 20:37:27,070:DEBUG:certbot.display.util:Notifying user: Additionally, the following renewal configurations were invalid: 2021-06-29 20:37:27,070:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/renewal/myurl.com-0 001.conf (parsefail) /etc/letsencrypt/renewal/myurl.com-0002.conf (parsefail) 2021-06-29 20:37:27,070:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-06-29 20:37:27,071:INFO:certbot.compat.misc:Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs 12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat privkey.pem fullchain.pem > priv-fullchain-bundle.pem && chown -R abc:abc /config/etc/letsencrypt 2021-06-29 20:37:28,158:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main return config.func(config, plugins) File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1439, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 499, in handle_renewal_request raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format( certbot.errors.Error: 1 renew failure(s), 2 parse failure(s) 2021-06-29 20:37:28,167:ERROR:certbot._internal.log:1 renew failure(s), 2 parse failure(s) Despite this error, the reverse proxy still ended up working, with a cert error. Edited June 30, 2021 by robobub Quote Link to comment
sjaak Posted June 30, 2021 Share Posted June 30, 2021 is here someone who got SWAG fully working on IPv6? i trying to get it working but after view weeks of trail and error i'm out of idea's... Docker is fully working on IPv6, can confirm this. i have a tor relay running on unraid/docker and it external accessible through IPv6... SWAG does have an working IPv6 address. but Cloudflare won't get connection to SWAG on IPv6, resulting many times with error 522 i did some research on nginx with ipv6, its needs '--with-ipv6'? when checking on SWAG with the command: nginx -V it gives me the following configure arguments: Quote nginx version: nginx/1.18.0 built with OpenSSL 1.1.1k 25 Mar 2021 TLS SNI support enabled configure arguments: --prefix=/var/lib/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pid --lock-path=/run/nginx/nginx.lock --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --add-dynamic-module=/home/buildozer/aports/main/nginx/src/njs-0.5.0/nginx --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_devel_kit-0.3.1/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_brotli-1.0.0rc/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_cache_purge-2.5.1/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-dav-ext-module-3.0.0/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/echo-nginx-module-0.62/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/encrypted-session-nginx-module-0.08/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx-fancyindex-0.5.1/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/headers-more-nginx-module-0.33/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-nginx-module-0.10.19/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-upstream-nginx-module-0.07/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nchan-1.2.7/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-http-shibboleth-2.0.1/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/redis2-nginx-module-0.15/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/set-misc-nginx-module-0.32/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upload-progress-module-0.9.2/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upstream-fair-0.1.3/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-rtmp-module-1.2.1/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-vod-module-1.27/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_http_geoip2_module-3.3/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/naxsi-1.3/naxsi_src --add-dynamic-module=/home/buildozer/aports/main/nginx/src/mod_zip-1.2.0/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-module-vts-0.1.18/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/traffic-accounting-nginx-module-2.0/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_http_untar_module-1.0/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_upstream_jdomain-1.1.5/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx_cookie_flag_module-1.1.0/ --add-dynamic-module=/home/buildozer/aports/main/nginx/src/array-var-nginx-module-0.05/ no --with-ipv6 in there... anyone have in idea what i can do??? Quote Link to comment
saarg Posted June 30, 2021 Share Posted June 30, 2021 On 6/29/2021 at 5:14 PM, Unrayed said: @saarg many thanks for your help. I've edited and uploaded the file to the server now. I've changed the cron expression to "30 20 1 * *" which I believe is the first of every month. Hopefully that'll sort things not autorenewing Why did you change the third to 1? Only change the first two. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.