ffhelllskjdje Posted January 12, 2018 Share Posted January 12, 2018 1 minute ago, Quiks said: Are you accessing it the same way? What do you see instead of your nextcloud page? My only issue was getting my certificate pushed. After that, everything worked per normal. you should be able to go to your public ipaddress:port instead of the domain and have it work as well (albeit without the pretty "secure" icon) assuming you have this allowed in your conf. nothing in the logs, just this when I go to my public ip. everything was normal up until a couple days ago 502 Bad Gateway nginx/1.12.2 Quote Link to comment
Quiks Posted January 12, 2018 Share Posted January 12, 2018 (edited) 2 minutes ago, ffhelllskjdje said: nothing in the logs, just this when I go to my public ip. everything was normal up until a couple days ago 502 Bad Gateway nginx/1.12.2 Maybe try restarting nextcloud? can you access it locally (not through nginx)? is it only nextcloud having an issue? Edited January 12, 2018 by Quiks Quote Link to comment
ffhelllskjdje Posted January 12, 2018 Share Posted January 12, 2018 2 minutes ago, Quiks said: Maybe try restarting nextcloud? can you access it locally (not through nginx)? is it only nextcloud having an issue? i've tried rebooting both to no effect. I only have nextcloud running so no other apps to check. so frustrating, it was working fine for like 6 months and now it's broken. Quote Link to comment
Greygoose Posted January 12, 2018 Share Posted January 12, 2018 (edited) I found this post, I havent time to try tonight, hopefully someone here can and post exact instructions for unraid setup Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983 Edited January 12, 2018 by Greygoose Quote Link to comment
lespaul Posted January 12, 2018 Share Posted January 12, 2018 Count me among the dead. My ISP blocks port 80 so httpval doesn't seem to work. Not really sure what to do? Quote Link to comment
Quiks Posted January 12, 2018 Share Posted January 12, 2018 Just now, lespaul said: Count me among the dead. My ISP blocks port 80 so httpval doesn't seem to work. Not really sure what to do? You just have to wait for a fix, or for letsencrypt to accept ports other than 80/443 =P. I'm betting this container will be fixed before that though. Quote Link to comment
Quiks Posted January 12, 2018 Share Posted January 12, 2018 2 minutes ago, ffhelllskjdje said: i've tried rebooting both to no effect. I only have nextcloud running so no other apps to check. so frustrating, it was working fine for like 6 months and now it's broken. try adding another app into it and see if you can get that working. post your conf file and I'll eyeball it, but I'm by no means an nginx expert. Quote Link to comment
ffhelllskjdje Posted January 12, 2018 Share Posted January 12, 2018 (edited) 3 minutes ago, Quiks said: try adding another app into it and see if you can get that working. post your conf file and I'll eyeball it, but I'm by no means an nginx expert. server { listen 443 ssl; server_name nextcloud.mydomain.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-$ ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.1:444/; proxy_max_temp_file_size 4096m; include /config/nginx/proxy.conf; } } thanks. config hasn;t changed. it's like it's being ignored though. Port 444 is nextcloud Edited January 12, 2018 by ffhelllskjdje Quote Link to comment
digiblur Posted January 12, 2018 Share Posted January 12, 2018 Just tried HTTPVAL = true, forwarded port 80 to my exposed http port 90 > 80 and it did the trick. Hopefully they fix this so i can close back up port 80. edit: for anyone else that needs to know where to edit this, it's under advanced settings Same here. Fixed it after I changed the value, added the 80 port forward to my internal http port on the container. I did check to make sure I redirect to https but I will probably close 80 again in a bit until it breaks again. Quote Link to comment
Quiks Posted January 12, 2018 Share Posted January 12, 2018 9 minutes ago, ffhelllskjdje said: server { listen 443 ssl; server_name nextcloud.mydomain.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-$ ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.1:444/; proxy_max_temp_file_size 4096m; include /config/nginx/proxy.conf; } } thanks. config hasn;t changed. it's like it's being ignored though. Port 444 is nextcloud Can you reach nextcloud on https://192.168.1.1:444/ right now? Quote Link to comment
ffhelllskjdje Posted January 12, 2018 Share Posted January 12, 2018 (edited) 21 minutes ago, Quiks said: Can you reach nextcloud on https://192.168.1.1:444/ right now? It times out. same error 502 bad gateway thanks, that tipped me off, i was just in that file earlier and had the wrong ip above, a zero got deleted somehow. fixed and up and running again. Edited January 12, 2018 by ffhelllskjdje Quote Link to comment
BrandonG777 Posted January 12, 2018 Share Posted January 12, 2018 37 minutes ago, Greygoose said: I found this post, I havent time to try tonight, hopefully someone here can and post exact instructions for unraid setup Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983 Looks like you're onto to something but without being able to start the container I cant get to a bash command prompt to try any of that. Maybe someone knows of a way I can keep the container running to try this... Quote Link to comment
Caboose20 Posted January 12, 2018 Share Posted January 12, 2018 Thanks for the help everyone, adding the below worked for me. -e HTTPVAL=true It looks like this was an official change due to how letsencrypt works: https://www.linuxserver.io/2018/01/11/psa-changes-to-our-lets-encrypt-container/ Quote Link to comment
Leondre Posted January 12, 2018 Share Posted January 12, 2018 Unless I'm somehow doing this wrong it certainly hasn't fixed it for me. Quote Link to comment
kreene1987 Posted January 12, 2018 Share Posted January 12, 2018 (edited) Me either. I will state that I am using www.domain.com/nextcloud settings, so I'm unsure if this is because I went with a bit different approach? Edited January 12, 2018 by kreene1987 Quote Link to comment
glassbase Posted January 12, 2018 Share Posted January 12, 2018 (edited) HI all, Hopefully my strange fix helps people here with this "Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA." error.... because HTTPVAL was not working for me (and my ISP does not block port 80) and I figured out why... I use a docker-compose file with the line = "image: linuxserver/letsencrypt:latest" and it was not updating my image upon running "docker-compose up -d" for whatever reason. I came to this conclusion after closing port 80 in my router and was not receiving the timeout error during validation. Then I run "docker pull linuxserver/letsencrypt:latest" and watched it actually pull the latest image, start letsencrypt and bam, I was able to complete validation. IDK how to force an update to an image on unRAID or others or if my fix will work for anyone else, because I use Docker for Mac (do not have an unRIAD box YET ) edit - spelling Edited January 12, 2018 by glassbase Quote Link to comment
jasgud Posted January 12, 2018 Share Posted January 12, 2018 2 hours ago, ffhelllskjdje said: server { listen 443 ssl; server_name nextcloud.mydomain.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-$ ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.1:444/; proxy_max_temp_file_size 4096m; include /config/nginx/proxy.conf; } } thanks. config hasn;t changed. it's like it's being ignored though. Port 444 is nextcloud you don't have port 80 configured to respond. You need to enable the default port 80 response so that letsencrypt can connect to it to verify. Quote Link to comment
Malykai Posted January 12, 2018 Share Posted January 12, 2018 Is anyone having this error or am I just the lucky one? It looks similar to the ones above though I am able to login and get that error do to "sleep infinity". Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None An unexpected error occurred: There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
FreeMan Posted January 12, 2018 Share Posted January 12, 2018 (edited) I seem to be having issues with the docker starting since last night's update: Quote ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at:https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d books.MyDomain.com -d cp.MyDomain.com -d emby.MyDomain.com -d photos.MyDomain.com -d sab.MyDomain.com -d shows.MyDomain.com -d sick.MyDomain.com E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate.certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificatePerforming the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal./var/run/s6/etc/cont-init.d/50-config: line 134: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. What is the recommended next step? I was playing around with some configuration last night, but it did start when I left it last night. Edited January 12, 2018 by FreeMan Quote Link to comment
smdion Posted January 12, 2018 Share Posted January 12, 2018 (edited) 47 minutes ago, FreeMan said: I seem to be having issues with the docker starting since last night's update: What is the recommended next step? I was playing around with some configuration last night, but it did start when I left it last night. Its not you. Big security vulnerability killed one of their(Let's Encrypt) authentication methods - https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/. TL;DR, Let's Encrypt properly followed a standard, the standard had a flaw. Let's Encrypt disabled the standard. Luckily the genius folks at LSIO have built in a work around. Add a new variable -e HTTPVAL - if you wish to get certs through http validation on port 80 instead of port 443, set this to true. Keep in mind that you also have to map port 80 as listed above - SOURCE: https://github.com/linuxserver/docker-letsencrypt Edited January 12, 2018 by smdion Quote Link to comment
matthope Posted January 13, 2018 Share Posted January 13, 2018 (edited) In my case, my internet provider block the port 80 so the HTTPVAL fix wont work. Since TLS-SNI challenge is deactivated and I can't use HTTP challenge, I'm obligated to use the DNS-01 challenge. I've found a way to use it with this docker and cloudflare. You will need those 2 scripts ( here ) and you will need to modify the script /etc/cont-init/50-config inside the docker. docker exec -it [DOCKERNAME] /bin/bash vi /etc/cont-init.d/50-config In the file comment this line : certbot certonly --non-interactive --renew-by-default --standalone --preferred-challenges $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URLS And add this one : certbot certonly --agree-tos --manual --manual-public-ip-logging-ok --preferred-challenges=dns --manual-auth-hook /app/authenticator.sh --manual-cleanup-hook /app/cleanup.sh --rsa-key-size 4096 $EMAILPARAM --no-eff-email $URLS However, this is a one time fix since any modification to the docker is reverted when restarted. @aptalca It would be nice if the DNS-01 challenge could be added definitively to this docker. Edited January 13, 2018 by matthope tag Quote Link to comment
gshlomi Posted January 13, 2018 Share Posted January 13, 2018 Hi folks Can't seem to make it work again. Changed "HTTPVAL" to "true" but I think m provider blocks port 80: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.mydomain.com -d dlg.mydomain.com -d cp.mydomain.com -d sr.mydomain.com -d sab.mydomain.com -d nc.mydomain.com -d office.mydomain.com -d plexpy.mydomain.com -d ha.mydomain.com E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for mydomain.com http-01 challenge for www.mydomain.com http-01 challenge for dlg.mydomain.com http-01 challenge for cp.mydomain.com http-01 challenge for sr.mydomain.com http-01 challenge for sab.mydomain.com http-01 challenge for nc.mydomain.com http-01 challenge for office.mydomain.com http-01 challenge for plexpy.mydomain.com http-01 challenge for ha.mydomain.com Waiting for verification... Cleaning up challenges Failed authorization procedure. ha.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ha.mydomain.com/.well-known/acme-challenge/37kVVX3GQepKzvimZVl2ZWe9LAeWbGQHKtqriblf2eY: Timeout, cp.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cp.mydomain.com/.well-known/acme-challenge/iblVH3jUuFK0ezr-4y8NjXmlxXc3-H7P8zzoKlKU-18: Timeout, mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.com/.well-known/acme-challenge/-L6DgVivC4CAWB4w0P_ca32hKMlMg-TCnEQ8jOshKW8: Timeout, www.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.mydomain.com/.well-known/acme-challenge/m_urJrcV5bGi7_w_TgmtP9QFyNucA4-jegcU2sh-DMo: Timeout, dlg.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dlg.mydomain.com/.well-known/acme-challenge/X2QMi7zQp0T2n3hyP8JGSs_rQJtTR9ly874lqvtS49g: Timeout, nc.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nc.mydomain.com/.well-known/acme-challenge/nMZ0kONU3uVrPno4IMCs5yQbYjWmhOFSE5v7rqR-gkc: Timeout, office.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://office.mydomain.com/.well-known/acme-challenge/-q-KtpROO-cUzdDcm4oO5_84E-Lf4pA1lwmi6Akuvw4: Timeout, plexpy.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://plexpy.mydomain.com/.well-known/acme-challenge/HhpJuxmw8jg3fxgZuRKLqPjNn4QQTEvBVWg66IIGMNo: Timeout, sr.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sr.mydomain.com/.well-known/acme-challenge/BqtOau3Gc_lu5_FsPApWjF_DoChm0ctSn8DGbnd6j14: Timeout, sab.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sab.mydomain.com/.well-known/acme-challenge/L6d2qCm8DXNUwlnjJW6pfKnJ484MS09u_InlLt9Jv_8: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: ha.mydomain.com Type: connection Detail: Fetching http://ha.mydomain.com/.well-known/acme-challenge/37kVVX3GQepKzvimZVl2ZWe9LAeWbGQHKtqriblf2eY: Timeout Domain: cp.mydomain.com Type: connection Detail: Fetching http://cp.mydomain.com/.well-known/acme-challenge/iblVH3jUuFK0ezr-4y8NjXmlxXc3-H7P8zzoKlKU-18: Timeout Domain: mydomain.com Type: connection Detail: Fetching http://mydomain.com/.well-known/acme-challenge/-L6DgVivC4CAWB4w0P_ca32hKMlMg-TCnEQ8jOshKW8: Timeout Domain: www.mydomain.com Type: connection Detail: Fetching http://www.mydomain.com/.well-known/acme-challenge/m_urJrcV5bGi7_w_TgmtP9QFyNucA4-jegcU2sh-DMo: Timeout Domain: dlg.mydomain.com Type: connection Detail: Fetching http://dlg.mydomain.com/.well-known/acme-challenge/X2QMi7zQp0T2n3hyP8JGSs_rQJtTR9ly874lqvtS49g: Timeout Domain: nc.mydomain.com Type: connection Detail: Fetching http://nc.mydomain.com/.well-known/acme-challenge/nMZ0kONU3uVrPno4IMCs5yQbYjWmhOFSE5v7rqR-gkc: Timeout Domain: office.mydomain.com Type: connection Detail: Fetching http://office.mydomain.com/.well-known/acme-challenge/-q-KtpROO-cUzdDcm4oO5_84E-Lf4pA1lwmi6Akuvw4: Timeout Domain: plexpy.mydomain.com Type: connection Detail: Fetching http://plexpy.mydomain.com/.well-known/acme-challenge/HhpJuxmw8jg3fxgZuRKLqPjNn4QQTEvBVWg66IIGMNo: Timeout Domain: sr.mydomain.com Type: connection Detail: Fetching http://sr.mydomain.com/.well-known/acme-challenge/BqtOau3Gc_lu5_FsPApWjF_DoChm0ctSn8DGbnd6j14: Timeout Domain: sab.mydomain.com Type: connection Detail: Fetching http://sab.mydomain.com/.well-known/acme-challenge/L6d2qCm8DXNUwlnjJW6pfKnJ484MS09u_InlLt9Jv_8: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 2 hours ago, matthope said: In my case, my internet provider block the port 80 so the HTTPVAL fix wont work. Since TLS-SNI challenge is deactivated and I can't use HTTP challenge, I'm obligated to use the DNS-01 challenge. I've found a way to use it with this docker and cloudflare. You will need those 2 scripts ( here ) and you will need to modify the script /etc/cont-init/50-config inside the docker. docker exec -it [DOCKERNAME] /bin/bash vi /etc/cont-init.d/50-config In the file comment this line : certbot certonly --non-interactive --renew-by-default --standalone --preferred-challenges $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URLS And add this one : certbot certonly --agree-tos --manual --manual-public-ip-logging-ok --preferred-challenges=dns --manual-auth-hook /app/authenticator.sh --manual-cleanup-hook /app/cleanup.sh --rsa-key-size 4096 $EMAILPARAM --no-eff-email $URLS However, this is a one time fix since any modification to the docker is reverted when restarted. @aptalca It would be nice if the DNS-01 challenge could be added definitively to this docker. Hi, and hwo do you start this workaround? Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 Ok, I have overseen the two scripts. At least I have now a workaround. I also tried with HTTPVAL but this was not working. Port 80 is forwarded to LetsEncrpyt but I am not sure if I have to change something in my sites-conf? Do I need to enable 80 for all virtual hosts? At the moment I am forwarding in all virtual hosts port 80 to 443. Br, Johannes Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 Ok, it is not working with the temporary workaround. I am getting: Error output from authenticator.sh: Traceback (most recent call last): File "<string>", line 1, in <module> TypeError: 'NoneType' object has no attribute '__getitem__' Traceback (most recent call last): File "<string>", line 1, in <module> TypeError: 'NoneType' object has no attribute '__getitem__' Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.