Kash76 Posted January 13, 2018 Share Posted January 13, 2018 There does not seem to be a clear path to a fix for those of us with port 80 blocked correct?Sent from my ONEPLUS A5010 using Tapatalk Quote Link to comment
FreeMan Posted January 13, 2018 Share Posted January 13, 2018 Once again, huge thanks got the gents (and ladies?) at lsio! There was an update overnight and this morning my letsencrypt container started without any issues or changes at my end. Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 1 hour ago, FreeMan said: Once again, huge thanks got the gents (and ladies?) at lsio! There was an update overnight and this morning my letsencrypt container started without any issues or changes at my end. Unfortunatley it is still not working for me... Quote Link to comment
FreeMan Posted January 13, 2018 Share Posted January 13, 2018 1 minute ago, ebnerjoh said: Unfortunatley it is still not working for me... If you added the extra container parameter, consider removing it? I'd never added it in the first place, so maybe that's the difference. /SWAG Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 1 minute ago, FreeMan said: If you added the extra container parameter, consider removing it? I'd never added it in the first place, so maybe that's the difference. /SWAG No, thats not the issue, I now completley deleted the docker (+appdata directory) and recreated. It is still not working. Quote Link to comment
FreeMan Posted January 13, 2018 Share Posted January 13, 2018 Sorry, mate, I'm fresh outta ideas... After it magically stopped working, I just hung on long enough for it to magically start working again... Quote Link to comment
FreeMan Posted January 13, 2018 Share Posted January 13, 2018 Well, maybe I jumped the gun, too... The container will start, but it doesn't seem to be redirecting to my emby container. i.e. I get "Unable to connect" when I point my browser at "emby.mydoinain.com". This was working a few days ago prior to the kerfuffle about the LE docker and was working fine while trying to get the Android emby app to connect through a secured RP. I looked at the docker config: and I seem to have an extra "http" variable down there at the bottom. I have no recollection if this is a default path or if I'd manually added it for some reason. I've reviewed the last 12-15 pages for issues I've posted and none of the resolutions seemed to indicate me adding this as an extra variable, so this really has be cornfoosed... I'd like to get confirmation that this shouldn't be there before I go and delete it Quote Link to comment
ebnerjoh Posted January 13, 2018 Share Posted January 13, 2018 For me it is now working. I just set "HTTPVAL" under "Advanced Settings" to "true". Br, Johannes Quote Link to comment
Kash76 Posted January 13, 2018 Share Posted January 13, 2018 Interesting - I ended up forwarding port 80 to 8008 (container http port) and it started working along with HTTPVAL (under Docker, LetsEncrypt, advanced settings to true). I believe that Comcast blocks 80 but it's working. Quote Link to comment
Kash76 Posted January 13, 2018 Share Posted January 13, 2018 I would also like to thank the great people at Linuxserver.io for all of the goodies that that offer us!!! Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 Mine's not working anymore full stop, no matter what I try. Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 Just now, allanp81 said: Mine's not working anymore full stop, no matter what I try. Without logs, and what you're actually running nobody can really help you though..... Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 1 minute ago, CHBMB said: Without logs, and what you're actually running nobody can really help you though..... -------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentNo subdomains definedE-mail address entered: myemailaddressDifferent sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdusage:certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,it will attempt to use a webserver both for obtaining and installing thecertificate.certbot: error: argument --cert-path: No such file or directoryGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificateObtaining a new certificatePerforming the following challenges:http-01 challenge for mydomainWaiting for verification...Cleaning up challengesFailed authorization procedure.mydomain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching mydomain.well-known/acme-challenge/oRXMV_jiOZf46BZZIfcvf4OMbOHr9zF7cza7CIrY4zM: TimeoutIMPORTANT NOTES:- The following errors were reported by the server:Domain: mydomainType: connectionDetail: Fetchingmydomain/.well-known/acme-challenge/oRXMV_jiOZf46BZZIfcvf4OMbOHr9zF7cza7CIrY4zM:TimeoutTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 What command are you running? Here's mine to show you what I mean..... Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 2 minutes ago, CHBMB said: What command are you running? Here's mine to show you what I mean..... How do I check what command is run when the docker is updated/started? Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 See the link in my signature for docker run command. Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 (edited) The only difference I can see is that you have DHLEVEL set to 4096 whereas mine is set to 2048. I tried setting HTTPVAL to true and it still fails, albeit with a different error: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="mine" -e "URL"="mine" -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="false" -p 443:443/tcp -p 81:80/tcp -v "/mnt/cache/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 4ace7d0eb4e12f1e6fff297403f6ef2a77f6d8a317d9825d78ef0bb4069c322b Edited January 13, 2018 by allanp81 Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 And I have httpval set to true. Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 1 minute ago, CHBMB said: And I have httpval set to true. Yes sorry, I updated my post to reflect that. It fails whether set to true or false. Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 1 minute ago, allanp81 said: Yes sorry, I updated my post to reflect that. It fails whether set to true or false. Have you got port 80 on your router/firewall forwarded to port 81 on your Unraid ip? Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 No, I tried port 80 but obviously that didn't work. Quote Link to comment
CHBMB Posted January 13, 2018 Share Posted January 13, 2018 Well that's not surprising, port 80 is the Unraid webui port, try forwarding to port 81 which is what you've mapped port 80 IN the container to. Quote Link to comment
allanp81 Posted January 13, 2018 Share Posted January 13, 2018 4 minutes ago, CHBMB said: Well that's not surprising, port 80 is the Unraid webui port, try forwarding to port 81 which is what you've mapped port 80 IN the container to. Awesome, that's now working!!! Thanks ever so much for your help. Quote Link to comment
Muff Posted January 13, 2018 Share Posted January 13, 2018 (edited) Hi, I've just upgrade my unRaid server from 6.3.4 (?) to 6.4.0 and since then my container letsencrypt isn't working as it used to. I've reinstalled the container and I still can't find the solution to the problem with some googleing The log: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... DH parameters bit setting changed. Deleting old dhparams file. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................+......................................................................................................................+...+.........................................+...............................................................................................................................................+.......................................................................+...................................................+..................+.................................................................................+....................................................................+.................................................................................+..........................................................................................................+.+..................................................................................+..................................................................................................................................................................................+..........................................................+..........................................+.............................................................................................+..................................+................................................................................................................................................................................................+..............................................+.........................+.......................................................................................................+...................................................................................+.+........................................................+..........................................................................................+....................................+.......+............+...............................................................................................................................+.........................................................................................................................................................................................+.........+............................................+..........................................................+..+................................+........................................................................+....................................................................................+..................+..+...................................................................................................................................................................+......................................................................+..................................................................................................................................................................................................................................................................................................................................................................+.......................................................................+.......................................+..+.........................................+..................................+............................+............................................................+................................................................................................................................................................................+.+...............................................................................................................+.................................................+..............................................+...................+......................................................+.....................................................................................................................................................................................................+............................+.................................................................................+...........+......................................+........................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................+.................................................................................+...........................................................................+................................................................................................................................................................................................................................................................................+....++*++* DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d domain.duckdns.org E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The container config: Screenshot_1.jpg Thank you! Edited January 13, 2018 by Muff Quote Link to comment
aptalca Posted January 13, 2018 Share Posted January 13, 2018 (edited) I will only post this once. Feel free to refer folks to this post. A few points of clarification: The last update of this image didn't break things. Letsencrypt abruptly disabled the authentication method previously used by this image (tls over port 443) due to a security vulnerability. It is unclear whether they will ever re-enable it again. So we added the option of validating over port 80, via setting the HTTPVAL variable to true (similar to how PUID is set to 99). But you have to make sure port 80 is forwarded to the container from your router. Keep in mind that unraid gui runs on port 80, so you should map port 80 on your router to any other port, ie. 85. Then in the container settings, map port 85 to port 80. Unraid template has been updated to include this new variable setting, and I think the brand new unraid stable as well as the previous betas will automatically add that variable to your settings (not 100% sure because I'm still on 6.3.5). Either way, check your settings. If your isp blocks port 80, there's nothing we can do as it is the only port letsencrypt will validate through at this point. Someone mentioned dns validation. It's not gonna happen as it is. It requires a script to change dns settings on your dns provider. Since all the dns providers have different api's for this process, we cannot automate it for you, therefore we will not add dns validation (unless there is a standardized way to update dns entries in the future but I wouldn't hold my breath). You do not need to make changes to your nginx site config and you do not need to enable listening on port 80. Validation is done through a separate web server temporarily put up during validation and is not affected by your nginx config. And one last thing, the error message about the directory not existing is harmless, it just means that you didn't have a letsencrypt cert the last time the container was started, probably because the validation had failed. Edited January 13, 2018 by aptalca 2 7 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.