FreeMan Posted January 14, 2018 Share Posted January 14, 2018 I deleted the default HTTP port mapping: and created a new one: and winner, winner, chicken dinner I'm back in business! Is there something wrong with the template that it's mapping internally to port 81, or is that in preparation for v6.4 and I need to change my port forward at the router, or...? Quote Link to comment
FreeMan Posted January 14, 2018 Share Posted January 14, 2018 5 hours ago, aptalca said: The last update of this image didn't break things. I fully appreciate all the work & support you and @CHBMB , in particular, put into supporting all the lsio containers and answering all our questions. I, for one, meant no implication that you guys broke things - it's just that the symptoms of the LE change didn't show up for us mere-mortal users until the updated, fixed version rolled out to us and we tried to revalidate our sites using configuration for the old methods. Since I don't keep a finger on the pulse of the latest security issues, my two data points were A) LE updated, and B) I can't get the container to start. That, therefore, led to my conclusion - it's broken. Again - there's no way I could manage to get through all these fantastic bits working without you wizards behind the curtain. Thank you! Quote Link to comment
saarg Posted January 14, 2018 Share Posted January 14, 2018 19 minutes ago, FreeMan said: I deleted the default HTTP port mapping: and created a new one: and winner, winner, chicken dinner I'm back in business! Is there something wrong with the template that it's mapping internally to port 81, or is that in preparation for v6.4 and I need to change my port forward at the router, or...? The 81 part is most likely your own doing. It's port 80 in the template. Quote Link to comment
FreeMan Posted January 14, 2018 Share Posted January 14, 2018 1 minute ago, saarg said: The 81 part is most likely your own doing. It's port 80 in the template. I'll accept responsibility, but I have no recollection whatsoever of ever having changed that setting. Weird... Quote Link to comment
Earache Posted January 14, 2018 Share Posted January 14, 2018 I'm trying to use my own domain (namecheap) but either I setup the DNS wrong or I'm missing something. I have my docker on seperate IPs (example 192.168.1.4, .5,.6 etc) and I'm not sure if this is causing the issue or not. I have ports forwarded properly. If I run a dns lookup for the subdomain.domain I see my public IP, but I'm getting this error in the log: Failed authorization procedure. subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/o9FHDJfbOQWeotQxma9kLk-AT5iRiBRyXXNKHn5zvgQ: Timeout, subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/mKVzhGyDzD0_QHj3YQ0fA4VW9tykyzkvdees4r9nTWw: Timeout, subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/jtizzEhlv4utMnBqMCauCIrR48_gkzx7kuak5JaWZH0: TimeoutIMPORTANT NOTES:- The following errors were reported by the server:Domain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/o9FHDJfbOQWeotQxma9kLk-AT5iRiBRyXXNKHn5zvgQ:TimeoutDomain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/mKVzhGyDzD0_QHj3YQ0fA4VW9tykyzkvdees4r9nTWw:TimeoutDomain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/jtizzEhlv4utMnBqMCauCIrR48_gkzx7kuak5JaWZH0:TimeoutTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container On namecheap I have every subdomain as A +Dynamic DNS Record (using their DNS Client to update the ip). I'm really stumped. Quote Link to comment
Brettv Posted January 14, 2018 Share Posted January 14, 2018 8 minutes ago, Earache said: I'm trying to use my own domain (namecheap) but either I setup the DNS wrong or I'm missing something. I have my docker on seperate IPs (example 192.168.1.4, .5,.6 etc) and I'm not sure if this is causing the issue or not. I have ports forwarded properly. If I run a dns lookup for the subdomain.domain I see my public IP, but I'm getting this error in the log: Failed authorization procedure. subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/o9FHDJfbOQWeotQxma9kLk-AT5iRiBRyXXNKHn5zvgQ: Timeout, subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/mKVzhGyDzD0_QHj3YQ0fA4VW9tykyzkvdees4r9nTWw: Timeout, subdomain.domain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://subdomain.domain/.well-known/acme-challenge/jtizzEhlv4utMnBqMCauCIrR48_gkzx7kuak5JaWZH0: TimeoutIMPORTANT NOTES:- The following errors were reported by the server:Domain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/o9FHDJfbOQWeotQxma9kLk-AT5iRiBRyXXNKHn5zvgQ:TimeoutDomain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/mKVzhGyDzD0_QHj3YQ0fA4VW9tykyzkvdees4r9nTWw:TimeoutDomain: subdomain.domainType: connectionDetail: Fetchinghttp://subdomain.domain/.well-known/acme-challenge/jtizzEhlv4utMnBqMCauCIrR48_gkzx7kuak5JaWZH0:TimeoutTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container On namecheap I have every subdomain as A +Dynamic DNS Record (using their DNS Client to update the ip). I'm really stumped. Im getting the same, i believe my ISP is blocking port 80, which is causing the timeout. Quote Link to comment
Earache Posted January 14, 2018 Share Posted January 14, 2018 4 minutes ago, Brettv said: Im getting the same, i believe my ISP is blocking port 80, which is causing the timeout. Hmm, I'm not sure because this was working with duckdns.org before it broke, and now it won't even work with duck. Quote Link to comment
j123ss Posted January 14, 2018 Share Posted January 14, 2018 1 hour ago, Earache said: Hmm, I'm not sure because this was working with duckdns.org before it broke, and now it won't even work with duck. Cox? Everyone with that issue seems to be port 80 ISP issue like they said. Same thing here and I have COX. Quote Link to comment
Earache Posted January 14, 2018 Share Posted January 14, 2018 2 minutes ago, j123ss said: Cox? Everyone with that issue seems to be port 80 ISP issue like they said. Same thing here and I have COX. Rogers Internet (Canada). They apparently don't block it so I don't know wtf is going on. I'm using an EdgeRouter Lite, so either my port-forwarding is farked or Rogers decided to block the port? Quote Link to comment
aptalca Posted January 14, 2018 Share Posted January 14, 2018 (edited) 16 minutes ago, Earache said: Rogers Internet (Canada). They apparently don't block it so I don't know wtf is going on. I'm using an EdgeRouter Lite, so either my port-forwarding is farked or Rogers decided to block the port? Your port forwarding is wrong. You are forwarding 81 to 80, you should be forwarding 80 to 81 Edited January 14, 2018 by aptalca Quote Link to comment
Earache Posted January 14, 2018 Share Posted January 14, 2018 8 minutes ago, aptalca said: Your port forwarding is wrong. You are forwarding 81 to 80, you should be forwarding 80 to 81 Nope still get Failed authorization procedure. sub.domain.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sub.domain/.well-known/acme-challenge/dcVgooswjuwm_DhQXskQSuKDbRdmN4qKyZTxbDzFg9g: Timeout ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
jsbroks Posted January 14, 2018 Share Posted January 14, 2018 Getting the following error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Anyone know how to fix this? Quote Link to comment
Ding Dong Del Posted January 14, 2018 Share Posted January 14, 2018 (edited) Hi jsbroks, read back over the last few pages in this post. aptalca, and chbmb (and others) have provided a fair bit of detail on what steps to take Edited January 14, 2018 by Ding Dong Del Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 5 hours ago, Earache said: Nope still get Failed authorization procedure. sub.domain.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sub.domain/.well-known/acme-challenge/dcVgooswjuwm_DhQXskQSuKDbRdmN4qKyZTxbDzFg9g: Timeout ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container You're also forwarding 444 to 443, again the wrong way around, these are inbound ports, not outbound Quote Link to comment
DZMM Posted January 14, 2018 Share Posted January 14, 2018 (edited) 11 hours ago, FreeMan said: I hit the "advanced view" and put the "-e "HTTPVAL"="true"" in there while not hitting the "Advanced settings" to realize that it had been added to the container Phew - thanks, I'd done the same. Spent 30 mins trying to work out what I was doing wrong. For other users (and there will be more). The TLDR solution to the docker not working is: 1. Forward port 80 in your router to the docker if your docker has a unique IP via 6.4, if not forward another port e.g. 81 to unraid and then change use the same port in the http setting in the docker 2. click on 'show more settings' and change HTTPVAL to true - do not add a new variable HTTPVAL like I did, as it's already there in the new docker Edited January 14, 2018 by DZMM Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 (edited) If you're having problems with this container, ensure you've read the quoted post above, make sure you post your docker run command, screenshots of your router port forwarding setup, and docker logs. Without the above, nobody can help you! And, your post will probably get ignored as we're getting swamped from various avenues with queries about the change in LetsEncrypt certification validation. Edited January 14, 2018 by CHBMB 1 Quote Link to comment
Dhagon Posted January 14, 2018 Share Posted January 14, 2018 13 hours ago, CHBMB said: Scroll up to my last set of posts in this thread helping another user. Docker run command as my sig demonstrates and LE logs Here's the docker run cmd and the forwarded ports, not sure if the attached LE log is the one you wanted, let me know if you need more. I haven't changed anything in the docker settings or my router, other than applying the "HTTPVAL = true" fix.. I'd guess I was having the same issue as several other people, with ISP blocking port 80, but since nextcloud works with the fix, just ombi that stopped working, it doesn't really make sense.. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 Here's the docker run cmd and the forwarded ports, not sure if the attached LE log is the one you wanted, let me know if you need more. I haven't changed anything in the docker settings or my router, other than applying the "HTTPVAL = true" fix.. I'd guess I was having the same issue as several other people, with ISP blocking port 80, but since nextcloud works with the fix, just ombi that stopped working, it doesn't really make sense..That looks like everything is working fine to me.Sent from my LG-H815 using Tapatalk Quote Link to comment
Greygoose Posted January 14, 2018 Share Posted January 14, 2018 here is my config, please someone tell me what im doing wrong. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 12 minutes ago, Greygoose said: here is my config, please someone tell me what im doing wrong. Can you check that the IP address you have in Namecheap DNS settings is the same as the IP address you get when you go to https://www.whatismyip.com/ Quote Link to comment
Greygoose Posted January 14, 2018 Share Posted January 14, 2018 hi CHBM, Yes exactly the same Quote Link to comment
Greygoose Posted January 14, 2018 Share Posted January 14, 2018 (edited) I have changed in docker to use only subdomains and then run docker and it looks to have started? Edited January 14, 2018 by Greygoose Quote Link to comment
EdgarWallace Posted January 14, 2018 Share Posted January 14, 2018 The was doing the trick: port forward http (tcp 80 -->> 85) as well as https (tcp 443 -->> 443) is required. This was working for unRAID 6.3.5 but it stopped working for 6.4. Anyone Else whole made that experience? Latest letsencrypt Docker is installed: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="mydomain.org" -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="4096" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -p 85:80/tcp -p 443:443/tcp -v "/mnt/user/system/docker/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt68820e55413df4f6d12189d079334a943a01c4699136e38059fc459597f8670b/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (296916628be7ee045bd094ac8ebaa72631a8bd1146130c8480a19b91462dd0d4): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use. Gesendet von iPad mit Tapatalk Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 1 minute ago, Greygoose said: I have changed in docker to use only subdomains and then run docker and it looks to have started? What had you got in DOMAIN NAME? If you don't want to post it in public can you PM me? I have a theory.... Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 1 minute ago, EdgarWallace said: This was working for unRAID 6.3.5 but it stopped working for 6.4. Anyone Else whole made that experience? Latest letsencrypt Docker is installed. Gesendet von iPad mit Tapatalk Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.