[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

linuxserver.io

By linuxserver.io
in Docker Containers

Recommended Posts

aptalca Proficient

aptalca

Posted
Posted
1 hour ago, statecowboy said:

So I was looking through my docker settings cleaning stuff up and noticed I had a typo in my email address.  I changed it not even thinking about the fact this would mess up with cert.  Can someone please tell me how to force it to re-issue a new cert?  I tried simply restarting the docker but that did not work.

 

This is the error I'm getting now:

nginx: [emerg] duplicate upstream "backend" in /config/nginx/site-confs/default.bak:1
 

 

Nothing wrong with your cert. You have a duplicate site config. Move it elsewhere

Link to comment
  • Replies 6.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nraygun
nraygun

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

aptalca
aptalca

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

BigBoyMarky
BigBoyMarky

I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

WannabeMKII Explorer

WannabeMKII

Posted
Posted

I've upgraded to 6.4.0 from 6.3.5 and in the process, wiped my cache drive with my docker containers. However, I managed to restore, added the HTTPVAL=True, changed port forwarding etc, but on firing up the LE docker, it starts, but I get these messages;

  

-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d *****.*****.*****
E-mail address entered: *****@*****.***
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory

Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Where have I gone wrong, as I bet it's something simple?

Link to comment
WannabeMKII Explorer

WannabeMKII

Posted
Posted (edited)

OK, I'm doing my best here, but I'm not great at the technical stuff...

 

Port 80 is forwarded to port 81.

 

Sorry, not sure how to run, run commands? Is there a guide, as happy to provide if I have a few pointers?

 

FYI - I use dnsmadeeasy, which I saw mentioned somewhere in this thread for testing if that helps?

 

port_forwarding.png

Edited by WannabeMKII
Wrong image uploaded.
Link to comment
WannabeMKII Explorer

WannabeMKII

Posted
Posted

Sorry, paranoid I guess.

 

Here's the run command; 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="br0" --ip="10.0.0.220" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "TCP_PORT_80"="81" -e "TCP_PORT_443"="443" -e "EMAIL"="*****@*****.***" -e "URL"="*****.*****" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="True" -e "PUID"="99" -e "PGID"="100" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
fe5d2e9caaf15a0373feb2834d6b278c4c533ba3d8f3a6149accdffea4070dc1

The command finished successfully!

 

Link to comment
WannabeMKII Explorer

WannabeMKII

Posted
Posted (edited)

My ISP, BT, don't block port 80, as I've used it in the past. Infact, I was using up until I updated unraid to 6.4.

 

I'm really confused why port 80 is showing as closed though when the port is open on the router and BT don't block it?

 

Strange, it's also reporting 443 as closed and I was also using that yesterday up until the update in unraid?

Edited by WannabeMKII
Added 443 comments.
Link to comment
JonathanM Grand Master

JonathanM

Posted
Posted
58 minutes ago, CHBMB said:

OK, so that all looks OK.

 

Check port 80 is open here.

Check your DNS is correct here.

I don't think canyouseeme will work if there isn't an answering service on the port. Docker not started=no answer.

 

Perhaps we need a quick test docker with no unraid files mapped to exploit that answers on configurable ports, that way you can spin that up check for connectivity.

Link to comment
WannabeMKII Explorer

WannabeMKII

Posted
Posted

I'm running Radarr, so opened the port for the container on my router to the IP the docker is running and entered the IP followed by the Radarr port and it opened without a problem.

 

Is that what you mean? I'm just trying to help out, as this is really strange and really frustrating, so keen to help find the resolution.

Link to comment
saarg Mentor

saarg

Posted
Posted
1 hour ago, WannabeMKII said:

Good news.

 

OK, so it's saying port 80 isn't open? Here's a screenshot.

 

IP is correct though.

port_forward.jpeg

 

You run letsencrypt on its own IP, that means you are not using the port mappings at all.

Your port forwarding in your router is then wrong as you should forward 80 to 80 and 443 to 443. 

You have forwarded 80 to 81.

Link to comment
CHBMB Veteran

CHBMB

Posted
Posted
 
You run letsencrypt on its own IP, that means you are not using the port mappings at all.
Your port forwarding in your router is then wrong as you should forward 80 to 80 and 443 to 443. 
You have forwarded 80 to 81.
Damn, I should have spotted that!

Sent from my LG-H815 using Tapatalk

Link to comment
aptalca Proficient

aptalca

Posted
Posted
8 hours ago, WannabeMKII said:

I've upgraded to 6.4.0 from 6.3.5 and in the process, wiped my cache drive with my docker containers. However, I managed to restore, added the HTTPVAL=True, changed port forwarding etc, but on firing up the LE docker, it starts, but I get these messages;

  


-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d *****.*****.*****
E-mail address entered: *****@*****.***
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory

Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Where have I gone wrong, as I bet it's something simple?

 

Set HTTPVAL to "true" not "True" 

Link to comment
DZMM Proficient

DZMM

Posted
Posted

I'm a bit confused about renewals as I'm getting emails from Let's Encrypt saying my cerys are expiring soon.  Do I just ignore if the docker is working?  I made changes to my domains just last week and in the logs it said obtaining new certificate, but I'm still getting warning emails???

Link to comment
WannabeMKII Explorer

WannabeMKII

Posted
Posted

OK, so I've change port forwarding to 80, 80 and the internal IP.

 

I've changed HTTPVAL to 'true' from 'True'.

 

On running the docker, I get the following in the logs;

  

Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Any other ideas?

Link to comment
strike Enthusiast

strike

Posted
Posted (edited)
11 minutes ago, WannabeMKII said:

OK, so I've change port forwarding to 80, 80 and the internal IP.

 

I've changed HTTPVAL to 'true' from 'True'.

 

On running the docker, I get the following in the logs;

  


Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Any other ideas?

You'll also need to change the host port on the container to 80, right now it's 81, if you didn't change it already. 

Edited by strike
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing