[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

4 hours ago, WannabeMKII said:

OK, so I've change port forwarding to 80, 80 and the internal IP.

 

I've changed HTTPVAL to 'true' from 'True'.

 

On running the docker, I get the following in the logs;

 


Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Any other ideas?

 

If you set HTTPVAL to true and you're still getting that error, it means you need to update the image, or there is another HTTPVAL directive in your docker run/create command that is not set to true

Link to comment

I have been reading the thread for a few days and have tried most if not all of the settings to try to get letsencrypt to work properly. I have cone to the realization that I need some help. here are my docker commands pic for port forwarding docker settings and log. Please review and point me to the right directioncommand.thumb.JPG.2c77abf0a5133ee096f6c81632ff30f7.JPG


User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.duckdns.org -d *****.duckdns.org
E-mail address entered: *******@gmail.com
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for duckdns.org
http-01 challenge for www.duckdns.org
http-01 challenge for ******.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: unauthorized
Detail: Invalid response from
http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

Domain: www.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

lets.JPG

router.JPG

Link to comment

HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot.

 

All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away...letsencrypt.thumb.png.f602b312a55b6ec7f1cd9f6a71897ba7.png

 

CHBMB looked over my setup earlier too.

 

He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message?

Link to comment
38 minutes ago, torn8o said:

I have been reading the thread for a few days and have tried most if not all of the settings to try to get letsencrypt to work properly. I have cone to the realization that I need some help. here are my docker commands pic for port forwarding docker settings and log. Please review and point me to the right directioncommand.thumb.JPG.2c77abf0a5133ee096f6c81632ff30f7.JPG


User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.duckdns.org -d *****.duckdns.org
E-mail address entered: *******@gmail.com
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for duckdns.org
http-01 challenge for www.duckdns.org
http-01 challenge for ******.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: duckdns.org
Type: unauthorized
Detail: Invalid response from
http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

Domain: www.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

lets.JPG

router.JPG

 

Unraid gui uses port 80. Change your http port in the container to something else like port 81 and on your router forward port 80 to 81 on unraid

 

EDIT: Oops didn't realize the container has its own ip

The issue suggests that the validation server is connecting to a different webserver. Check your ip setting and make sure there isn't another machine on that ip you set for the container

 

EDIT2: I also realized that you are trying to validate "duckdns.org". You need to read the info carefully (unless you are the owner of duckdns.org, which I doubt)

Edited by aptalca
Link to comment
30 minutes ago, WannabeMKII said:

HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot.

 

All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away...letsencrypt.thumb.png.f602b312a55b6ec7f1cd9f6a71897ba7.png

 

CHBMB looked over my setup earlier too.

 

He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message?

 

I did get your message but your issue is not the ports. Your container is somehow set to use tls validation and that's why you are getting the error. Either your image is old (from before we implemented the HTTPVAL variable) or your settings are incorrect. Is there perhaps a space after the true in that variable? Can you post your docker run command that is shown after you save the settings and a new container is created?

Link to comment
30 minutes ago, WannabeMKII said:

HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot.

 

All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away...letsencrypt.thumb.png.f602b312a55b6ec7f1cd9f6a71897ba7.png

 

CHBMB looked over my setup earlier too.

 

He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message?

 

Have you tried to change the host port to 80 in the docker template like I suggested earlier? In your screenshot it still says 81. I get that it's on its own IP and you have port forwarded 80->80 on that IP but that won't do you any good if the host port in the docker template is still 81. Unless the container ignores that completely when it's on its own IP?   

Link to comment
9 minutes ago, aptalca said:

 

I did get your message but your issue is not the ports. Your container is somehow set to use tls validation and that's why you are getting the error. Either your image is old (from before we implemented the HTTPVAL variable) or your settings are incorrect. Is there perhaps a space after the true in that variable? Can you post your docker run command that is shown after you save the settings and a new container is created?

 

No space anywhere on 'true'.

 

Here's the run command;

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 81:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
0d992b727e55d3d67b94761e56853cd0ba7df419c3e8050ddb17d8304b908227

The command finished successfully!

I mentioned about dnsmadeeasy, as was going to give it a try for you, but guess it's not worth it until this is working.

Link to comment
10 minutes ago, strike said:

 

Have you tried to change the host port to 80 in the docker template like I suggested earlier? In your screenshot it still says 81. I get that it's on its own IP and you have port forwarded 80->80 on that IP but that won't do you any good if the host port in the docker template is still 81. Unless the container ignores that completely when it's on its own IP?   

 

We've tried all variations to get it to work and we're back to sharing the IP with unraid.

Link to comment
32 minutes ago, WannabeMKII said:

 

We've tried all variations to get it to work and we're back to sharing the IP with unraid.

In your run command you've got 81 mapped to 81 inside the container. That won't work because the container is listening on 80. You need to change the mapping for container 80, host 81.

Link to comment
22 minutes ago, jonathanm said:

In your run command you've got 81 mapped to 81 inside the container. That won't work because the container is listening on 80. You need to change the mapping for container 80, host 81.

 

Ah got you, sorry.

 

After changing the port, I get the following;

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 80:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
1d79d9f9dc01fd82456b2131a0311e4d33eb32a8ed50b55b026349ea5bde2033
/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (176839ccbca9b1aa09ea179adc960f4d4b1887c58ead94c06b6ef5bb2006a44e): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.

The command failed.

I guessing this is because of it being the same port and IP of unraid?

Link to comment
1 minute ago, WannabeMKII said:

 

Ah got you, sorry.

 

After changing the port, I get the following;

 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 80:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
1d79d9f9dc01fd82456b2131a0311e4d33eb32a8ed50b55b026349ea5bde2033
/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (176839ccbca9b1aa09ea179adc960f4d4b1887c58ead94c06b6ef5bb2006a44e): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.

The command failed.

I guessing this is because of it being the same port and IP of unraid?

You changed the wrong part of the port mapping. Reverse it

Link to comment
9 minutes ago, saarg said:

You changed the wrong part of the port mapping. Reverse it

 

OK. I had to delete that section and re-add it and now done;

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 444:443/tcp -p 81:80/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
2e883074e4fa57872dcfe4dbe866e245bdb871a60f8010e34cdf2bf7ca3d997c

The command finished successfully!

I've also attached the port forwarding.

 

LE logs;

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
Still using tls-sni. Please set the VALIDATION parameter in the future
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d *****.*****.***
E-mail address entered: *****.*****.***
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Hopefully this show's everything...?

forwarding.jpeg

forwarding_2.jpeg

container.png

Link to comment
Just now, CHBMB said:

You can, and make sure you delete the template.  But we're making some changes, so you might want to wait a while.....

 

OK. I'll wait for the new version to be available, then nuke everything and start again.

 

Just out of interest, what's the ETA on the new version? Are we talking hours, days...?

Link to comment
2 hours ago, WannabeMKII said:

Should I just nuke my LE container, appdata etc and start again?

 

I just ran into this problem and discovered the solution. The key is in the log.

 

ERROR: Cert does not exist! Please see the validation error above.

If you scroll up a few lines, you'll see:

Still using tls-sni. Please set the VALIDATION parameter in the future

It appears that the HTTPVAL variable changed to VALIDATION. It's an easy fix.

1. Edit the docker configuration.

2. Click "Add another Path, Port, Variable or Device" at the bottom.

3. Enter the following values:

    Config Type: Variable

    Name: HTTP Validation

    Key: VALIDATION

    Value: true

4. Click "Add."

5. Click "Apply."

 

Link to comment

Just something to think about, I swore up and down that port 80 wasnt blocked by my isp because I got on the phone with them a few months ago and had them open it up.  Well I checked again and sure enough it was closed.  it got reset for some reason or another, so make doubly sure that it is open, especially if Optimum is your isp.  Also I must have updated my docker 5 minutes after you posted the new version because I dont see any talk of the new fields, notably the validation field.  But after forcing an update everything works.  Thank you guys.

 

Is this container capable of forwarding to a service on a different ip?  I would like to add my idrac but its on a different ip/ adapter.  If this is possible are there any examples?

 

Link to comment
6 hours ago, cpshoemake said:

 

I just ran into this problem and discovered the solution. The key is in the log.

 


ERROR: Cert does not exist! Please see the validation error above.

If you scroll up a few lines, you'll see:


Still using tls-sni. Please set the VALIDATION parameter in the future

It appears that the HTTPVAL variable changed to VALIDATION. It's an easy fix.

1. Edit the docker configuration.

2. Click "Add another Path, Port, Variable or Device" at the bottom.

3. Enter the following values:

    Config Type: Variable

    Name: HTTP Validation

    Key: VALIDATION

    Value: true

4. Click "Add."

5. Click "Apply."

 

 

You might want to read the info more closely. VALIDATION=true is not a valid option. You need "http", "dns" or "tls-sni" (tls-sni currently disabled by letsencrypt for most users) 

Link to comment
4 hours ago, aptalca said:

 

You might want to read the info more closely. VALIDATION=true is not a valid option. You need "http", "dns" or "tls-sni" (tls-sni currently disabled by letsencrypt for most users) 

 

Ah ha, adding "tls-sni" = "true" has got me back up and running!

 

Port 80 is still appearing as closed though?

 

Now just to get nzbhydra2 actually loading properly.

 

Superb news though and really appreciate the constant help from everyone, absolutely legendary!

Link to comment
3 minutes ago, WannabeMKII said:

 

Ah ha, adding "tls-sni" = "true" has got me back up and running!

 

Port 80 is still appearing as closed though?

 

Now just to get nzbhydra2 actually loading properly.

 

Superb news though and really appreciate the constant help from everyone, absolutely legendary!

 

The only problem I can see with this, is when your certs need renewing.  @aptalca is the expert, so I may be wrong.

Link to comment

The latest update (from last night) seems to have broken something for me.

I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP.

I also noticed that the HTTPVAL setting was missing from the show more settings tab.

 

Any ideas what would have broken the config for me?

Here are the logs:

 


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ******.duckdns.org
E-mail address entered: **********
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ******.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html>

<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: ******.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952

 

image.png.109f66b63c8a21cd4f569d671a1c5281.png

 

image.png.57d6546676f07304bf73596ace9cc7bb.png

 

 

 

 

Link to comment
3 minutes ago, Invincible said:

The latest update (from last night) seems to have broken something for me.

I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP.

I also noticed that the HTTPVAL setting was missing from the show more settings tab.

 

Any ideas what would have broken the config for me?

Here are the logs:

 


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ******.duckdns.org
E-mail address entered: **********
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ******.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html>

<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: ******.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt
2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952

 

image.png.109f66b63c8a21cd4f569d671a1c5281.png

 

image.png.57d6546676f07304bf73596ace9cc7bb.png

 

 

 

 

 

 

Your docker shows 442 for the SSL but your forwarding in the router shows 443

Link to comment
34 minutes ago, fmp4m said:

 

 

Your docker shows 442 for the SSL but your forwarding in the router shows 443

 

If you're referring to the first image then that's the unraid internal settings (Under Settings -> Identification) not the docker settings.

I changed unraid to go to port 442 so it doesn't interfere with LE's 443 setting.

Link to comment
12 minutes ago, Invincible said:

 

If you're referring to the first image then that's the unraid internal settings (Under Settings -> Identification) not the docker settings.

I changed unraid to go to port 442 so it doesn't interfere with LE's 443 setting.

 

That's fine as long as your firewall/router is forwarding 443 externally to 442 on your Unraid box.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.