slimshizn Posted June 8, 2019 Share Posted June 8, 2019 Lets encrypt didn't give new certs, so something's up. Quote Link to comment
Seige Posted June 8, 2019 Share Posted June 8, 2019 10 hours ago, slimshizn said: Lets encrypt didn't give new certs, so something's up. This is a very brief description of your problem. What is the exact error in the log? If it used to work and now is suddenly broken, it might be because of an issue of your port 80 routing (at least in my experience this is very often the culprit). Do you know how to access the docker command line and run a cert renewal test? This usually gives you a more detailed error message. Quote Link to comment
nth_derivative Posted June 9, 2019 Share Posted June 9, 2019 I'm looking to add the node.js framework into the letsencrypt docker image, would anyone be able to assist with this? Quote Link to comment
slimshizn Posted June 9, 2019 Share Posted June 9, 2019 16 hours ago, Seige said: This is a very brief description of your problem. What is the exact error in the log? If it used to work and now is suddenly broken, it might be because of an issue of your port 80 routing (at least in my experience this is very often the culprit). Do you know how to access the docker command line and run a cert renewal test? This usually gives you a more detailed error message. Yes, I also checked the ports using outside tests and they are open. Turns out that there was an issue with Cloudflare that night, I can access my RP now outside of my network. Inside my network is still an issue, using a USG3 for my router, upnp is on, not really sure how all the sudden I don't have access to my RP locally. If I visit 192.168.*.* it works fine but if I use my webpage name it will not connect and just times out. Quote Link to comment
CHBMB Posted June 9, 2019 Share Posted June 9, 2019 Sounds like a hairpin NAT / NAT reflection issue to me Sent from my Mi A1 using Tapatalk Quote Link to comment
baconborn Posted June 11, 2019 Share Posted June 11, 2019 My ISP is blocking port 80 so I can't get certificates, is there any way around this? I've seen a little bit about DNS challenge, but from what I gather, you need to own the DNS server, which I don't so that doesn't seem like an option unless I'm misunderstanding that. I also been suggested to use a different port, but from what I've read, letsencrypt must use port 80? For my setup I used SpaceInvader's video tutorial and CyanLab's tutorial Quote Link to comment
ijuarez Posted June 11, 2019 Share Posted June 11, 2019 My ISP is blocking port 80 so I can't get certificates, is there any way around this? I've seen a little bit about DNS challenge, but from what I gather, you need to own the DNS server, which I don't so that doesn't seem like an option unless I'm misunderstanding that. I also been suggested to use a different port, but from what I've read, letsencrypt must use port 80? For my setup I used SpaceInvader's video tutorial and CyanLab's tutorialYou don't need to own your DNS server.Use cloudflare and your own domain. Sent from my SM-N960U using Tapatalk Quote Link to comment
Spoonsy1480 Posted June 11, 2019 Share Posted June 11, 2019 http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready this is what i get how do i fix this, i have absolutely no idea what this means Quote Link to comment
saarg Posted June 11, 2019 Share Posted June 11, 2019 2 hours ago, Spoonsy1480 said: http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready this is what i get how do i fix this, i have absolutely no idea what this means You are just the 264th person to ask that in this thread. 1 Quote Link to comment
slimshizn Posted June 11, 2019 Share Posted June 11, 2019 Okay I've looked up hairpin nat on the USG, looked in the config.boot file and this is what shows up. Quote port-forward { auto-firewall disable hairpin-nat enable lan-interface eth1 Should disabling this fix my issue of not seeing server.com on my local network? Quote Link to comment
CHBMB Posted June 11, 2019 Share Posted June 11, 2019 17 minutes ago, slimshizn said: Okay I've looked up hairpin nat on the USG, looked in the config.boot file and this is what shows up. Should disabling this fix my issue of not seeing server.com on my local network? You need hairpin NAT enabled. Probably better off asking support avenues for USG unless someone here knows and can answer. Quote Link to comment
Spoonsy1480 Posted June 11, 2019 Share Posted June 11, 2019 If this that wasn’t the problem I am really confused these are my settingsIt was working but now it isn’t any help would be grateful Sent from my iPhone using Tapatalk Quote Link to comment
saarg Posted June 11, 2019 Share Posted June 11, 2019 @Spoonsy1480 Did you understand my previous comment? It means to go the bleeep bleeep bleeep bleep read the previous posts in this bleep bleeep thread. And do you really think that we are supposed to read your mind about what is not working? Do you go to the garage and say: My car was working, now it isn't working. What is wrong? Quote Link to comment
Spoonsy1480 Posted June 11, 2019 Share Posted June 11, 2019 1 minute ago, saarg said: @Spoonsy1480 Did you understand my previous comment? It means to go the bleeep bleeep bleeep bleep read the previous posts in this bleep bleeep thread. And do you really think that we are supposed to read your mind about what is not working? Do you go to the garage and say: My car was working, now it isn't working. What is wrong? Yes I read you post went back through the thread an all I could find was that it didn’t matter as far as I could find out. yesterday I go to radarr.mydomain.com and today I cannot access any of them that is the only error I see. so I am stumped Quote Link to comment
saarg Posted June 11, 2019 Share Posted June 11, 2019 3 minutes ago, Spoonsy1480 said: Yes I read you post went back through the thread an all I could find was that it didn’t matter as far as I could find out. yesterday I go to radarr.mydomain.com and today I cannot access any of them that is the only error I see. so I am stumped No idea either. Quote Link to comment
linuxserver.io Posted June 11, 2019 Author Share Posted June 11, 2019 9 minutes ago, Spoonsy1480 said: Yes I read you post went back through the thread an all I could find was that it didn’t matter as far as I could find out. yesterday I go to radarr.mydomain.com and today I cannot access any of them that is the only error I see. so I am stumped That error you posted, if you'd searched this thread or the github site for the container, has nothing to do with it. As for why your stuff isn't working, no idea. Quote Link to comment
storm123 Posted June 12, 2019 Share Posted June 12, 2019 Hi guys. Thank you for the container. I've recently re-set this container up. It's mostly working perfectly. I am running two nextcloud containers - one for personal and one for work. Reverse proxy works perfectly for the home one. Reverse proxy for the work container doesn't seem to work for me - it just re-directs to the home container. Home container is called "nextcloud" and mapped to nextcloud.XXX Work container is called "nextcloud_works" and mapped to nextcloudwork.XXX. Both being run as sub-domain reverse proxies. Attached are the reverse proxy configs for both. Any help would be appreciated. Thanks nextcloudwork.subdomain.conf nextcloud.subdomain.conf Quote Link to comment
FireFtw Posted June 13, 2019 Share Posted June 13, 2019 Still looking for a working calibre subdomain config file. I have: server { listen 443 ssl; listen [::]:443 ssl; server_name calibre.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_calibre calibre; proxy_max_temp_file_size 2048m; proxy_pass http://$upstream_calibre:8083; } } with my calibre docker named 'calibre', however accessing the site gives me a bad gateway error. Any ideas? Quote Link to comment
saarg Posted June 13, 2019 Share Posted June 13, 2019 10 hours ago, FireFtw said: Still looking for a working calibre subdomain config file. I have: server { listen 443 ssl; listen [::]:443 ssl; server_name calibre.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_calibre calibre; proxy_max_temp_file_size 2048m; proxy_pass http://$upstream_calibre:8083; } } with my calibre docker named 'calibre', however accessing the site gives me a bad gateway error. Any ideas? If you are using our calibre container, have the containers on their own custom bridge, you are using the wrong port. It's either 8080 or 8081. When using the name to resolve the container, you need to use the ports internally in the containers. Quote Link to comment
aptalca Posted June 13, 2019 Share Posted June 13, 2019 15 hours ago, storm123 said: Hi guys. Thank you for the container. I've recently re-set this container up. It's mostly working perfectly. I am running two nextcloud containers - one for personal and one for work. Reverse proxy works perfectly for the home one. Reverse proxy for the work container doesn't seem to work for me - it just re-directs to the home container. Home container is called "nextcloud" and mapped to nextcloud.XXX Work container is called "nextcloud_works" and mapped to nextcloudwork.XXX. Both being run as sub-domain reverse proxies. Attached are the reverse proxy configs for both. Any help would be appreciated. Thanks nextcloudwork.subdomain.conf 1.07 kB · 0 downloads nextcloud.subdomain.conf 1.06 kB · 0 downloads Try changing the variable name to upstream_nextcloud_works Quote Link to comment
storm123 Posted June 13, 2019 Share Posted June 13, 2019 5 hours ago, aptalca said: Try changing the variable name to upstream_nextcloud_works Thanks mate. Gave it a go. I now get a connection but it goes to a 500 internal server error. Any logs I can share to help track down the final step? Quote Link to comment
FireFtw Posted June 13, 2019 Share Posted June 13, 2019 13 hours ago, saarg said: If you are using our calibre container, have the containers on their own custom bridge, you are using the wrong port. It's either 8080 or 8081. When using the name to resolve the container, you need to use the ports internally in the containers. Yep, forgot I didn't have the bridge swapped over. The internal and external ports are both 8083 on the newest docker. Quote Link to comment
DZMM Posted June 16, 2019 Share Posted June 16, 2019 Help please - my cert won't renew. It's been so long since I've had problems with LE I can't work out how to fix: Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=MyDOMAIN.com SUBDOMAINS=www,unifi,ha,nextcloud,office,home,heimdall EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.MyDOMAIN.com -d unifi.MyDOMAIN.com -d ha.MyDOMAIN.com -d nextcloud.MyDOMAIN.com -d office.MyDOMAIN.com -d home.MyDOMAIN.com -d heimdall.MyDOMAIN.com E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for MyDOMAIN.com Waiting for verification... Challenge failed for domain MyDOMAIN.com http-01 challenge for MyDOMAIN.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: MyDOMAIN.com Type: connection Detail: Fetching http://MyDOMAIN.com/.well-known/acme-challenge/r_lFlfJYMg2gmnwGbgo-4gqRceo17BLkfJUj8CXnK2A: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. Challenge failed for domain MyDOMAIN.com http-01 challenge for MyDOMAIN.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: MyDOMAIN.com Type: connection Detail: Fetching http://MyDOMAIN.com/.well-known/acme-challenge/r_lFlfJYMg2gmnwGbgo-4gqRceo17BLkfJUj8CXnK2A: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
storm123 Posted June 16, 2019 Share Posted June 16, 2019 On 6/13/2019 at 7:02 PM, storm123 said: Thanks mate. Gave it a go. I now get a connection but it goes to a 500 internal server error. Any logs I can share to help track down the final step? Anyone able to offer some wisdom with this please? Thanks Quote Link to comment
saarg Posted June 16, 2019 Share Posted June 16, 2019 10 hours ago, DZMM said: Help please - my cert won't renew. It's been so long since I've had problems with LE I can't work out how to fix: Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=MyDOMAIN.com SUBDOMAINS=www,unifi,ha,nextcloud,office,home,heimdall EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.MyDOMAIN.com -d unifi.MyDOMAIN.com -d ha.MyDOMAIN.com -d nextcloud.MyDOMAIN.com -d office.MyDOMAIN.com -d home.MyDOMAIN.com -d heimdall.MyDOMAIN.com E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for MyDOMAIN.com Waiting for verification... Challenge failed for domain MyDOMAIN.com http-01 challenge for MyDOMAIN.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: MyDOMAIN.com Type: connection Detail: Fetching http://MyDOMAIN.com/.well-known/acme-challenge/r_lFlfJYMg2gmnwGbgo-4gqRceo17BLkfJUj8CXnK2A: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. Challenge failed for domain MyDOMAIN.com http-01 challenge for MyDOMAIN.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: MyDOMAIN.com Type: connection Detail: Fetching http://MyDOMAIN.com/.well-known/acme-challenge/r_lFlfJYMg2gmnwGbgo-4gqRceo17BLkfJUj8CXnK2A: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Port 80 is most likely blocked somewhere between your ISP and the container. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.