aptalca Posted December 8, 2019 Share Posted December 8, 2019 27 minutes ago, growlith said: Were you able to get this to work with Google DNS? I have 25 subdomains and a wildcard cert seems like it would make more sense at this point. I get to the acme-challenge step and it says that it cannot find a text record. I setup the service account, the dns api, the managed zone. Not sure what I am missing. Just to confirm, are you using Google cloud dns and not Google domains dns? This only works with Google cloud dns, the paid version Quote Link to comment
BrandonG777 Posted December 8, 2019 Share Posted December 8, 2019 I ended up being successful with cloudflare dnsSent from my Pixel 2 XL using Tapatalk Quote Link to comment
WexfordStyle Posted December 8, 2019 Share Posted December 8, 2019 (edited) On 7/24/2019 at 2:22 AM, ebnerjoh said: Hi, was there recently a change on Letsencrypt? Today my websites were broken, because the certificate was not renewed. Last Renewal was in April. In the Logs I cannot find an relating error, of course there are warnings, but I do not think they are responsible for the issue. ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=familie-ebner.at SUBDOMAINS=cloud,tauchen,solar,ha,solar2,nr,nr2,wetter,wetter2,mqtt, EXTRA_DOMAINS=cloud.ff-metnitz.at,slideshow.ff-metnitz.at,backup.ff-metnitz.at, ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d cloud.familie-ebner.at -d tauchen.familie-ebner.at -d solar.familie-ebner.at -d ha.familie-ebner.at -d solar2.familie-ebner.at -d nr.familie-ebner.at -d nr2.familie-ebner.at -d wetter.familie-ebner.at -d wetter2.familie-ebner.at -d mqtt.familie-ebner.at EXTRA_DOMAINS entered, processing Extra domains processed are: -d cloud.ff-metnitz.at -d slideshow.ff-metnitz.at -d backup.ff-metnitz.at E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/ha.familie-ebner.at:42 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/mqtt.familie-ebner.at:42 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/nr.familie-ebner.at:42 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/nr2.familie-ebner.at:42 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/wetter.familie-ebner.at:42 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /config/nginx/site-confs/wetter2.familie-ebner.at:42 nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') nginx: [warn] conflicting server name "wetter.familie-ebner.at" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "wetter2.familie-ebner.at" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "wetter.familie-ebner.at" on 0.0.0.0:443, ignored nginx: [warn] conflicting server name "wetter2.familie-ebner.at" on 0.0.0.0:443, ignored Server ready Did you find a solution for this? I just updated the container yesterday and now all my sites are down with this error. EDIT: I eliminated this error by commenting out the ssl on; because apparently its not needed with the listen 443 ssl http2; However, in doing this, I now have a new error: nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3 I am not finding much on google, any advice is appreciated! Edited December 8, 2019 by WexfordStyle corrected and found another error Quote Link to comment
mattmill Posted December 10, 2019 Share Posted December 10, 2019 On 12/8/2019 at 3:44 PM, WexfordStyle said: Did you find a solution for this? I just updated the container yesterday and now all my sites are down with this error. EDIT: I eliminated this error by commenting out the ssl on; because apparently its not needed with the listen 443 ssl http2; However, in doing this, I now have a new error: nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3 I am not finding much on google, any advice is appreciated! Also having this exact problem after doing my weekly updates on Sunday. Can't seem to find a solution though? Quote Link to comment
aptalca Posted December 10, 2019 Share Posted December 10, 2019 4 hours ago, mattmill said: Also having this exact problem after doing my weekly updates on Sunday. Can't seem to find a solution though? Did you check line 3 of your ssl.conf? Quote Link to comment
WexfordStyle Posted December 11, 2019 Share Posted December 11, 2019 On 12/10/2019 at 6:34 AM, aptalca said: Did you check line 3 of your ssl.conf? I took the weak ass way out and just killed my config and started fresh. I had done it a couple of years ago and my letsencrypt config was hacked together from here and there. Much easier now thanks to the LS.io team. 👐 Quote Link to comment
TexasDave Posted December 11, 2019 Share Posted December 11, 2019 Getting "Let's Encrypt certificate expiration notice". I had thought, in the past, certs where automatically renewed? Or you could force renewal by stopping and starting LE? I can delete and start again but this just started happening in the past few weeks. All was good previously. Just wondering as in the notes above others are having some weirdness. I can submit logs if that helps? Quote Link to comment
Tucubanito07 Posted December 11, 2019 Share Posted December 11, 2019 7 minutes ago, TexasDave said: Getting "Let's Encrypt certificate expiration notice". I had thought, in the past, certs where automatically renewed? Or you could force renewal by stopping and starting LE? I can delete and start again but this just started happening in the past few weeks. All was good previously. Just wondering as in the notes above others are having some weirdness. I can submit logs if that helps? I would. That would help to troubleshoot. 1 Quote Link to comment
TexasDave Posted December 11, 2019 Share Posted December 11, 2019 Log from starting earkier today....deleted email and domains. ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=duckdns.org SUBDOMAINS=aaa,bbb,ccc EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d aaa -d bbbb -d cccc E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready Quote Link to comment
saarg Posted December 11, 2019 Share Posted December 11, 2019 50 minutes ago, TexasDave said: Log from starting earkier today....deleted email and domains. ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=duckdns.org SUBDOMAINS=aaa,bbb,ccc EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d aaa -d bbbb -d cccc E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready Did you check the certificate if it's really expiring? The certificate is renewed at night, so be sure to leave you server on or else it will not be renewed. you can also just add a new fake subdomain to trigger a new certificate. 1 Quote Link to comment
TexasDave Posted December 12, 2019 Share Posted December 12, 2019 I used this handy site (check-your-website.server-daten.de) to check and yes, the certs were expiring. In the docker I deleted one of my domains, then added it back, and now I am back on the 90 day window (cheating, I know). I suspect that it relates to a restore I had to do a few months ago and it is now just manifesting itself. But now sorted... Two side questions - how do you access certbot or ssl-cert from the command line in unRAID? Or how can I check cert status directly from unRAID rather than using a 3rd party site? Just curious. Thanks! Quote Link to comment
CHBMB Posted December 12, 2019 Share Posted December 12, 2019 I used this handy site (check-your-website.server-daten.de) to check and yes, the certs were expiring. In the docker I deleted one of my domains, then added it back, and now I am back on the 90 day window (cheating, I know). I suspect that it relates to a restore I had to do a few months ago and it is now just manifesting itself. But now sorted... Two side questions - how do you access certbot or ssl-cert from the command line in unRAID? Or how can I check cert status directly from unRAID rather than using a 3rd party site? Just curious. Thanks!Load your site in the browser and check the cert in Chrome/Firefox Sent from my Mi A1 using Tapatalk 1 Quote Link to comment
TexasDave Posted December 14, 2019 Share Posted December 14, 2019 Quote Load your site in the browser and check the cert in Chrome/Firefox Doowp! Many thanks and super easy.... Quote Link to comment
josh1014 Posted December 14, 2019 Share Posted December 14, 2019 Hello, wondering if an expert can immediately identify the problem here to save me some time messing with my app subfolder conf. I have my webapp accessible via https://mydomain.duckdns.org:444/appname/ this successfully brings you to the login page for this webapp. Once you submit your credentials, you get sent to: https://mydomain.duckdns.org/appname/entrance/ instead of https://mydomain.duckdns.org:444/appname/entrance/ if you go ahead and add the port back in then you’re fine the rest of the way, but that initial login causes the port to disappear from the URL. location ^~ /appname { auth_basic “Restricted”; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://appname:80; } Any ideas what I need to add to solve this? Thanks! Quote Link to comment
aptalca Posted December 14, 2019 Share Posted December 14, 2019 1 hour ago, josh1014 said: Hello, wondering if an expert can immediately identify the problem here to save me some time messing with my app subfolder conf. I have my webapp accessible via https://mydomain.duckdns.org:444/appname/ this successfully brings you to the login page for this webapp. Once you submit your credentials, you get sent to: https://mydomain.duckdns.org/appname/entrance/ instead of https://mydomain.duckdns.org:444/appname/entrance/ if you go ahead and add the port back in then you’re fine the rest of the way, but that initial login causes the port to disappear from the URL. location ^~ /appname { auth_basic “Restricted”; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://appname:80; } Any ideas what I need to add to solve this? Thanks! Probably the app redirecting to the host address without the port Quote Link to comment
maxse Posted December 18, 2019 Share Posted December 18, 2019 Hey guys, I'm looking to set up minio with LE, however, I don't see a minio in the config files. Could someone help me out with how to make a config file for it? I really don't have a clue how to write them or what it needs to say. Would appreciate some help with this. Thanks so much! Quote Link to comment
SDEN Posted December 20, 2019 Share Posted December 20, 2019 Hi, Im trying to get an conf made for traccar, found this, but it doesnt work, so can someone point me in a direction why it fails, or perhaps share a working conf? server { listen IP:80; server_name DOMAIN.COM; location / { proxy_pass http://127.0.0.1:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/socket { proxy_pass http://localhost:8082/api/socket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Quote Link to comment
aptalca Posted December 20, 2019 Share Posted December 20, 2019 (edited) 5 hours ago, SDEN said: Hi, Im trying to get an conf made for traccar, found this, but it doesnt work, so can someone point me in a direction why it fails, or perhaps share a working conf? server { listen IP:80; server_name DOMAIN.COM; location / { proxy_pass http://127.0.0.1:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/socket { proxy_pass http://localhost:8082/api/socket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Both localhost and 127.0.0.1 refer to locations inside the letsencrypt container. Replace that with an address letsencrypt can use to access traccar Also it's set to listen only on port 80, which is not right. Don't copy paste a config from elsewhere. Take an existing proxy conf and modify accordingly. Also see the examples provided in the default site conf. Edited December 20, 2019 by aptalca 1 Quote Link to comment
Technazz Posted December 21, 2019 Share Posted December 21, 2019 (edited) I have this working on my unraid server with sonarr, radarr, nextcloud and plex. But i have another Unbuntu NUC server running Invoice Ninja. I have made a subdomain for it but how do I create a .conf to file for it to use outside of the docker network? Thanks Edited December 21, 2019 by Technazz Quote Link to comment
aptalca Posted December 22, 2019 Share Posted December 22, 2019 6 hours ago, Technazz said: I have this working on my unraid server with sonarr, radarr, nextcloud and plex. But i have another Unbuntu NUC server running Invoice Ninja. I have made a subdomain for it but how do I create a .conf to file for it to use outside of the docker network? Thanks Modify an existing conf and use the ip in the proxy pass directive Quote Link to comment
hypermmi Posted December 23, 2019 Share Posted December 23, 2019 Hi, Everything is working for me but my logs get cleared. Can I turn this off? I think they're getting cleared every week or so. Thanks Quote Link to comment
aptalca Posted December 23, 2019 Share Posted December 23, 2019 2 hours ago, hypermmi said: Hi, Everything is working for me but my logs get cleared. Can I turn this off? I think they're getting cleared every week or so. Thanks They get rotated weekly. You should have logs for up to a year Quote Link to comment
drawmonster Posted December 26, 2019 Share Posted December 26, 2019 (edited) Just had my certificates expire. Restarted the LE container several times, but it never tried to renew the cert. I also backup my appdata every night, so the container gets restarted nightly. Ended up having to run the renew command manually. I had gotten some emails saying the certificates were set to expire today, but I just assumed that was normal and that they would get renewed automatically. Guess not. cronjob running on Sun Nov 17 02:08:00 CST 2019 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2019-12-26 (skipped) No renewals were attempted. No hooks were run. I found this repeated over and over in the letsencrypt logs. So it new it was expiring, but never renewed it. Is there anything glaringly obvious that would keep the LE container from renewing the certificates automatically? Edited December 26, 2019 by drawmonster Quote Link to comment
saarg Posted December 26, 2019 Share Posted December 26, 2019 3 hours ago, drawmonster said: Just had my certificates expire. Restarted the LE container several times, but it never tried to renew the cert. I also backup my appdata every night, so the container gets restarted nightly. Ended up having to run the renew command manually. I had gotten some emails saying the certificates were set to expire today, but I just assumed that was normal and that they would get renewed automatically. Guess not. cronjob running on Sun Nov 17 02:08:00 CST 2019 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2019-12-26 (skipped) No renewals were attempted. No hooks were run. I found this repeated over and over in the letsencrypt logs. So it new it was expiring, but never renewed it. Is there anything glaringly obvious that would keep the LE container from renewing the certificates automatically? Don't run commands to renew the certificate yourself. Is your time and date in unraid correct? You can trigger an update by simply adding a subdomain. After that, you can remove it. Quote Link to comment
RossEm Posted December 27, 2019 Share Posted December 27, 2019 hello! am i able to use lets encrypt over a diffrent port? i have a wordpress inside the www folder and run nextcloud. is it able i can run bitwarden aswell? preferably on port 443 but port 8080 will also work. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.