WyoFarr Posted January 14, 2020 Share Posted January 14, 2020 29 minutes ago, aptalca said: That ip is what letsencrypt is getting for your domain name. Check your dns settings if that is not your public ip most definitely not what duck DNS is pointing to...if I enter the url that I'm redirecting to duck DNS without port forwarding on and the firewall letting the connection through I get to my routers login page. It's the only reason I'm still working under the assumption that this is a router or docker config issue. If we think duck DNS is the issue, I can just redirect to my ip from my domain. and worry about updating it when/if it changes. I Quote Link to comment
anongum Posted January 15, 2020 Share Posted January 15, 2020 I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud. The error is ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The whole log is User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=duckdns.org SUBDOMAINS=xxx,yyy,zzz EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=***@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org E-mail address entered: ***@gmail.com http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/zzz.duckdns.org/privkey.pem Your cert will expire on 2020-04-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Now, the dns should be configured correctly yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts. I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding) I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques. Quote Link to comment
saarg Posted January 15, 2020 Share Posted January 15, 2020 2 hours ago, anongum said: I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud. The error is ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The whole log is User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=duckdns.org SUBDOMAINS=xxx,yyy,zzz EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=***@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org E-mail address entered: ***@gmail.com http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/zzz.duckdns.org/privkey.pem Your cert will expire on 2020-04-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Now, the dns should be configured correctly yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts. I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding) I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques. The error in the beginning of the post is not in the full log you posted. In the log it says the certificate was created. Without your docker run command its hard to say if your port forwarding is correct. What does not work? Quote Link to comment
aptalca Posted January 16, 2020 Share Posted January 16, 2020 9 hours ago, anongum said: I'm having trouble setting up letsencrypt. Like many people here I've learned about this in the spaceinvaderone video about nextcloud. The error is ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The whole log is User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=duckdns.org SUBDOMAINS=xxx,yyy,zzz EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=***@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d xxx.duckdns.org -d zzz.duckdns.org -d yyy.duckdns.org E-mail address entered: ***@gmail.com http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/zzz.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/zzz.duckdns.org/privkey.pem Your cert will expire on 2020-04-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Now, the dns should be configured correctly yet when trying to access it from remote it doesn't load anything, it doesn't matter if the ports are open or closed. I also have a dyndns account, configured in the settings of the router (a crappy zyxel) - from there when portforwarding I can also access the webui from remote, but for obvious reasons I don't want that, so I'm using duckdns. I don't know if this is the problem. This is the portforwarding page on my router. As you can see, as the noob I am, I wasn't sure if I needed to open the internal (translation ports) or external port (start-end ports), so I alternatively tried both configuration. Obviously I got the same results for both attempts. I also created a duckdns container as specified in the video (which is this one, minute 10 starts to talk about the portforwarding) I honestly don't know how to deal with this, so I hope there's someone willing to suggest me some troubleshooting techniques. https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
norsemanGrey Posted January 16, 2020 Share Posted January 16, 2020 When attempting to use the latest image to get a wildcard certificate for my domain at Domeneshop I seem to get a "No TXT record found at _acme-challenge.<my domain>.no". It seems at least the API keys work and that the Certbot gets access to my account. Not sure why, but the challenge seems to run two times. Output from log below: Obtaining a new certificate Performing the following challenges: dns-01 challenge for <my domain>.no dns-01 challenge for <my domain>.no Unsafe permissions on credentials configuration file: /config/dns-conf/domeneshop.ini Waiting 60 seconds for DNS changes to propagate Waiting for verification... Challenge failed for domain <my domain>.no Challenge failed for domain <my domain>.no dns-01 challenge for <my domain>.no dns-01 challenge for <my domain>.no Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: <my domain>.no Type: unauthorized Detail: No TXT record found at _acme-challenge.<my domain>.no Domain: <my domain>.no Type: unauthorized Detail: No TXT record found at _acme-challenge.<my domain>.no To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. I guess it can be and issue with the Domeneshop plugin, but just thought I would check here in case I missed something. This is the docker compose file i used: version: '2' services: letsencrypt: image: linuxserver/letsencrypt container_name: letsencrypt cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=1000 - TZ=Europe/Oslo - URL=<my domain>.no - SUBDOMAINS=wildcard - VALIDATION=dns - DNSPLUGIN=domeneshop - EMAIL=<my email> - DHLEVEL=4096 ports: - 443:443 volumes: - /home/<min bruker>/appdata/letsencrypt/config:/config restart: unless-stopped Quote Link to comment
anongum Posted January 16, 2020 Share Posted January 16, 2020 14 hours ago, saarg said: The error in the beginning of the post is not in the full log you posted. In the log it says the certificate was created. Without your docker run command its hard to say if your port forwarding is correct. What does not work? Yeah my bad, I omitted that part but the error comes literally just after the last line of the log. This is the docker run command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --log-opt max-size='50m' --log-opt max-file='1' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='***@gmail.com' -e 'URL'='duckdns.org ' -e 'SUBDOMAINS'='xxx,yyy,zzz' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' 70ac0257d8a22cfa4321672616cf52ace9bd6809870b721300e1e9dfe5915893 The command finished successfully! I think the problem lies in my router. I'm gonna buy another one (fritzbox 5790) and test if the portforwarding works better. Quote Link to comment
saarg Posted January 16, 2020 Share Posted January 16, 2020 12 hours ago, norsemanGrey said: When attempting to use the latest image to get a wildcard certificate for my domain at Domeneshop I seem to get a "No TXT record found at _acme-challenge.<my domain>.no". It seems at least the API keys work and that the Certbot gets access to my account. Not sure why, but the challenge seems to run two times. Output from log below: Obtaining a new certificate Performing the following challenges: dns-01 challenge for <my domain>.no dns-01 challenge for <my domain>.no Unsafe permissions on credentials configuration file: /config/dns-conf/domeneshop.ini Waiting 60 seconds for DNS changes to propagate Waiting for verification... Challenge failed for domain <my domain>.no Challenge failed for domain <my domain>.no dns-01 challenge for <my domain>.no dns-01 challenge for <my domain>.no Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: <my domain>.no Type: unauthorized Detail: No TXT record found at _acme-challenge.<my domain>.no Domain: <my domain>.no Type: unauthorized Detail: No TXT record found at _acme-challenge.<my domain>.no To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. I guess it can be and issue with the Domeneshop plugin, but just thought I would check here in case I missed something. This is the docker compose file i used: version: '2' services: letsencrypt: image: linuxserver/letsencrypt container_name: letsencrypt cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=1000 - TZ=Europe/Oslo - URL=<my domain>.no - SUBDOMAINS=wildcard - VALIDATION=dns - DNSPLUGIN=domeneshop - EMAIL=<my email> - DHLEVEL=4096 ports: - 443:443 volumes: - /home/<min bruker>/appdata/letsencrypt/config:/config restart: unless-stopped This is a support thread for unraid users. Since you are not using unraid, please post it in our Discourse forum or use Discord. Quote Link to comment
norsemanGrey Posted January 17, 2020 Share Posted January 17, 2020 10 hours ago, saarg said: This is a support thread for unraid users. Since you are not using unraid, please post it in our Discourse forum or use Discord. Right you are. Thanks for the notice. Quote Link to comment
amviewer Posted January 17, 2020 Share Posted January 17, 2020 On 12/3/2018 at 12:13 AM, smdion said: Set the X-Ldap-URL to the server where you have Duo's Auth_Proxy installed and setup. You now have 2FA on all logins that are sent by the ldap-auth docker. ProxyCache/AuthCache needs to be enabled. Works great. Thanks! I'm very curious how you managed to do this, as I'm trying to do the same but I get TLS issues connecting to the DUO Authentication Proxy from the NGINX LDAP companion. Radius works fine from there but NGINX needs to have LDAP. I'm using this container for the DUO Authentication Proxy https://github.com/jumanjihouse/docker-duoauthproxy Can you share your DUO Authentication Proxy config for the [ldap_server_auto] ? Quote Link to comment
jjthacker Posted January 17, 2020 Share Posted January 17, 2020 Literally just upgraded the container to the latest version and now cannot access any of the sites/servers on my unraid box. When I look at my logs I am getting the error message shown below: Thanks for any help, Jason Quote Link to comment
smdion Posted January 17, 2020 Share Posted January 17, 2020 12 hours ago, amviewer said: I'm very curious how you managed to do this, as I'm trying to do the same but I get TLS issues connecting to the DUO Authentication Proxy from the NGINX LDAP companion. Radius works fine from there but NGINX needs to have LDAP. I'm using this container for the DUO Authentication Proxy https://github.com/jumanjihouse/docker-duoauthproxy Can you share your DUO Authentication Proxy config for the [ldap_server_auto] ? So I abandoned this for Google's OAUTH using the quay.io/pusher/oauth2_proxy container. Not sure how I had the LDAP setup before. Quote Link to comment
anongum Posted January 17, 2020 Share Posted January 17, 2020 On 1/15/2020 at 9:34 PM, saarg said: What does not work? On 1/16/2020 at 4:46 AM, aptalca said: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ I changed router. I'm using a fritzbox 5790 now, the ports are open but I can't get past this error. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Considering the screen I already provided in the previous posts too, what could the problem be? Quote Link to comment
saarg Posted January 17, 2020 Share Posted January 17, 2020 2 minutes ago, anongum said: I changed router. I'm using a fritzbox 5790 now, the ports are open but I can't get past this error. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Considering the screen I already provided in the previous posts too, what could the problem be? Please post full logs, not only the error. Earlier log you showed a cert was generated. You can use staging to test so you don't get rate limited. Did you read the blog post you linked? Have you tried setting up the nginx container to see if you can access it on port 80 remotely or if your isp blocks port 80? Quote Link to comment
aptalca Posted January 18, 2020 Share Posted January 18, 2020 5 hours ago, jjthacker said: Literally just upgraded the container to the latest version and now cannot access any of the sites/servers on my unraid box. When I look at my logs I am getting the error message shown below: Thanks for any help, Jason It's been discussed to death. Harmless lua error. Unrelated. Server ready means nginx is up and running. Check your dns settings and port forwarding Quote Link to comment
jjthacker Posted January 18, 2020 Share Posted January 18, 2020 6 minutes ago, aptalca said: It's been discussed to death. Harmless lua error. Unrelated. Server ready means nginx is up and running. Check your dns settings and port forwarding Thanks for the advice. Turns out that the port forwarding on my router was screwed up when I changed the NIC in my server. Turns out it did port forwarding by MAC address not IP address. Quote Link to comment
aptalca Posted January 18, 2020 Share Posted January 18, 2020 16 hours ago, jjthacker said: Thanks for the advice. Turns out that the port forwarding on my router was screwed up when I changed the NIC in my server. Turns out it did port forwarding by MAC address not IP address. Glad to hear you figured it out. And just an fyi, "Literally just upgraded the container to the latest version" often means "I changed a bunch of other things as well but I can't remember at the moment" 😉 1 Quote Link to comment
izarkhin Posted January 18, 2020 Share Posted January 18, 2020 (edited) On 1/12/2020 at 7:49 PM, aptalca said: Look into hairpin nat On 1/12/2020 at 11:26 AM, izarkhin said: Hi guys! I really hope somebody can help me here. I switched from Comcast to AT&T Gigabit last week. AT&T forces you to use their own gateway. I configured it for IP passthrough in order to keep my Advanced Tomato wireless router setup. Now I can't access my duckdns subdomain from LAN. Externally everything still works. Here are the symptoms: [mysubdomain].duckdns.org works fine externally [mysubdomain].duckdns.org from LAN says "Establishing secure connection..." and then "This site can't be reached" I can successfully ping [mysubdomain].duckdns.org from LAN and get public IP back I can successfully trace [mysubdomain].duckdns.org from LAN duckdns.org website shows the correct public IP my Advanced Tomato router shows the correct public IP address forwarded to its WAN port I restarted letsencrypt container and didn't see any errors in the log I restarted duckdns container and didn't see any errors in the log I didn't make any changes, other that replacing Comcast cable modem with AT&T gateway and configuring it for IP passthrough. I. e. port forwarding, nginx config, etc. are still the same and it worked fine before What am I missing? How can I troubleshoot? On 1/12/2020 at 7:49 PM, aptalca said: Look into hairpin nat NAT Loopback is set to "All" and NAT Target - to "MASQUERADE" (as they have been before), so I don't think that's it. Here is an abbreviated output of the "iptables -n -L -v -t nat" command: Chain PREROUTING (policy ACCEPT 5731 packets, 389K bytes) pkts bytes target prot opt in out source destination 92 5686 WANPREROUTING all -- * * 0.0.0.0/0 [public IP] Chain POSTROUTING (policy ACCEPT 26 packets, 1620 bytes) pkts bytes target prot opt in out source destination 5110 330K MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0 Chain WANPREROUTING (1 references) pkts bytes target prot opt in out source destination 1 44 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:[Advanced Tomato IP] 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:[unRAID IP]:[letsencrypt HTTPS PORT] 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:[unRAID IP]:[letsencrypt HTTP PORT] My understanding is that, according to this, all outbound requests for my duckdns subdomain from LAN should be pre-routed to [public IP] and then post-routed back to letsencrypt. Am I wrong? Edited January 18, 2020 by izarkhin Quote Link to comment
amviewer Posted January 18, 2020 Share Posted January 18, 2020 22 hours ago, smdion said: So I abandoned this for Google's OAUTH using the quay.io/pusher/oauth2_proxy container. Not sure how I had the LDAP setup before. Ah too bad I like the duo authentication app. I'll have a look at oauth2 as well. Quote Link to comment
IKWeb Posted January 20, 2020 Share Posted January 20, 2020 (edited) Hello All Issue sorted. Edited January 20, 2020 by IKWeb Quote Link to comment
blaine07 Posted January 20, 2020 Share Posted January 20, 2020 Hello All Hopefully someone will be able to help as I cant work out what could be wrong and its driving me nuts I have followed all the video's I can find on getting Lets Encrypt working with NextCloud - Works fine till I edit the config files and try and get it to work via an external domain Below are my configs minus any personal data. NEXTCLOUD.SUBDOMAIN.CONF server { listen 443 ssl; listen [::]:443 ssl; server_name downloads.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } CONFIG.PHP (from NextCloud) <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc4vag78a6fo', 'passwordsalt' => 'liPhgdvDE1exeucvrm9n9Lms3BWZAP', 'secret' => '1dETA0S8OmAO7FD4KxsC+AD/xlwDXpVNE8RP7FkrhNT+Of0m', 'trusted_domains' => array ( 0 => '192.168.0.70:444', 1 => 'downloads.ikweb.co.uk', ), 'overwrite.cli.url' => 'https://downloads.google.co.uk', 'overwritehost' => 'downloads.google.co.uk', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '17.0.2.1', 'dbname' => 'nextclouddb', 'dbhost' => '192.168.0.70:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud-user', 'dbpassword' => 'Password', 'installed' => true, ); But with the above configs in place all I get is the image below. Both NextCloud and LetsEncrypt and on there own network within Docker. as per the videos from Spaceinvador but I am buggered if I can get it working. Any help would be very welcome. I’m far from a expert but I’d imagine the Overwrite Host/CLI can’t point a domain you don’t control. Not sure about yours specifically but I’m my a nextcloud.subdomain.conf I had to have my server name as its url, not a name.*. It never did work right having it that way for me despite having first part of subdomain correct. Quote Link to comment
IKWeb Posted January 20, 2020 Share Posted January 20, 2020 10 minutes ago, blaine07 said: I’m far from a expert but I’d imagine the Overwrite Host/CLI can’t point a domain you don’t control. Not sure about yours specifically but I’m my a nextcloud.subdomain.conf I had to have my server name as its url, not a name.*. It never did work right having it that way for me despite having first part of subdomain correct. Just for info downloads.google.co.uk isnt a domain I own, i used this as an example. When this has my domain in for example downloads.mydomain.co.uk - is when i get the error. I removed my personal URL so it doesnt get hit by all the bots that pull info from forums 🙂 Quote Link to comment
blaine07 Posted January 20, 2020 Share Posted January 20, 2020 Just for info downloads.google.co.uk isnt a domain I own, i used this as an example. When this has my domain in for example downloads.mydomain.co.uk - is when i get the error. I removed my personal URL so it doesnt get hit by all the bots that pull info from forums Well a few lines up your domain, I assume, still is there by “array”... if that’s the case. Quote Link to comment
SavellM Posted January 21, 2020 Share Posted January 21, 2020 (edited) Hi guys So I setup letsencrypt last night. My domains are pointing to cloudflare and then I have my sub domains as A Records. Now I used DNS as verification and put my cloudflare api key into letsencrypt. And when I check the logs it says Server Ready. I then renamed the config files for sonar.sub-domain.conf-sample and removed the sample. Same for radarr and nzbget and some others. Restarted letsencrypt and the entire server no dice. I just get a cloudflare host is unavailable. Is there something specific I need to do to use cloudflare with my sub domains? Ps all my dockers are from linuxserver.io Is there some specific setup I need to do when using Cloudflare for my sub domains using A Records? I see people always mention CNAME. I have a static IP at home so I dont need DuckDNS. I keep getting Error 522 Connection Timed Out, Host Error from Cloudflare. Thanks Docker Log: https://pastebin.com/mPqxRFrq Edited January 21, 2020 by SavellM Quote Link to comment
aptalca Posted January 21, 2020 Share Posted January 21, 2020 1 hour ago, SavellM said: Hi guys So I setup letsencrypt last night. My domains are pointing to cloudflare and then I have my sub domains as A Records. Now I used DNS as verification and put my cloudflare api key into letsencrypt. And when I check the logs it says Server Ready. I then renamed the config files for sonar.sub-domain.conf-sample and removed the sample. Same for radarr and nzbget and some others. Restarted letsencrypt and the entire server no dice. I just get a cloudflare host is unavailable. Is there something specific I need to do to use cloudflare with my sub domains? Ps all my dockers are from linuxserver.io Is there some specific setup I need to do when using Cloudflare for my sub domains using A Records? I see people always mention CNAME. I have a static IP at home so I dont need DuckDNS. I keep getting Error 522 Connection Timed Out, Host Error from Cloudflare. Thanks Docker Log: https://pastebin.com/mPqxRFrq 1) turn off cloudflare proxy 2) fix your port forwarding Quote Link to comment
SavellM Posted January 21, 2020 Share Posted January 21, 2020 (edited) @aptalca Cloudflare has been set to DNS only on each A record, unless there is somewhere else? Also Port Forwarding shouldnt matter as its doing DNS verification. Or do I still need to port forward 80 and 443 to unRAID? With DNS I thought it wouldnt need the ports anymore, and as you can see from the logs its kinda working? Ok re-enabled my port forwarding and I think its working... derp Also wouldnt using the Cloudflare proxy be of benefit? Edited January 21, 2020 by SavellM Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.