TechMed Posted February 11, 2020 Share Posted February 11, 2020 no problem; wish we could have solved it As Ed makes it pretty straightforward. good luck! maybe post your solution so others that run into the same issue can find an answer. Quote Link to comment
JonathanM Posted February 11, 2020 Share Posted February 11, 2020 1 hour ago, nik82 said: duckdns.org is set as the domain There's your problem. You don't own or control duckdns.org Quote Link to comment
TechMed Posted February 12, 2020 Share Posted February 12, 2020 @jonathanm 1 hour ago, jonathanm said: You don't own or control duckdns.org 😉that's what I was trying to get at and teach at the same time. BTW... any chance you could shed any light on my question? Quote Link to comment
JonathanM Posted February 12, 2020 Share Posted February 12, 2020 5 minutes ago, TechMed said: BTW... any chance you could shed any light on my question? Do all your containers use the same IP? Quote Link to comment
TechMed Posted February 12, 2020 Share Posted February 12, 2020 (edited) Edit: just realized I inserted my image over the text @jonathanm as directed LE and NC are on the self-created proxy network. However, they are all on the same IP which is that of the server. Is that what you mean? Edited February 12, 2020 by TechMed just realized I inserted my image over the text Quote Link to comment
Mirano Posted February 12, 2020 Share Posted February 12, 2020 19 hours ago, Mirano said: Perfect thank you, Regarding this. The website loads but upon opening the Shell or looking at processor graph. it doesn't seem to work, did i do something wrong? Does anyone know what i did wrong? i really want to have this working! Can't wait to hear from you guys! Quote Link to comment
norbertt Posted February 12, 2020 Share Posted February 12, 2020 Hello guys! ITs good to be here:) I am just made a quick reverseproxy setup and I got a questons I would like to setup a fail2ban with this docker. There is a good and easy guide for this? Thank you Quote Link to comment
aptalca Posted February 13, 2020 Share Posted February 13, 2020 6 hours ago, norbertt said: Hello guys! ITs good to be here:) I am just made a quick reverseproxy setup and I got a questons I would like to setup a fail2ban with this docker. There is a good and easy guide for this? Thank you Info in the readme Quote Link to comment
norbertt Posted February 13, 2020 Share Posted February 13, 2020 3 hours ago, aptalca said: Info in the readme I am trying to setup f2b for bitwardenrss, about this: https://github.com/dani-garcia/bitwarden_rs/wiki/Fail2Ban-Setup The jail is running and i have no error but its not working. filter bitwardenrs.conf [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$ ignoreregex = jail: # This is the custom version of the jail.conf for fail2ban # Feel free to modify this and add additional filters # Then you can drop the new filter conf files into the fail2ban-filters # folder and restart the container [DEFAULT] # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 5 [ssh] enabled = false [nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /config/log/nginx/error.log [nginx-badbots] enabled = true port = http,https filter = nginx-badbots logpath = /config/log/nginx/access.log maxretry = 2 [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = /config/log/nginx/access.log [bitwardenrs] enabled = true port = http,https filter = bitwardenrs logpath = /config/log/nginx/access.log maxretry = 3 bantime = 14400 findtime = 14400 What am I missing? Quote Link to comment
aptalca Posted February 13, 2020 Share Posted February 13, 2020 3 hours ago, norbertt said: I am trying to setup f2b for bitwardenrss, about this: https://github.com/dani-garcia/bitwarden_rs/wiki/Fail2Ban-Setup The jail is running and i have no error but its not working. filter bitwardenrs.conf [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$ ignoreregex = jail: # This is the custom version of the jail.conf for fail2ban # Feel free to modify this and add additional filters # Then you can drop the new filter conf files into the fail2ban-filters # folder and restart the container [DEFAULT] # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 5 [ssh] enabled = false [nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /config/log/nginx/error.log [nginx-badbots] enabled = true port = http,https filter = nginx-badbots logpath = /config/log/nginx/access.log maxretry = 2 [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = /config/log/nginx/access.log [bitwardenrs] enabled = true port = http,https filter = bitwardenrs logpath = /config/log/nginx/access.log maxretry = 3 bantime = 14400 findtime = 14400 What am I missing? Logpath should point to bitwarden logs. You need to map that folder in letsencrypt 2 Quote Link to comment
malte Posted February 14, 2020 Share Posted February 14, 2020 In case you want to isolate the docker containers - Just delete the port mappings and you are golden. No more access through the host IP, only through your configured letsencrypt container. Quote Link to comment
.youngspace Posted February 16, 2020 Share Posted February 16, 2020 Hi guys, I tried installing letsencrypt and watched Spaceinvaders Video about that a couple of times now, but I cant manage to get the certificate working... What I'm trying to do is setting up a reverse proxy, so I can use all of my dockers from anywhere. (like storage.youngspace.xyz pointing to the Nextcloud docker or Stations.youngspace.xyz pointing to guacamole). At this point I've set up a DDNS with Namecheap, but it looks like the IP does not automatically update. Im very sure it does have something to do with my Port forwardings or my Domain setup. (I opened Port 1443, 443, 80, 180) I would be very happy if someone could help me letsencrypt log: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=youngspace.xyz SUBDOMAINS=stations EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d stations.youngspace.xyz E-mail address entered: [email protected] http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: /usr/lib/python3.8/site-packages/digitalocean/LoadBalancer.py:19: SyntaxWarning: "is" with a literal. Did you mean "=="? if type is 'cookies': Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for stations.youngspace.xyz http-01 challenge for youngspace.xyz Waiting for verification... Challenge failed for domain youngspace.xyz Challenge failed for domain youngspace.xyz Challenge failed for domain stations.youngspace.xyz http-01 challenge for youngspace.xyz http-01 challenge for stations.youngspace.xyz Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: youngspace.xyz Type: connection Detail: Fetching http://youngspace.xyz/.well-known/acme-challenge/ps1sdQlZOvddALe_-cWAA_fPzt78aLvDmFwxQHqUUc4: Error getting validation data Domain: stations.youngspace.xyz Type: connection Detail: Fetching http://stations.youngspace.xyz/.well-known/acme-challenge/a8ULSr2_IHrC2rKuYckXmwU93d_ZuOgInKhPX8ms41w: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
aptalca Posted February 16, 2020 Share Posted February 16, 2020 8 hours ago, .youngspace said: Hi guys, I tried installing letsencrypt and watched Spaceinvaders Video about that a couple of times now, but I cant manage to get the certificate working... What I'm trying to do is setting up a reverse proxy, so I can use all of my dockers from anywhere. (like storage.youngspace.xyz pointing to the Nextcloud docker or Stations.youngspace.xyz pointing to guacamole). At this point I've set up a DDNS with Namecheap, but it looks like the IP does not automatically update. Im very sure it does have something to do with my Port forwardings or my Domain setup. (I opened Port 1443, 443, 80, 180) I would be very happy if someone could help me letsencrypt log: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=youngspace.xyz SUBDOMAINS=stations EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d stations.youngspace.xyz E-mail address entered: [email protected] http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: /usr/lib/python3.8/site-packages/digitalocean/LoadBalancer.py:19: SyntaxWarning: "is" with a literal. Did you mean "=="? if type is 'cookies': Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for stations.youngspace.xyz http-01 challenge for youngspace.xyz Waiting for verification... Challenge failed for domain youngspace.xyz Challenge failed for domain youngspace.xyz Challenge failed for domain stations.youngspace.xyz http-01 challenge for youngspace.xyz http-01 challenge for stations.youngspace.xyz Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: youngspace.xyz Type: connection Detail: Fetching http://youngspace.xyz/.well-known/acme-challenge/ps1sdQlZOvddALe_-cWAA_fPzt78aLvDmFwxQHqUUc4: Error getting validation data Domain: stations.youngspace.xyz Type: connection Detail: Fetching http://stations.youngspace.xyz/.well-known/acme-challenge/a8ULSr2_IHrC2rKuYckXmwU93d_ZuOgInKhPX8ms41w: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/ And https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
CJandDarren Posted February 17, 2020 Share Posted February 17, 2020 (edited) Hey folks, Just installed the letsencrypt and came across this alert nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) As I am just starting out with Unraid and dockers is this a worry? Edited February 17, 2020 by CJandDarren Quote Link to comment
MacDingo Posted February 17, 2020 Share Posted February 17, 2020 Greetings I have a couple of questions regarding the (automated?) certificate renewal of the LetsEncrypt container: I have recently set up my first reverse proxy following Ed's tutorial and everything seems to be working fine. Since I am not yet actively running any apps behind the reverse proxy, I have stopped the LetsEncrypt container and closed the relevant ports on my firewall. However, I now have received my first email notification saying my certs will expire in the coming 2 weeks. My understanding is, and please correct me if I am wrong, that while the container is actively running, there is a Cron job running every night at 2 AM to auto-renew the certs? 1) Is that a fully automated renewal where I don't need to do anything? Or do I need to push any commands manually? 2) Is that a daily or a weekly check? I seem to have read contradicting statements about this. 3) Is it possible for me to modify that 2AM hour and set my own time of the day? Since I am not actively running the container for now I'd rather not wait until 2AM to try it out. Yes I know I can just leave it running and check the next day, but I am still very cautious about having ports 80 and 443 open to the Internet. For now I would prefer just to open the ports on a per need basis when I renew the certs. Many thanks in advance for any clarifications and guidance Quote Link to comment
aptalca Posted February 17, 2020 Share Posted February 17, 2020 3 hours ago, CJandDarren said: Hey folks, Just installed the letsencrypt and came across this alert nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) As I am just starting out with Unraid and dockers is this a worry? Just an alert. It's harmless Quote Link to comment
aptalca Posted February 17, 2020 Share Posted February 17, 2020 (edited) 2 hours ago, MacDingo said: Greetings I have a couple of questions regarding the (automated?) certificate renewal of the LetsEncrypt container: I have recently set up my first reverse proxy following Ed's tutorial and everything seems to be working fine. Since I am not yet actively running any apps behind the reverse proxy, I have stopped the LetsEncrypt container and closed the relevant ports on my firewall. However, I now have received my first email notification saying my certs will expire in the coming 2 weeks. My understanding is, and please correct me if I am wrong, that while the container is actively running, there is a Cron job running every night at 2 AM to auto-renew the certs? 1) Is that a fully automated renewal where I don't need to do anything? Or do I need to push any commands manually? 2) Is that a daily or a weekly check? I seem to have read contradicting statements about this. 3) Is it possible for me to modify that 2AM hour and set my own time of the day? Since I am not actively running the container for now I'd rather not wait until 2AM to try it out. Yes I know I can just leave it running and check the next day, but I am still very cautious about having ports 80 and 443 open to the Internet. For now I would prefer just to open the ports on a per need basis when I renew the certs. Many thanks in advance for any clarifications and guidance 1) fully automated 2) daily 3) sure, edit the crontabs/root file in the config folder and restart the container PS. If you do dns or duckdns validation, you don't need to keep any ports open or forwarded as they are not used for validation Edited February 17, 2020 by aptalca 1 Quote Link to comment
CJandDarren Posted February 18, 2020 Share Posted February 18, 2020 Hey, Just got this and letting you know. Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: Quote Link to comment
MacDingo Posted February 18, 2020 Share Posted February 18, 2020 1) fully automated 2) daily 3) sure, edit the crontabs/root file in the config folder and restart the container PS. If you do dns or duckdns validation, you don't need to keep any ports open or forwarded as they are not used for validationPerfect! Many thanks thanks for your reply! Quote Link to comment
Coolsaber57 Posted February 19, 2020 Share Posted February 19, 2020 On 2/1/2020 at 12:03 AM, Coolsaber57 said: I am trying to expose my Octoprint page, but am having trouble finding a configuration that will work. Here's the examples that Octoprint provides: https://community.octoprint.org/t/reverse-proxy-configuration-examples/1107 Here's my current config: server { listen 443 ssl; listen [::]:443 ssl; server_name print.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; proxy_pass http://192.168.2.13:80; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; } } I took out a few lines that were causing the docker container to throw errors. I'm currently getting a 500 error. If I copy a config from another container and change the IP/port/subdomain, I do actually get to see the login page, but it says it's offline and asks me to reconnect. Has anyone successfully configured Octoprint in this container? If so, would you be able to share the config? Anyone have any suggestions? 1 Quote Link to comment
MacDingo Posted February 19, 2020 Share Posted February 19, 2020 On 2/17/2020 at 11:50 PM, aptalca said: 1) fully automated 2) daily 3) sure, edit the crontabs/root file in the config folder and restart the container PS. If you do dns or duckdns validation, you don't need to keep any ports open or forwarded as they are not used for validation Hi again One more clarification please Below is the content of the root file in the crontab folder: ------------------------------------ # do daily/weekly/monthly maintenance # min hour day month weekday command */15 * * * * run-parts /etc/periodic/15min 0 * * * * run-parts /etc/periodic/hourly 0 2 * * * run-parts /etc/periodic/daily 0 3 * * 6 run-parts /etc/periodic/weekly 0 5 1 * * run-parts /etc/periodic/monthly # renew letsencrypt certs 8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 ------------------------------------ Am I reading this correctly, if I interpret that as below? Monthly maintenance is run every FIRST day of the month at 5.00 AM AND Weekly maintenance is run every SATURDAY at 3.00 AM AND Daily maintenance is run every DAY at 2.00 AM AND Certificate renewal is run every DAY at 2.08 AM? 1) Not sure how to read the 15 mins and hourly lines... but that's really for my own curiosity 2) Since there is a daily maintenance already, what would be the point in having the weekly and monthly active too? 3) Is the daily renewal done at 2.08 AM in order not to conflict with the 2.00AM maintenance? 4) Finally, if I want to set the renewal to 7PM, I guess I just replace the '2' with '19'? Thanks again Quote Link to comment
aptalca Posted February 19, 2020 Share Posted February 19, 2020 2 hours ago, MacDingo said: Hi again One more clarification please Below is the content of the root file in the crontab folder: ------------------------------------ # do daily/weekly/monthly maintenance # min hour day month weekday command */15 * * * * run-parts /etc/periodic/15min 0 * * * * run-parts /etc/periodic/hourly 0 2 * * * run-parts /etc/periodic/daily 0 3 * * 6 run-parts /etc/periodic/weekly 0 5 1 * * run-parts /etc/periodic/monthly # renew letsencrypt certs 8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 ------------------------------------ Am I reading this correctly, if I interpret that as below? Monthly maintenance is run every FIRST day of the month at 5.00 AM AND Weekly maintenance is run every SATURDAY at 3.00 AM AND Daily maintenance is run every DAY at 2.00 AM AND Certificate renewal is run every DAY at 2.08 AM? 1) Not sure how to read the 15 mins and hourly lines... but that's really for my own curiosity 2) Since there is a daily maintenance already, what would be the point in having the weekly and monthly active too? 3) Is the daily renewal done at 2.08 AM in order not to conflict with the 2.00AM maintenance? 4) Finally, if I want to set the renewal to 7PM, I guess I just replace the '2' with '19'? Thanks again Only worry about the last line. The others are system ones and are used for things like logrotate. 4) yes Quote Link to comment
JoHimself Posted February 20, 2020 Share Posted February 20, 2020 Hi guys, I'm having issues with this container. I have my domain set up, it has been for a while since this was working until I changed one of the subdomains so it had to re-generate the certificate. The validation fails using http challenge. I have tried removing the container and appdata and even that does not rectify the issue. If I fire up an NGINX container with the default config then it shows the NGINX startup page by going to the domain. When I use this container with the same port forwarding there doesn't seem to be anything listening. This is my log: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=johimself.co.uk SUBDOMAINS=www, EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=MY_EMAIL_ADDRESS STAGING=true NOTICE: Staging is active 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.johimself.co.uk E-mail address entered: MY_EMAIL_ADDRESS http validation is selected Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for www.johimself.co.uk http-01 challenge for johimself.co.uk Waiting for verification... Challenge failed for domain www.johimself.co.uk Challenge failed for domain johimself.co.uk http-01 challenge for www.johimself.co.uk http-01 challenge for johimself.co.uk Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.johimself.co.uk Type: connection Detail: During secondary validation: Fetching http://www.johimself.co.uk/.well-known/acme-challenge/Ugsgna0D4LoyVydrpfn93WbNKBjWP2I__LsX0MvbpYQ: Timeout during connect (likely firewall problem) Domain: johimself.co.uk Type: connection Detail: Fetching http://johimself.co.uk/.well-known/acme-challenge/fN_EX6RO0s1Q0u4dNpBURbECXtBVTU6PT1RsDnkxpQs: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.johimself.co.uk Type: connection Detail: During secondary validation: Fetching http://www.johimself.co.uk/.well-known/acme-challenge/Ugsgna0D4LoyVydrpfn93WbNKBjWP2I__LsX0MvbpYQ: Timeout during connect (likely firewall problem) Domain: johimself.co.uk Type: connection Detail: Fetching http://johimself.co.uk/.well-known/acme-challenge/fN_EX6RO0s1Q0u4dNpBURbECXtBVTU6PT1RsDnkxpQs: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container If anyone has any more ideas, that would be great! Quote Link to comment
aptalca Posted February 21, 2020 Share Posted February 21, 2020 4 hours ago, JoHimself said: Hi guys, I'm having issues with this container. I have my domain set up, it has been for a while since this was working until I changed one of the subdomains so it had to re-generate the certificate. The validation fails using http challenge. I have tried removing the container and appdata and even that does not rectify the issue. If I fire up an NGINX container with the default config then it shows the NGINX startup page by going to the domain. When I use this container with the same port forwarding there doesn't seem to be anything listening. This is my log: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=johimself.co.uk SUBDOMAINS=www, EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=MY_EMAIL_ADDRESS STAGING=true NOTICE: Staging is active 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.johimself.co.uk E-mail address entered: MY_EMAIL_ADDRESS http validation is selected Generating new certificate /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="? if x is 0 or x is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="? elif y is 0 or y is 1: /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="? if original_result is 0: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for www.johimself.co.uk http-01 challenge for johimself.co.uk Waiting for verification... Challenge failed for domain www.johimself.co.uk Challenge failed for domain johimself.co.uk http-01 challenge for www.johimself.co.uk http-01 challenge for johimself.co.uk Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.johimself.co.uk Type: connection Detail: During secondary validation: Fetching http://www.johimself.co.uk/.well-known/acme-challenge/Ugsgna0D4LoyVydrpfn93WbNKBjWP2I__LsX0MvbpYQ: Timeout during connect (likely firewall problem) Domain: johimself.co.uk Type: connection Detail: Fetching http://johimself.co.uk/.well-known/acme-challenge/fN_EX6RO0s1Q0u4dNpBURbECXtBVTU6PT1RsDnkxpQs: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.johimself.co.uk Type: connection Detail: During secondary validation: Fetching http://www.johimself.co.uk/.well-known/acme-challenge/Ugsgna0D4LoyVydrpfn93WbNKBjWP2I__LsX0MvbpYQ: Timeout during connect (likely firewall problem) Domain: johimself.co.uk Type: connection Detail: Fetching http://johimself.co.uk/.well-known/acme-challenge/fN_EX6RO0s1Q0u4dNpBURbECXtBVTU6PT1RsDnkxpQs: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container If anyone has any more ideas, that would be great! When you put up the nginx container, are you trying the http endpoint? From outside of the lan? Quote Link to comment
JoHimself Posted February 21, 2020 Share Posted February 21, 2020 (edited) Yes. Also, when NGINX is up the site https://letsdebug.net/ reports everything is fine, this is not the case using letsencrypt I'm reading your responses to previous posts, you say that nginx isn't running until it get's a cert so what is supposed to be providing the HTTP response? Edited February 21, 2020 by JoHimself further questions Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.