aptalca Posted March 1, 2020 Share Posted March 1, 2020 4 hours ago, TechMed said: Hi @aptalca, Since you appear to have a deep understanding of Let's Encrypt, I am wondering if when you have time, you would take a look at this post from earlier? Either I am missing something obvious or I am not using the correct search parameters to find the answer because I have looked for a while now. Thanks! Roxedus already answered you there. It's a macvlan issue. You have some containers on macvlan, and they can't access the host or any service running on the host. That's a docker security feature. 1 Quote Link to comment
aptalca Posted March 1, 2020 Share Posted March 1, 2020 19 hours ago, BeeKay said: Hi there, Hoping you guys can help me out. In short, my letsencrypt docker is giving me the 'likely firewall issue' message but I have tested port forwarding with nginx and nginxproxymanager dockers, which show their default pages via the opened ports. I followed spaceinvaderone's guide (with methodical pausing while i applied the steps), so forwarding 443 from router to 1443 on unraid host, and 80 to 180 in the same way. I've got a domain registered. I've added a CNAME to my domain, pointing to a duckdns subdomain. I've setup the duckdns docker to update IP for this. My ISP did have default ports blocked, which I've turned off (otherwise the tests above wouldn't have worked anyway). I've also followed the linuxserver troubleshooting guide for the port forwarding issue already. Can anyone shed some light? Would be much appreciated If my letsencrypt log is useful, it's pasted below (xxxx'd out the domain and email specifics: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Australia/Sydney URL=xxxxxxxx.net SUBDOMAINS=nextcloud EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.xxxxxxxx.net E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for nextcloud.xxxxxxxx.net Waiting for verification... Challenge failed for domain nextcloud.xxxxxxxx.net http-01 challenge for nextcloud.xxxxxxxx.net Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: nextcloud.xxxxxxxx.net Type: connection Detail: Fetching http://nextcloud.xxxxxxxx.net/.well-known/acme-challenge/dTkFfXItBI3Q886xxxxxxxxxxxxXeCA8Dz6mEyanU: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container You said you followed the linuxserver troubleshooting guide. So what happened? Did you do the test? Quote Link to comment
Alphacosmos Posted March 1, 2020 Share Posted March 1, 2020 Hey All, Having an Issue....not sure why im getting this fail. Pretty sure my ports are right. what is :/mnt/mtd/WebSites/.well and where and how do i fix this :s ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Australia/Sydney URL=duckdns.org SUBDOMAINS=aquillacomputingsystems,aquillacomputingsystemsbitwarden,aquillacomputingsystemsnextcloud,aquillacomputingsystemsombi EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=https DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d aquillacomputingsystems.duckdns.org -d aquillacomputingsystemsbitwarden.duckdns.org -d aquillacomputingsystemsnextcloud.duckdns.org -d aquillacomputingsystemsombi.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for aquillacomputingsystems.duckdns.org http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org http-01 challenge for aquillacomputingsystemsombi.duckdns.org Waiting for verification... Challenge failed for domain aquillacomputingsystems.duckdns.org Challenge failed for domain aquillacomputingsystemsbitwarden.duckdns.org Challenge failed for domain aquillacomputingsystemsnextcloud.duckdns.org Challenge failed for domain aquillacomputingsystemsombi.duckdns.org http-01 challenge for aquillacomputingsystems.duckdns.org http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org http-01 challenge for aquillacomputingsystemsombi.duckdns.org Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: aquillacomputingsystems.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystems.duckdns.org/.well-known/acme-challenge/sGXwHiagrWpxp7w8HM2WDg4O-8-JOFxtfAWo5XItEHc [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsbitwarden.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsbitwarden.duckdns.org/.well-known/acme-challenge/H5BbKDF70r7Rk6tOZmwqzDfs4eAaISCwyoFsVr7mh4Q [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsnextcloud.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsnextcloud.duckdns.org/.well-known/acme-challenge/XOHa60mCm3ZoerrniI1iMAu4t1NC8YeIO-0urQcddOA [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsombi.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsombi.duckdns.org/.well-known/acme-challenge/Qw8MqOfucfdgyfBkW_XF6F8UK2RXtx7ztz3ta8C4NSo [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
TechMed Posted March 1, 2020 Share Posted March 1, 2020 4 hours ago, aptalca said: Roxedus already answered you there. It's a macvlan issue. Based on my readings before and after Roxedus' answer, I figured that was the case. However, it never hurts to get a second opinion/confirmation. 🙂 Thanks for taking the time to respond. Quote Link to comment
Heciruam Posted March 1, 2020 Share Posted March 1, 2020 (edited) So I'm trying to set this up on a second unraid machine. use the same domain but with a different subdomain and at a different location so with a different public ip. I want to use the same domain as I have on my other location/public ip/letsencrypt nginx docker. My problem is that I can't port forward with the router at this location. It is only allowing me to ports that are the same for internal and external. Since the Modem/router is provided by the isp and isn't allowed to be exchanged the only option I saw that I could do is wildcard/dns verfication. I'm now unsure how to get around this problem. So If I use several subdomains already for let's say cloud.mydomain.com, xyz.mydomain.com, .... Can I set up a wildcard with dns verfication under a subdomain of my domain for example location.mydomain.com so it the wildcard only covers things to the left like cloud.location.mydomain.com,... but leaves the certificates for the already working letsencrypt/nginx docker working. If the above isn't possible my second idea would be to give the custom network or proxynet as spaceinvader calls it in his tutorial its own ip adress. So put multiple dockers on that same network with the same ip adress. Is that possible? What's the command for that? I hope this makes sense. Thank you in advance! Edited March 1, 2020 by Heciruam Quote Link to comment
aptalca Posted March 1, 2020 Share Posted March 1, 2020 8 hours ago, Alphacosmos said: Hey All, Having an Issue....not sure why im getting this fail. Pretty sure my ports are right. what is :/mnt/mtd/WebSites/.well and where and how do i fix this :s ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Australia/Sydney URL=duckdns.org SUBDOMAINS=aquillacomputingsystems,aquillacomputingsystemsbitwarden,aquillacomputingsystemsnextcloud,aquillacomputingsystemsombi EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=https DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d aquillacomputingsystems.duckdns.org -d aquillacomputingsystemsbitwarden.duckdns.org -d aquillacomputingsystemsnextcloud.duckdns.org -d aquillacomputingsystemsombi.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for aquillacomputingsystems.duckdns.org http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org http-01 challenge for aquillacomputingsystemsombi.duckdns.org Waiting for verification... Challenge failed for domain aquillacomputingsystems.duckdns.org Challenge failed for domain aquillacomputingsystemsbitwarden.duckdns.org Challenge failed for domain aquillacomputingsystemsnextcloud.duckdns.org Challenge failed for domain aquillacomputingsystemsombi.duckdns.org http-01 challenge for aquillacomputingsystems.duckdns.org http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org http-01 challenge for aquillacomputingsystemsombi.duckdns.org Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: aquillacomputingsystems.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystems.duckdns.org/.well-known/acme-challenge/sGXwHiagrWpxp7w8HM2WDg4O-8-JOFxtfAWo5XItEHc [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsbitwarden.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsbitwarden.duckdns.org/.well-known/acme-challenge/H5BbKDF70r7Rk6tOZmwqzDfs4eAaISCwyoFsVr7mh4Q [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsnextcloud.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsnextcloud.duckdns.org/.well-known/acme-challenge/XOHa60mCm3ZoerrniI1iMAu4t1NC8YeIO-0urQcddOA [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" Domain: aquillacomputingsystemsombi.duckdns.org Type: unauthorized Detail: Invalid response from http://aquillacomputingsystemsombi.duckdns.org/.well-known/acme-challenge/Qw8MqOfucfdgyfBkW_XF6F8UK2RXtx7ztz3ta8C4NSo [110.175.43.148]: "<html>\r\n<head><title>Cross Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross couldn't find this file:/mnt/mtd/WebSites/.well" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Either your IP is incorrect, or you have port forwarding issues. Also, you really don't need to create multiple domains on duckdns. Create one, use that as the url here, and everything else will be a sub-subdomain. For example, you register mycustom as your duckdns subdomain, so you'll put "mycustom.duckdns.org" into url, and put "nextcloud,sonarr,sabnzbd" into subdomains and your services will be accessible at "nextcloud.mycustom.duckdns.org". See here to troubleshoot the port/IP issue: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
Alphacosmos Posted March 2, 2020 Share Posted March 2, 2020 10 hours ago, aptalca said: Either your IP is incorrect, or you have port forwarding issues. Also, you really don't need to create multiple domains on duckdns. Create one, use that as the url here, and everything else will be a sub-subdomain. For example, you register mycustom as your duckdns subdomain, so you'll put "mycustom.duckdns.org" into url, and put "nextcloud,sonarr,sabnzbd" into subdomains and your services will be accessible at "nextcloud.mycustom.duckdns.org". See here to troubleshoot the port/IP issue: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Thanks for the troubleshooting guide. I gave it a go but it seems my ports are configured correctly. when i ran the Nginx docker with worked fine. It must be something to do with the the file it cant locate. I have tried removing lets encrypt and retrying a few times. Same error Quote Link to comment
aptalca Posted March 2, 2020 Share Posted March 2, 2020 6 hours ago, Alphacosmos said: Thanks for the troubleshooting guide. I gave it a go but it seems my ports are configured correctly. when i ran the Nginx docker with worked fine. It must be something to do with the the file it cant locate. I have tried removing lets encrypt and retrying a few times. Same error When I try to connect to your domain, I get a blank yellow/green page with "webcam" as the page title. Are you sure you did the test correctly as described? Quote Link to comment
Aceriz Posted March 3, 2020 Share Posted March 3, 2020 Hey wondering Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker. I had everything up and running with NC going through Letsencrypt. Just finished updating the dockers and now getting the following error "Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log." Had not changed anything but updating the dockers through unraid interface.. I can try and post logs of things just not sure where to grab them. Quote Link to comment
Aceriz Posted March 3, 2020 Share Posted March 3, 2020 15 minutes ago, Aceriz said: Hey wondering Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker. I had everything up and running with NC going through Letsencrypt. Just finished updating the dockers and now getting the following error "Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log." Had not changed anything but updating the dockers through unraid interface.. I can try and post logs of things just not sure where to grab them. Here is my Lestencrypt log- I did delete email and actual subdomains but have verified they are correct. _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Halifax URL=duckdns.org SUBDOMAINS=*****List of my subdomains**** EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=***my email STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -***listed at -d mysubdomains E-mail address entered: ***@gmail.com http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Quote Link to comment
Aceriz Posted March 3, 2020 Share Posted March 3, 2020 16 minutes ago, Aceriz said: Hey wondering Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker. I had everything up and running with NC going through Letsencrypt. Just finished updating the dockers and now getting the following error "Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log." Had not changed anything but updating the dockers through unraid interface.. I can try and post logs of things just not sure where to grab them. Here is also my Nexcloud log ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Quote Link to comment
saarg Posted March 3, 2020 Share Posted March 3, 2020 5 hours ago, Aceriz said: Here is also my Nexcloud log ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. There is no need to post the same info in two different threads. Quote Link to comment
turt1e Posted March 4, 2020 Share Posted March 4, 2020 (edited) Haven't seen it posted here yet but Letsencrypt will be revoking certain certs starting today due to a CAA rechecking bug. This affects about 2.6% of issued certs. More info in the link below including a way to check if your cert is affected. https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Edited March 4, 2020 by turt1e Quote Link to comment
aptalca Posted March 5, 2020 Share Posted March 5, 2020 6 hours ago, turt1e said: Haven't seen it posted here yet but Letsencrypt will be revoking certain certs starting today due to a CAA rechecking bug. This affects about 2.6% of issued certs. More info in the link below including a way to check if your cert is affected. https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert. 2 Quote Link to comment
Slippin' Jimmy Posted March 5, 2020 Share Posted March 5, 2020 Hey, I'm having an issue on wordpress and it's erroring regarding Imagick; ImagickException thrown – NoDecodeDelegateForThisImageFormat `JPEG’. I'v checked on phpinfo and it shows "ImageMagick number of supported formats:0" Any idea how i could fix this? Or is this part of the docker build that needs fixing? Quote Link to comment
illsnryhybrid Posted March 6, 2020 Share Posted March 6, 2020 If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert.Thanks for the heads up. Headed over here to this thread to figure out what I needed to do to fix my mess. After I received the notification for Let'sencrypt revoking certs, I tried to use certbot to revoke and then renew my certs and things got all jumbled. Been dealing with notifications from my various apps about connection issues for three days. Can't wait to try this out when I get home tonight! Thanks again for the tip. Sent from my ONEPLUS A6013 using Tapatalk Quote Link to comment
aptalca Posted March 6, 2020 Share Posted March 6, 2020 1 hour ago, illsnryhybrid said: Thanks for the heads up. Headed over here to this thread to figure out what I needed to do to fix my mess. After I received the notification for Let'sencrypt revoking certs, I tried to use certbot to revoke and then renew my certs and things got all jumbled. Been dealing with notifications from my various apps about connection issues for three days. Can't wait to try this out when I get home tonight! Thanks again for the tip. Sent from my ONEPLUS A6013 using Tapatalk Yeah, don't run manual commands in the container unless we tell you to. Things are sure to break Quote Link to comment
jdndm Posted March 7, 2020 Share Posted March 7, 2020 Hi, Hopefully someone can help me. I've got letsencrypt setup and working with various subdomains point at docker containers i.e. sonarr.mydomain.com but I want to do something a little different for some things that I only want to be accessible when I'm on my internal network i.e. internal.mydomain.com/nzbget or internal.mydomain.com/motioneyeos etc. I'm not sure how I should setup the proxy confs to point at the right location. I'm thinking something like this... location internal.mydomain.com/nzbget { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nzbget; set $upstream_port 6789; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } Quote Link to comment
aptalca Posted March 7, 2020 Share Posted March 7, 2020 3 hours ago, jdndm said: Hi, Hopefully someone can help me. I've got letsencrypt setup and working with various subdomains point at docker containers i.e. sonarr.mydomain.com but I want to do something a little different for some things that I only want to be accessible when I'm on my internal network i.e. internal.mydomain.com/nzbget or internal.mydomain.com/motioneyeos etc. I'm not sure how I should setup the proxy confs to point at the right location. I'm thinking something like this... location internal.mydomain.com/nzbget { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nzbget; set $upstream_port 6789; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } Use allow/deny statements to block outside access and only allow internal access Location does not refer to the domain. Server name directive is for the domain name Quote Link to comment
nxtiak Posted March 7, 2020 Share Posted March 7, 2020 On 3/4/2020 at 7:55 PM, aptalca said: If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert. Hi, I'm a noob, how do you do this? I use Letsencrypt with TheLounge docker only. Thanks. Quote Link to comment
aptalca Posted March 7, 2020 Share Posted March 7, 2020 6 hours ago, nxtiak said: Hi, I'm a noob, how do you do this? I use Letsencrypt with TheLounge docker only. Thanks. edit the container settings, STAGING should be there, if not, add it and set it to true Quote Link to comment
nxtiak Posted March 8, 2020 Share Posted March 8, 2020 4 hours ago, aptalca said: edit the container settings, STAGING should be there, if not, add it and set it to true Thanks for the reply, but didn't work. Decided it's time to move to Nginx Proxy Manager docker and that works great. Quote Link to comment
jdndm Posted March 8, 2020 Share Posted March 8, 2020 21 hours ago, aptalca said: Use allow/deny statements to block outside access and only allow internal access Location does not refer to the domain. Server name directive is for the domain name Where would I set the server name directive? Quote Link to comment
aptalca Posted March 8, 2020 Share Posted March 8, 2020 8 hours ago, jdndm said: Where would I set the server name directive? You'll have to create a new server block for the subdomain. See the default proxy conf for examples. Server name is defined in there. And then, inside that new server block, you'll create a location block for whatever subfolder you want. Quote Link to comment
EdgarWallace Posted March 10, 2020 Share Posted March 10, 2020 (edited) Anyone else having an issue with the renewal of the certs? I am leaving the server switched on during the night and having looked at the "Troubleshooting Letsencrypt Image Port Mapping and Forwarding" guide and I can access my server via a cell phone as described in the troubleshooting guide. I haven't changed my router setting either (Ports 443 and 80 are forwarded since years...). Have no idea where to look next. Edited August 22, 2023 by EdgarWallace Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.