Menthalo Posted March 10, 2020 Share Posted March 10, 2020 (edited) 43 minutes ago, EdgarWallace said: Anyone else having an issue with the renewal of the certs? I am leaving the server switched on during the night and having looked at the "Troubleshooting Letsencrypt Image Port Mapping and Forwarding" guide and I can access my server via a cell phone as described in the troubleshooting guide. I haven't changed my router setting either (Ports 443 and 80 are forwarded since years...). Have no idea where to look next. letsencrypt.log 7.73 kB · 1 download Since this morning, I have a similar issue, I can't access my locally hosted websites from within my local network, but I can access them via my cell phone (in 4g). My certs were correctly renewed although -> I followed @aptalca 's guide (setting STAGING to false then true). Anyone else in my case ? I can post logs if wanted (but they all seems fine) EDIT : for the setup of everything, I followed @SpaceInvaderOne many guides Edited March 10, 2020 by Menthalo Quote Link to comment
aptalca Posted March 10, 2020 Share Posted March 10, 2020 19 minutes ago, Menthalo said: Since this morning, I have a similar issue, I can't access my locally hosted websites from within my local network, but I can access them via my cell phone (in 4g). My certs were correctly renewed although -> I followed @aptalca 's guide (setting STAGING to false then true). Anyone else in my case ? I can post logs if wanted (but they all seems fine) EDIT : for the setup of everything, I followed @SpaceInvaderOne many guides If you can access via cell phone, then there is nothing wrong with letsencrypt or ports. Issue is your router. Google hairpin nat or nat loopback 1 Quote Link to comment
jdndm Posted March 11, 2020 Share Posted March 11, 2020 On 3/9/2020 at 8:42 AM, aptalca said: You'll have to create a new server block for the subdomain. See the default proxy conf for examples. Server name is defined in there. And then, inside that new server block, you'll create a location block for whatever subfolder you want. Thanks @aptalca got it working exactly how I wanted! Quote Link to comment
EdgarWallace Posted March 11, 2020 Share Posted March 11, 2020 (edited) On 3/10/2020 at 8:00 PM, aptalca said: If you can access via cell phone, then there is nothing wrong with letsencrypt or ports. Issue is your router. Google hairpin nat or nat loopback Thanks @aptalca. I am using a FritzBox as router and was searching that what you suggested and added myurl.com into the DNS-Rebind-Protection exception field and reebooted my router. Still no luck. Question remains, why it the error is coming up now. Edited August 22, 2023 by EdgarWallace Quote Link to comment
luizmont Posted March 11, 2020 Share Posted March 11, 2020 (edited) Hello everyone! I believe this is going to be a long post, so let's get going! I'm having issues configuring letsencrypt on my unraid server. I followed the excellent video made by Spaceinvader One on the topic, and did everything he showed on the video. Here's my network config: Internet => Router (Asus RT AC66U) => LAN (Unraid, Desktop, Phones, etc) I watched the video and when I checked the log, the server wasn't coming online, the error message was the one about possible firewall blocking. After some researching, it seems that my ISP block port 80. Because of this, I purchased a domain to be able to use the DNS method. I watched the other video on the subject (I'm not pasting the links to keep this post as clean as possible, but I can provide the link if someone want it) and configured everything, using duckdns and cloudflare, now the letsencrypt server shows that it is ready. However, I still can't access my server from the internet... Tried with ubooquity and rutorrent. It shows the error 522. After doing some research, I tried to disable the proxy on cloudflare (the orange cloud thing), and still can't access anything... Here is the port forwarding from my router: This is my docker setup This is my letsencrypt configuration And here is the log I can ping domain.duckdns.org and it shows my external IP. I can ping ubooquity.domain.com and it also shows my external IP. If I make a DNS lookup for my domain, it correctly shows the duckdns domain Error 522 (cloudflare proxy on) Cloudflare proxy off I spent a good number of hours on this matter but couldn't figured out on my own how to solve this problem... I'm not an expert linux user (a newbie actually), but can follow instructions or guides! Thanks in advance for the help of this great community! Edit: If I set a nginx docker, I can reach the "Welcome to our server message" (both on domain.duckdns.org and ubooquity.domain.com) from my LAN. However, I can't reach the same page from the internet (phone with 4G)... Edited March 17, 2020 by luizmont Adding nginx information Quote Link to comment
aptalca Posted March 12, 2020 Share Posted March 12, 2020 5 hours ago, luizmont said: Hello everyone! I believe this is going to be a long post, so let's get going! I'm having issues configuring letsencrypt on my unraid server. I followed the excellent video made by Spaceinvader One on the topic, and did everything he showed on the video. Here's my network config: Internet => Router (Asus RT AC66U) => LAN (Unraid, Desktop, Phones, etc) I watched the video and when I checked the log, the server wasn't coming online, the error message was the one about possible firewall blocking. After some researching, it seems that my ISP block port 80. Because of this, I purchased a domain to be able to use the DNS method. I watched the other video on the subject (I'm not pasting the links to keep this post as clean as possible, but I can provide the link if someone want it) and configured everything, using duckdns and cloudflare, now the letsencrypt server shows that it is ready. However, I still can't access my server from the internet... Tried with ubooquity and rutorrent. It shows the error 522. After doing some research, I tried to disable the proxy on cloudflare (the orange cloud thing), and still can't access anything... Here is the port forwarding from my router: This is my docker setup This is my letsencrypt configuration And here is the log I can ping luizmont.duckdns.org and it shows my external IP. I can ping ubooquity.luizmont.com and it also shows my external IP. If I make a DNS lookup for my domain, it correctly shows the duckdns domain Error 522 (cloudflare proxy on) Cloudflare proxy off I spent a good number of hours on this matter but couldn't figured out on my own how to solve this problem... I'm not an expert linux user (a newbie actually), but can follow instructions or guides! Thanks in advance for the help of this great community! Edit: If I set a nginx docker, I can reach the "Welcome to our server message" (both on luizmont.duckdns.org and ubooquity.luizmont.com) from my LAN. However, I can't reach the same page from the internet (phone with 4G)... Then the problem is your port forwarding Quote Link to comment
luizmont Posted March 12, 2020 Share Posted March 12, 2020 (edited) 2 minutes ago, aptalca said: Then the problem is your port forwarding And can you help me figure how to proper forward my ports? Edited March 12, 2020 by luizmont *grammar Quote Link to comment
EdgarWallace Posted March 12, 2020 Share Posted March 12, 2020 On 3/10/2020 at 7:39 PM, Menthalo said: My certs were correctly renewed although -> I followed @aptalca 's guide (setting STAGING to false then true). @Menthalo I don't see that variable in my Docker settings. HAve you defined it yourself? Quote Link to comment
saarg Posted March 12, 2020 Share Posted March 12, 2020 2 hours ago, EdgarWallace said: @Menthalo I don't see that variable in my Docker settings. HAve you defined it yourself? It's not by default in the template. You can easily add it yourself. The Readme on github is the reference for the correct syntax. 1 Quote Link to comment
aptalca Posted March 12, 2020 Share Posted March 12, 2020 20 hours ago, luizmont said: And can you help me figure how to proper forward my ports? https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
scubieman Posted March 13, 2020 Share Posted March 13, 2020 (edited) having issues getting nextcloud to work, I only care about nextcloud no other dockers, Any help would be amazing! So I half found the issue. Not sure how to resolve though. This gets the error saying it needs to be setup yet. However if I alter the URL, Then it works fine. How can I have it where the URL is actually correct? https://mydomainname.duckdns.org/index.php/login Edited March 13, 2020 by scubieman Quote Link to comment
studentgrant Posted March 14, 2020 Share Posted March 14, 2020 (edited) I experienced the same issue recently. I'm running DD-WRT and had to disable Universal Plug and Play (UPnP). as it appeared to be conflicting with my port forwards... Edited March 14, 2020 by studentgrant Quote Link to comment
luizmont Posted March 14, 2020 Share Posted March 14, 2020 (edited) On 3/12/2020 at 6:42 PM, aptalca said: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ I already followed this steps, as you can see from the screenshot when I told that I made a nginx container, with the same results.... Okay, some new information: I installed and configured pfsense and made the rules to forward doors 180 and 1443. I installed sonarr and created a cname for it (sonarr.domain.com). As before, it works on LAN, however outside the LAN it doesn't connect, giving a timed out error.... If I use wireguard, for example, I can use it as lan access to my LAN and tunnel access... What might be wrong in my setup? Thanks! Edited March 17, 2020 by luizmont Quote Link to comment
aptalca Posted March 15, 2020 Share Posted March 15, 2020 2 hours ago, luizmont said: I already followed this steps, as you can see from the screenshot when I told that I made a nginx container, with the same results.... Okay, some new information: I installed and configured pfsense and made the rules to forward doors 180 and 1443. I installed sonarr and created a cname for it (sonarr.luizmont.com). As before, it works on LAN, however outside the LAN it doesn't connect, giving a timed out error.... If I use wireguard, for example, I can use it as lan access to my LAN and tunnel access... What might be wrong in my setup? Thanks! If you read the article I linked, you'll see that there is a recommended resource with a plethora of information on just port forwarding (portforward.com). Until you can reach the nginx default page on your domain via cell connection, reverse proxy won't work for you outside of the home. And if you're using http validation, letsencrypt container won't even start nginx as it won't be able to validate the cert. Quote Link to comment
aptalca Posted March 15, 2020 Share Posted March 15, 2020 On 3/13/2020 at 12:08 PM, scubieman said: having issues getting nextcloud to work, I only care about nextcloud no other dockers, Any help would be amazing! So I half found the issue. Not sure how to resolve though. This gets the error saying it needs to be setup yet. However if I alter the URL, Then it works fine. How can I have it where the URL is actually correct? https://mydomainname.duckdns.org/index.php/login Nextcloud should be available at a subdomain like https://nextcloud.yoursubdomain.duckdns.org How did you try to set it up? Quote Link to comment
scubieman Posted March 15, 2020 Share Posted March 15, 2020 1 hour ago, aptalca said: Nextcloud should be available at a subdomain like https://nextcloud.yoursubdomain.duckdns.org How did you try to set it up? What information do you need? I followed space invaders video. I guess I did something wrong. Quote Link to comment
aptalca Posted March 15, 2020 Share Posted March 15, 2020 1 hour ago, scubieman said: What information do you need? I followed space invaders video. I guess I did something wrong. How you set it up. "I followed X video or guide" is not the least bit helpful. Like I said, you should be accessing it at the nextcloud subdomain, not the main url. Either you're not using the right address, or you set it up very differently than we suggest. Quote Link to comment
luizmont Posted March 15, 2020 Share Posted March 15, 2020 (edited) On 3/14/2020 at 9:29 PM, aptalca said: If you read the article I linked, you'll see that there is a recommended resource with a plethora of information on just port forwarding (portforward.com). Until you can reach the nginx default page on your domain via cell connection, reverse proxy won't work for you outside of the home. And if you're using http validation, letsencrypt container won't even start nginx as it won't be able to validate the cert. Thanks for trying to help me! So, I believe I know the basics of port forwarding, and because of that (only the basics) I don't know what might be wrong in my setup... On 3/14/2020 at 9:29 PM, aptalca said: Until you can reach the nginx default page on your domain via cell connection, reverse proxy won't work for you outside of the home. Yeah, I understand that... And I can't access the nginx default page on my cell... It gives the time out error. On 3/14/2020 at 9:29 PM, aptalca said: And if you're using http validation, letsencrypt container won't even start nginx as it won't be able to validate the cert. Can you elaborate on this part? I think nginx is starting, because I can access it from LAN. These are my port forward rules And my docker setup I can provide more screenshots or logs if needed. Edit: adding a diagram of my network Edited March 17, 2020 by luizmont Quote Link to comment
aptalca Posted March 15, 2020 Share Posted March 15, 2020 10 hours ago, luizmont said: Thanks for trying to help me! So, I believe I know the basics of port forwarding, and because of that (only the basics) I don't know what might be wrong in my setup... Yeah, I understand that... And I can't access the nginx default page on my cell... It gives the time out error. Can you elaborate on this part? I think nginx is starting, because I can access it from LAN. These are my port forward rules And my docker setup I can provide more screenshots or logs if needed. Edit: adding a diagram of my network In your previous post, you posted port forwarding on an asus router, now pfsense. Are you double natting? Quote Link to comment
luizmont Posted March 15, 2020 Share Posted March 15, 2020 (edited) 6 hours ago, aptalca said: In your previous post, you posted port forwarding on an asus router, now pfsense. Are you double natting? No, as I said before, I installed pfsense instead of my asus router, to rule out any problems related to the router. 23 hours ago, luizmont said: Okay, some new information: I installed and configured pfsense and made the rules to forward doors 180 and 1443. I installed sonarr and created a cname for it (sonarr.*******.com). As before, it works on LAN, however outside the LAN it doesn't connect, giving a timed out error.... Edited March 15, 2020 by luizmont domain Quote Link to comment
IKWeb Posted March 16, 2020 Share Posted March 16, 2020 Would I be correct in thinking if a cert that has been issued by LetsEncrypt is due to expire if I restart the container it will be re issued with a new end date? Quote Link to comment
saarg Posted March 16, 2020 Share Posted March 16, 2020 2 hours ago, IKWeb said: Would I be correct in thinking if a cert that has been issued by LetsEncrypt is due to expire if I restart the container it will be re issued with a new end date? Not correct. You need to let the container run and it will renew it before it expires. It attempt to renew every night at about 2. When is your cert expiring? Quote Link to comment
luizmont Posted March 16, 2020 Share Posted March 16, 2020 @aptalca I have confirmed that my ISP blocks port 80 and 443 (consumer connection). From what I have read, the only way to use letsencrypt is with DNS challenges. Is that correct? Can you help me to configure it? Or at least point me in the direction to do this.... Thank you very much! Quote Link to comment
aptalca Posted March 16, 2020 Share Posted March 16, 2020 1 hour ago, luizmont said: @aptalca I have confirmed that my ISP blocks port 80 and 443 (consumer connection). From what I have read, the only way to use letsencrypt is with DNS challenges. Is that correct? Can you help me to configure it? Or at least point me in the direction to do this.... Thank you very much! You're already using dns validation, that's why nginx is coming up and reverse proxy works on your lan. If 80/443 are blocked, you'll have to use a different port to access So you'll forward 444 on the router and access https://domain.com:444 Quote Link to comment
luizmont Posted March 16, 2020 Share Posted March 16, 2020 47 minutes ago, aptalca said: You're already using dns validation, that's why nginx is coming up and reverse proxy works on your lan. If 80/443 are blocked, you'll have to use a different port to access So you'll forward 444 on the router and access https://domain.com:444 Awesome! It worked!!!!! Let me just understand something. It is really annoying having to type both the "https://" and the ":444" Is there a way to do it without having to add the port and the https? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.