aptalca Posted August 14, 2020 Share Posted August 14, 2020 8 hours ago, StudiesTheBlade said: Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert. I'm using cloudflare and dns verification Example A records: A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site Set EXTRA_DOMAINS to *.subdomain.example.com 1 Quote Link to comment
StudiesTheBlade Posted August 15, 2020 Share Posted August 15, 2020 1 hour ago, aptalca said: Set EXTRA_DOMAINS to *.subdomain.example.com That worked! It seems obvious now. I should have checked that. Thanks! Quote Link to comment
Wong Posted August 16, 2020 Share Posted August 16, 2020 On 8/7/2020 at 11:50 AM, Wong said: I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake. <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => '*********************', 'passwordsalt' => '********************************', 'secret' => '*****************************', 'trusted_domains' => array ( 0 => '192.168.0.16:444', 1 => 'nextcloud.protech.my', ), 'dbtype' => 'mysql', 'version' => '19.0.1.1', 'trusted_proxies' => array ( 0 => 'letsencrypt', ), 'overwrite.cli.url' => 'https://nextcloud.protech.my/', 'overwritehost' => 'nextcloud.protech.my', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '192.168.0.16:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '***************', 'installed' => true, 'maintenance' => false, ); Hi, so for the reason I can't use http is there is an error in my Letsenrypt log (same error as shown in the 1st version of SpaceInvander Reverse Proxy video). I think my ISP blocked port 80. Thats why I proceed with dns verification. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container However, there was no error in my log after using dns verification. And stated server ready at the end. Yes I port forward port 80 to 180, 443 to 1443 with TCP/UDP. Just a note, if I only port forward with TCP only of 80 to 180 to my unraid server. I was kick out of my unraid server interface for some reason. But TCP/UDP works for me regardless if is need TCP only. Yes, it is still stuck in the Letencrypt WebUI after setting up Letsencrypt docker again. Let say I dont want to use Reverse Proxy anymore to redirect me to my docker container, do I have another option to try with step by step guide? Cause my purpose is really to get onlyoffice working with nextcloud, can I get onlyoffice to work with or without reverse proxy? (I am replying to my previous thread for anyone that want to refer to my conf file, I have tested all but always still stuck in letsencrypt WebUI) Quote Link to comment
saarg Posted August 16, 2020 Share Posted August 16, 2020 2 hours ago, Wong said: Hi, so for the reason I can't use http is there is an error in my Letsenrypt log (same error as shown in the 1st version of SpaceInvander Reverse Proxy video). I think my ISP blocked port 80. Thats why I proceed with dns verification. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container However, there was no error in my log after using dns verification. And stated server ready at the end. Yes I port forward port 80 to 180, 443 to 1443 with TCP/UDP. Just a note, if I only port forward with TCP only of 80 to 180 to my unraid server. I was kick out of my unraid server interface for some reason. But TCP/UDP works for me regardless if is need TCP only. Yes, it is still stuck in the Letencrypt WebUI after setting up Letsencrypt docker again. Let say I dont want to use Reverse Proxy anymore to redirect me to my docker container, do I have another option to try with step by step guide? Cause my purpose is really to get onlyoffice working with nextcloud, can I get onlyoffice to work with or without reverse proxy? (I am replying to my previous thread for anyone that want to refer to my conf file, I have tested all but always still stuck in letsencrypt WebUI) We don't know what is in the guide you followed, so please post all errors and how you set it up. Start by getting letsencrypt running, which it looks like you have done already as you are getting to the default webserver page. If you have already set up nextcloud and can access it locally, go ahead and enable the proxy-conf and be sure to read the top of the proxy-conf and do what it says. Remember to take one step only, as it's easier to track the error then, for both you and us. Quote Link to comment
Wong Posted August 16, 2020 Share Posted August 16, 2020 (edited) 51 minutes ago, saarg said: We don't know what is in the guide you followed, so please post all errors and how you set it up. Start by getting letsencrypt running, which it looks like you have done already as you are getting to the default webserver page. If you have already set up nextcloud and can access it locally, go ahead and enable the proxy-conf and be sure to read the top of the proxy-conf and do what it says. Remember to take one step only, as it's easier to track the error then, for both you and us. Alright, let break it down. I have register my own domain name (protech.my). The video I followed are link below from SpaceinvaderOne. Let's Encrypt's log said server is ready. Lets' Encrypt port is 80 -> 180 and 443 -> 1443. Port forwarding is done on my router as I able to see the Let's Encrypt WebUi. I attached the log for reference. I am sure nextcloud is working as I have manage to access it locally and set up admin account with Mariadb. For the record, my nextcloud container port is 444. I have used cloudflareddns docker by onzu to track my public IP. I have setup a CNAME nextcloud.protech.my where is point to my public IP. I have setup the nextcloud.subdomain.conf and conf.php I asssume is done correctly already I hope. Let me know if I make any mistake. I attached the file below. I restarted the dockers and still stuck at Let's Encypt Web UI. If anything is not clear, please let me know. I have been stuck with in for a month. It would be if anyone could solve this. I dont mind if I can't get reverse proxy working but if there any method to get onlyoffice working, that would work for me. Thanks. Extra information: (to be very sure my nextcloud is working, I port forwarded 443->444 which is my nextcloud container. I am able to access it from outside my home wifi but when I port forward to 443->1443 and back to stuck in Let'sEncrypt Web UI) and /////////////////////////////////{ LETSENCRYPT LOG }//////////////////////////////////// [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. s6-svwait: fatal: supervisor died [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Asia/Singapore URL=protech.my SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=false VALIDATION=dns DNSPLUGIN=cloudflare EMAIL=**************@gmail.com STAGING= SUBDOMAINS entered, processing Wildcard cert for protech.my will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Certificate exists; parameters unchanged; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready ////////////////////////////{ nextcloud.subdomain.conf }/////////////////////////////////// # make sure that your dns has a cname set for nextcloud # assuming this container is called "letsencrypt", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['letsencrypt'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } /////////////////////{config.php}//////////////////////////////////// <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc5hdxqy44ml', 'passwordsalt' => '***************************', 'secret' => '********************************', 'trusted_domains' => array ( 0 => '192.168.0.16', 1 => 'nextcloud.protech.my', ), 'dbtype' => 'mysql', 'version' => '19.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.protech.my/', 'dbname' => 'nextcloud', 'dbhost' => '192.168.0.16:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '***********', 'installed' => true, 'trusted_proxies' => ['letsencrypt'], 'overwritehost' => 'nextcloud.protech.my', 'overwriteprotocol' => 'https', 'onlyoffice' => array ( 'verify_peer_off' => true ), ); Edited August 16, 2020 by Wong Quote Link to comment
saarg Posted August 16, 2020 Share Posted August 16, 2020 13 minutes ago, Wong said: Alright, let break it down. I have register my own domain name (protech.my). The video I followed are link below from SpaceinvaderOne. Let's Encrypt's log said server is ready. Lets' Encrypt port is 80 -> 180 and 443 -> 1443. Port forwarding is done on my router as I able to see the Let's Encrypt WebUi. I attached the log for reference. I am sure nextcloud is working as I have manage to access it locally and set up admin account with Mariadb. For the record, my nextcloud container port is 444. I have used cloudflareddns docker by onzu to track my public IP. I have setup a CNAME nextcloud.protech.my where is point to my public IP. I have setup the nextcloud.subdomain.conf and conf.php I asssume is done correctly already I hope. Let me know if I make any mistake. I attached the file below. I restarted the dockers and still stuck at Let's Encypt Web UI. If anything is not clear, please let me know. I have been stuck with in for a month. It would be if anyone could solve this. I dont mind if I can't get reverse proxy working but if there any method to get onlyoffice working, that would work for me. Thanks. Extra information: (to be very sure my nextcloud is working, I port forwarded 443->444 which is my nextcloud container. I am able to access it from outside my home wifi but when I port forward to 443->1443 and back to stuck in Let'sEncrypt Web UI) and /////////////////////////////////{ LETSENCRYPT LOG }//////////////////////////////////// [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. s6-svwait: fatal: supervisor died [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Asia/Singapore URL=protech.my SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=false VALIDATION=dns DNSPLUGIN=cloudflare EMAIL=**************@gmail.com STAGING= SUBDOMAINS entered, processing Wildcard cert for protech.my will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Certificate exists; parameters unchanged; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready ////////////////////////////{ nextcloud.subdomain.conf }/////////////////////////////////// # make sure that your dns has a cname set for nextcloud # assuming this container is called "letsencrypt", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['letsencrypt'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } /////////////////////{config.php}//////////////////////////////////// <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc5hdxqy44ml', 'passwordsalt' => '***************************', 'secret' => '********************************', 'trusted_domains' => array ( 0 => '192.168.0.16', 1 => 'nextcloud.protech.my', ), 'dbtype' => 'mysql', 'version' => '19.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.protech.my/', 'dbname' => 'nextcloud', 'dbhost' => '192.168.0.16:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '***********', 'installed' => true, 'trusted_proxies' => ['letsencrypt'], 'overwritehost' => 'nextcloud.protech.my', 'overwriteprotocol' => 'https', 'onlyoffice' => array ( 'verify_peer_off' => true ), ); Post the docker run command for both containers. Quote Link to comment
Wong Posted August 16, 2020 Share Posted August 16, 2020 (edited) On 8/16/2020 at 10:02 PM, saarg said: Post the docker run command for both containers. What is a run command? Sorry I am still a newbie. Do you mean the setting page of the container as shown below? Edited August 21, 2020 by Wong Removed email address Quote Link to comment
saarg Posted August 16, 2020 Share Posted August 16, 2020 44 minutes ago, Wong said: What is a run command? Sorry I am still a newbie. Do you mean the setting page of the container as shown below? Click on the letsencrypt container and choose command line. Then run the following command: ping nextcloud You are trying https://yourdomain.com right? 1 Quote Link to comment
Wong Posted August 16, 2020 Share Posted August 16, 2020 (edited) @saarg This is from letsencrypt. You said do it with both container. I use the same command line for nextcloud container as well? Yes, I am trying to run https://protech.my CNAME is nextcloud [email protected]:/# ping nextcloud PING nextcloud (172.18.0.4): 56 data bytes 64 bytes from 172.18.0.4: seq=0 ttl=64 time=0.055 ms 64 bytes from 172.18.0.4: seq=1 ttl=64 time=0.051 ms 64 bytes from 172.18.0.4: seq=2 ttl=64 time=0.043 ms 64 bytes from 172.18.0.4: seq=3 ttl=64 time=0.036 ms 64 bytes from 172.18.0.4: seq=4 ttl=64 time=0.035 ms 64 bytes from 172.18.0.4: seq=5 ttl=64 time=0.038 ms 64 bytes from 172.18.0.4: seq=6 ttl=64 time=0.033 ms 64 bytes from 172.18.0.4: seq=7 ttl=64 time=0.027 ms 64 bytes from 172.18.0.4: seq=8 ttl=64 time=0.035 ms 64 bytes from 172.18.0.4: seq=9 ttl=64 time=0.036 ms --- nextcloud ping statistics --- 73 packets transmitted, 73 packets received, 0% packet loss round-trip min/avg/max = 0.026/0.040/0.089 ms Edited August 21, 2020 by Wong Reduced the length of thread Quote Link to comment
aptalca Posted August 16, 2020 Share Posted August 16, 2020 Your nextcloud subdomain is showing the default landing page, which likely means that your nextcloud proxy conf is not activated properly. Is it named "nextcloud.subdomain.conf" and resides at "/config/nginx/proxy-confs"? 1 Quote Link to comment
Wong Posted August 16, 2020 Share Posted August 16, 2020 15 minutes ago, aptalca said: Your nextcloud subdomain is showing the default landing page, which likely means that your nextcloud proxy conf is not activated properly. Is it named "nextcloud.subdomain.conf" and resides at "/config/nginx/proxy-confs"? OHHH MYYY GODDDD, it worked. So the problem is because when I saved the nextcloud.subdomain.conf, notepad++ save it as text file. I edited the save type into all type. Then it worked. It feel good to get things working. Thanks you for the awesome unraid community support. Quote Link to comment
Rexl Posted August 16, 2020 Share Posted August 16, 2020 (edited) Hi, I am having issues setting up a second domain via the LetsEncrypt docker in Unraid. I added the EXTRA_DOMAINS variable in the conf page and saved it. It wants to create a certificate for the extra domain although is gives me an error saying that the there is an invalid response for the extra domain. The odd thing is that both the 'old' and new domain have the in their DNS records the same ip setup, pinging the new domain gives back the correct IP address. When you navigate to the new domain in the browser it shows the test page from the ngix server that is running on unraid. So i would assume that the port forwarding is also working fine, oh and just creating a cert for the 'old' domain works fine without any issue. Could anyone give me advise on why the new domains isnt being registerd correctly? I attached the log file that i got from LE. /docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='rj***@***.com' -e 'URL'='rjwalet.nl' -e 'SUBDOMAINS'='nextcloud,sonarr,radarr' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='bakbijbel.nl' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' Thanks in advance! Never mind, already fixed it myself Turns out there was a AAAA record still present with an IPv6 attachted to it, after deleting that DNS record an giving it sometime it worked Edited August 16, 2020 by Rexl Quote Link to comment
aptalca Posted August 16, 2020 Share Posted August 16, 2020 5 hours ago, Wong said: OHHH MYYY GODDDD, it worked. So the problem is because when I saved the nextcloud.subdomain.conf, notepad++ save it as text file. I edited the save type into all type. Then it worked. It feel good to get things working. Thanks you for the awesome unraid community support. In windows, make sure you enable the setting for displaying file extensions even if known 1 Quote Link to comment
Jerky_san Posted August 20, 2020 Share Posted August 20, 2020 (edited) @aptalca Hey sorry to bother.. I was wondering to do an HTTP blank setup on let's encrypt does it have to have anything special set anywhere besides the standard stuff in the docker like subdomains and stuff? I had an issue trying to add a subdomain but another container would set it properly so made me think I might have something configured improperly. Though I couldn't for the life of me figure it out. The error I was getting was "Timeout during connect (likely firewall problem)”. But if I just pointed my ports to the other container HTTP worked. The other strange thing is sometimes it would work for a subdomain and other times it wouldn't after just a restart. I assume it's something I'm doing but just wondering if you heard of this ever happening. I ended up doing a DNS challenge and it all worked fine. Thanks for any insights Edit Should also mention I only use cloudflare for my DNS now and no longer use it as a pass through so it shouldn't be that to my knowledge. Also the other container shouldn't of worked if that was the case. I have 6-7 subdomains. Edited August 20, 2020 by Jerky_san Quote Link to comment
aptalca Posted August 20, 2020 Share Posted August 20, 2020 12 hours ago, Jerky_san said: @aptalca Hey sorry to bother.. I was wondering to do an HTTP blank setup on let's encrypt does it have to have anything special set anywhere besides the standard stuff in the docker like subdomains and stuff? I had an issue trying to add a subdomain but another container would set it properly so made me think I might have something configured improperly. Though I couldn't for the life of me figure it out. The error I was getting was "Timeout during connect (likely firewall problem)”. But if I just pointed my ports to the other container HTTP worked. The other strange thing is sometimes it would work for a subdomain and other times it wouldn't after just a restart. I assume it's something I'm doing but just wondering if you heard of this ever happening. I ended up doing a DNS challenge and it all worked fine. Thanks for any insights Edit Should also mention I only use cloudflare for my DNS now and no longer use it as a pass through so it shouldn't be that to my knowledge. Also the other container shouldn't of worked if that was the case. I have 6-7 subdomains. I don't follow. What's "HTTP blank"? You'll have to be provide a clearer description of the issues you're having. Quote Link to comment
Jerky_san Posted August 20, 2020 Share Posted August 20, 2020 (edited) 4 hours ago, aptalca said: I don't follow. What's "HTTP blank"? You'll have to be provide a clearer description of the issues you're having. Sorry I don't know why I said blank.. HTTP challenge over port 80. Even though the port is totally accessible it seems it has trouble completing the challenges stating "Timeout during connect (likely firewall problem)". It will even fail to do the challenge on subdomains it just did a few minutes ago when adding another subdomain to the list. But if I spin up "NginxProxyManager" as a test container just to see if other containers fail. It is able to challenge via http without issue. To my knowledge when it does the HTTP challenge the server redirects to the let'sencrypt folder where the challenges are stored but for some reason it times out sometimes on one or more subdomains and succeeds on others. I almost wonder if fail to ban is kicking in because I have so many subdomains. Edited August 20, 2020 by Jerky_san Quote Link to comment
aptalca Posted August 21, 2020 Share Posted August 21, 2020 7 hours ago, Jerky_san said: Sorry I don't know why I said blank.. HTTP challenge over port 80. Even though the port is totally accessible it seems it has trouble completing the challenges stating "Timeout during connect (likely firewall problem)". It will even fail to do the challenge on subdomains it just did a few minutes ago when adding another subdomain to the list. But if I spin up "NginxProxyManager" as a test container just to see if other containers fail. It is able to challenge via http without issue. To my knowledge when it does the HTTP challenge the server redirects to the let'sencrypt folder where the challenges are stored but for some reason it times out sometimes on one or more subdomains and succeeds on others. I almost wonder if fail to ban is kicking in because I have so many subdomains. Follow this: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
jxjelly Posted August 21, 2020 Share Posted August 21, 2020 @linuxserver.io you should probably update the first post to reflect the new github Quote Link to comment
bigmak Posted August 21, 2020 Share Posted August 21, 2020 1 hour ago, xuereb.dev said: @linuxserver.io you should probably update the first post to reflect the new github For those that haven't heard, this container is being renamed. https://blog.linuxserver.io/2020/08/21/introducing-swag/ Quote Link to comment
ElectricBadger Posted August 23, 2020 Share Posted August 23, 2020 Do we need to change anything in our unRAID configs in order to continue getting updates to this container, if it's being renamed? Or will the rename get picked up automatically? Quote Link to comment
Celebrian Posted August 23, 2020 Share Posted August 23, 2020 1 hour ago, ElectricBadger said: Do we need to change anything in our unRAID configs in order to continue getting updates to this container, if it's being renamed? Or will the rename get picked up automatically? I would assume that there will be a new container to swap to, as swag is in a different git repo than the lets encrypt image. There is currently not released one on the community application plugin in unraid, so i would assume they will release it when they have time. Quote Link to comment
zagert Posted August 23, 2020 Share Posted August 23, 2020 11 hours ago, ElectricBadger said: Do we need to change anything in our unRAID configs in order to continue getting updates to this container, if it's being renamed? Or will the rename get picked up automatically? For now you can just edit the docker to point the repository from linuxserver/letsencrypt to linuxserver/swag and it seems to work fine for me so far. 1 Quote Link to comment
BeardedNoir Posted August 23, 2020 Share Posted August 23, 2020 (edited) Conversion details on Linuxserver/Swag; (https://hub.docker.com/r/linuxserver/swag) Edited August 23, 2020 by LoneTraveler 1 Quote Link to comment
Greygoose Posted August 24, 2020 Share Posted August 24, 2020 (edited) I have lets encrypt running on Nginx proxy manager and i'm looking to come back to this docker as my lets encrypt certs are set to expire, and they won’t renew. I have followed Spaceinvaders guide, when I start lets encrypt docket i get Challenge failed for domain nextcloud.mydomain.co.uk ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The confusing part is my dockers currently working, so its like the port forward settings work but not allowing certificate renewal. Quote ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=bmydomain.co.uk SUBDOMAINS=nextcloud, EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http DNSPLUGIN= [email protected] STAGING= SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.mydomain.co.uk E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for nextcloudmydomain.co.uk Waiting for verification... Challenge failed for domain nextcloudmydomain.co.uk http-01 challenge for nextcloud.mydomain.co.uk Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: nextcloud.mydomain.co.uk Type: connection Detail: Fetching http:/iremoved thelinkfromhere Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Edited August 24, 2020 by Greygoose Quote Link to comment
aptalca Posted August 24, 2020 Share Posted August 24, 2020 8 hours ago, Greygoose said: I have lets encrypt running on Nginx proxy manager and i'm looking to come back to this docker as my lets encrypt certs are set to expire, and they won’t renew. I have followed Spaceinvaders guide, when I start lets encrypt docket i get Challenge failed for domain nextcloud.mydomain.co.uk ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The confusing part is my dockers currently working, so its like the port forward settings work but not allowing certificate renewal. Check your port forwarding for port 80 Follow this: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.