August 17, 20178 yr managed to get this from the logs, I understand about the registration error, but not sure on the other errors [cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ******.duckdns.orgE-mail address entered: *******@gmail.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting.
August 17, 20178 yr well, I just removed the docker and the folder and set it up again, seems to be working now
August 17, 20178 yr Edit: I'm a dumbass - port 443 wasn't forwarded....... I too am having issues with this docker. I've removed it and reinstalled it several times (including removing the appdata folder for letsencrypt). I've tried different ports. I'm getting the following error: Failed authorization procedure. technologiq.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout I've double checked and made sure my port forwarding (Ubiquiti ER3) is working correctly. It appears that NGINX isn't even starting up to respond to the request in the first place. Any ideas? Edited August 17, 20178 yr by technologiq
August 17, 20178 yr For the record, none of the problems people are having are the container, each and every one has been config.Yours looks like letsencrypt can't validate your domain so without that nginx won't start.Sent from my LG-H815 using Tapatalk
August 25, 20178 yr Hello All! New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down: GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...generating self-signed keys in /config/keys, you can replace these with your own keys if requiredGenerating a 2048 bit RSA private key...........+++.....................+++writing new private key to '/config/keys/cert.key'-----Subject Attribute /C has no known NID, skipped[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completedGenerating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long timeDH parameters successfully created - 2048 bitsSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ***********.ddns.netE-mail address entered: ******.*******@outlook.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist...... Edited August 25, 20178 yr by unraid_countryboy
August 25, 20178 yr Hello All! New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down: GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...generating self-signed keys in /config/keys, you can replace these with your own keys if requiredGenerating a 2048 bit RSA private key...........+++.....................+++writing new private key to '/config/keys/cert.key'-----Subject Attribute /C has no known NID, skipped[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completedGenerating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long timeDH parameters successfully created - 2048 bitsSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d ***********.ddns.netE-mail address entered: ******.*******@outlook.comGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logAn unexpected error occurred:There were too many requests of a given type :: Error creating new registration :: too many registrations for this IPPlease see the logfiles in /var/log/letsencrypt for more details./var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory[cont-init.d] 50-config: exited 1.[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting. When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist......The certs weren't generated properly (could be a port forwarding or a dns issue) them you tried it too many times unsuccessfully and now letsencrypt servers are throttling you. Try putting in your custom domain (including your custom subdomain) as the url, and enter a subdomain like www, don't set only subdomains to true. Sometimes when you change the subdomains around you can get around the throttling issue. You still have to fix the dns or port issue. If that doesn't work, you'll have to wait until letsencrypt accepts requests from you again
August 28, 20178 yr Any way the php7-phar package can be added in the next build? There are a number of flat-file CMS systems like 'grav' and 'pico' that use composer/phar to perform installation.
September 1, 20178 yr I've been getting cert errors in firefox the last few days, dunno if its me, firefox or letsencrypt, but Ive deleted my keys folder and rebuilt and it still happeneing, works fine in chrome/edge though.
September 2, 20178 yr I've got this working for plrx, ombi and calibre-web from external locations, but on my home network I can't access mydomain.com/plex - is this normal or am I missing something fundamental? In my pfsense router I've forwarded all WAN traffic to 443 to unRAID, and I'm guessing I need to find a way to forward local traffic to my mydomain.com/plex to unraid as well? Thanks in advance # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https #server { # listen 80; # server_name _; # return 301 https://$host$request_uri; #} # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'XXXXXXXX'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } #calibre-web location /books { proxy_bind $server_addr; proxy_pass http://172.30.12.2:8086; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /books; } #PLEX location /web { # serve the CSS code proxy_pass http://172.30.12.2:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://172.30.12.2:32400/web; } #Ombi location /plexrequest { include /config/nginx/proxy.conf; proxy_pass http://172.30.12.97:3579/plexrequest; }
September 2, 20178 yr 47 minutes ago, DZMM said: on my home network I can't access mydomain.com Look up NAT reflection or loopback. https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
September 2, 20178 yr 3 hours ago, jonathanm said: Look up NAT reflection or loopback. https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks Well, that was easy when you know where to look!!! I followed the link and used Method 2 for Split DNS by adding a host override for my domain in DNS Resolver pointing the domain to my unRAID box's IP. Works much better than it did via my BT HH5 router, which used to send the request out to the internet and then receive it back, to send out again...now it's super-fast as loading locally. If only every webpage was this fast! Thanks @jonathanm - another reason to love the control of pfsense
September 4, 20178 yr Hi guys, I keep seeing these errors during cert renewal even though the certs are renewed successfully. cronjob running on Mon Sep 4 16:07:17 AEST 2017 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.XXX.com.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Running pre-hook command: s6-svc -d /var/run/s6/services/nginx Hook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111 Error output from s6-svc: s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/www.XXX.com/fullchain.pem ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: Has anyone encountered these before and what's the resolution please? Cheers. Edited September 4, 20178 yr by doremi More info added.
September 4, 20178 yr Hi guys, I keep seeing these errors during cert renewal even though the certs are renewed successfully. cronjob running on Mon Sep 4 16:07:17 AEST 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/www.XXX.com.conf-------------------------------------------------------------------------------Cert is due for renewal, auto-renewing...Running pre-hook command: s6-svc -d /var/run/s6/services/nginxHook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111Error output from s6-svc:s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory-------------------------------------------------------------------------------new certificate deployed without reload, fullchain is/etc/letsencrypt/live/www.XXX.com/fullchain.pem-------------------------------------------------------------------------------Congratulations, all renewals succeeded. The following certs have been renewed: Has anyone encountered these before and what's the resolution please? Cheers.That's harmless. It's trying to reload nginx after cert renewal but failing, because nginx is not running yet, since the renewal script is running during container start. Nginx will be started later with the new certs loaded. If the script was running via cron at 2am, nginx would have been running, and would have been reloaded properly.Either way everything works fine.
September 4, 20178 yr Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed. How can I get around this?
September 4, 20178 yr Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed. How can I get around this?If you remove the subdomains field in the container settings, that change should persist through updates. If it doesn't, it's an unraid gui issue.
September 4, 20178 yr Yes it seems to reinstate it when there is an update for the docker. What would you suggest? Remove the container and reinstall (without removing the config directory?).
September 4, 20178 yr I'm kind of stuck. I'm using this container's nginx to proxy some things (including directories), and then using another url to reverse proxy again. When I do this, I get an auth prompt. Accessing the DDNS url directly, there's no auth prompt. Reversing proxying from my other server's url does. Is this a fail2ban thing? I tried disabling fail2ban completely to no avail, and there's no lines in my config (on either server) that would prompt for authentication. EDIT: Nevermind, I was pointing it to http instead of https in the second server's proxy config. Whoops! Edited September 4, 20178 yr by Crash
September 4, 20178 yr Sounds like there's some auth function in there somewhere and I don't think it's anything to do with fail2ban. Why not post some redacted config files?
September 4, 20178 yr If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...
September 5, 20178 yr If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...If the unraid rc truly requires port 443, then you would only need a new ip with port 443 open for the letsencrypt container, not the rest of the containers.I believe the new unraid rc uses a limetech hosted ddns and gets the certs for the addresses on their server (everyone gets a randomized unique string added to limetech's address). The certs would not be for your own domain, but the custom domain limetech assigns you. Theoretically they should be able to let you use a different port for the connection between their server and yours, although I'm not sure if that's implemented.
September 5, 20178 yr 19 hours ago, kaiguy said: If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward... Seeing the same issue on rc8q; Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in useError: failed to start containers: letsencrypt
September 5, 20178 yr 2 hours ago, upthetoon said: Seeing the same issue on rc8q; Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in useError: failed to start containers: letsencrypt Your issue is that unraid gui is using port 443 See if you can turn off https in unraid settings. Then you should be fine
September 6, 20178 yr 14 hours ago, aptalca said: Your issue is that unraid gui is using port 443 See if you can turn off https in unraid settings. Then you should be fine I couldn't see an obvious way to turn off https in unraid. I changed the secure port number in unraid which I don't think is a long term solution but has done the trick for now!
September 6, 20178 yr an other way would be, to assign some other port number to your letsencrypt container (for example: container port 443 -> host port 8062). then change the port forwarding in your router to incoming port 443 -> 8062 on your unraid machine then the reverse proxy should work as before
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.