Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

There does not seem to be a clear path to a fix for those of us with port 80 blocked correct?

Sent from my ONEPLUS A5010 using Tapatalk

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

Once again, huge thanks got the gents (and ladies?) at lsio!

 

There was an update overnight and this morning my letsencrypt container started without any issues or changes at my end.

1 hour ago, FreeMan said:

Once again, huge thanks got the gents (and ladies?) at lsio!

 

There was an update overnight and this morning my letsencrypt container started without any issues or changes at my end.

 

Unfortunatley it is still not working for me...

 

 

1 minute ago, ebnerjoh said:

 

Unfortunatley it is still not working for me...

 

 

 

If you added the extra container parameter, consider removing it? I'd never added it in the first place, so maybe that's the difference.

 

/SWAG

1 minute ago, FreeMan said:

 

If you added the extra container parameter, consider removing it? I'd never added it in the first place, so maybe that's the difference.

 

/SWAG

 

No, thats not the issue, I now completley deleted the docker (+appdata directory) and recreated. It is still not working.

Sorry, mate, I'm fresh outta ideas... After it magically stopped working, I just hung on long enough for it to magically start working again...

Well, maybe I jumped the gun, too...

 

The container will start, but it doesn't seem to be redirecting to my emby container. i.e. I get "Unable to connect" when I point my browser at "emby.mydoinain.com". This was working a few days ago prior to the kerfuffle about the LE docker and was working fine while trying to get the Android emby app to connect through a secured RP.

 

I looked at the docker config:

image.thumb.png.5f4df751115b6190aed99c415337f416.png

 

and I seem to have an extra "http" variable down there at the bottom. I have no recollection if this is a default path or if I'd manually added it for some reason. I've reviewed the last 12-15 pages for issues I've posted and none of the resolutions seemed to indicate me adding this as an extra variable, so this really has be cornfoosed...

 

I'd like to get confirmation that this shouldn't be there before I go and delete it

For me it is now working. 

 

I just set "HTTPVAL" under "Advanced Settings" to "true".

 

Br,

Johannes

Interesting - I ended up forwarding port 80 to 8008 (container http port) and it started working along with HTTPVAL (under Docker, LetsEncrypt, advanced settings to true).

 

I believe that Comcast blocks 80 but it's working. 

I would also like to thank the great people at Linuxserver.io for all of the goodies that that offer us!!!

Mine's not working anymore full stop, no matter what I try.

Just now, allanp81 said:

Mine's not working anymore full stop, no matter what I try.

 

Without logs, and what you're actually running nobody can really help you though.....

1 minute ago, CHBMB said:

 

Without logs, and what you're actually running nobody can really help you though.....

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
No subdomains defined
E-mail address entered: myemailaddress
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain
Waiting for verification...
Cleaning up challenges
Failed authorization procedure.mydomain (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching mydomain.well-known/acme-challenge/oRXMV_jiOZf46BZZIfcvf4OMbOHr9zF7cza7CIrY4zM: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: mydomain
Type: connection
Detail: Fetching
mydomain/.well-known/acme-challenge/oRXMV_jiOZf46BZZIfcvf4OMbOHr9zF7cza7CIrY4zM:
Timeout

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

What command are you running?

 

Here's mine to show you what I mean.....

 

nfPkg6W.png

2 minutes ago, CHBMB said:

What command are you running?

 

Here's mine to show you what I mean.....

 

nfPkg6W.png

How do I check what command is run when the docker is updated/started? 

The only difference I can see is that you have DHLEVEL set to 4096 whereas mine is set to 2048. I tried setting HTTPVAL to true and it still fails, albeit with a different error:

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="mine" -e "URL"="mine" -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="false" -p 443:443/tcp -p 81:80/tcp -v "/mnt/cache/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt

4ace7d0eb4e12f1e6fff297403f6ef2a77f6d8a317d9825d78ef0bb4069c322b

Edited by allanp81

1 minute ago, CHBMB said:

And I have httpval set to true.

Yes sorry, I updated my post to reflect that. It fails whether set to true or false.

1 minute ago, allanp81 said:

Yes sorry, I updated my post to reflect that. It fails whether set to true or false.

 

Have you got port 80 on your router/firewall forwarded to port 81 on your Unraid ip?

No, I tried port 80 but obviously that didn't work.

Well that's not surprising, port 80 is the Unraid webui port, try forwarding to port 81 which is what you've mapped port 80 IN the container to.

4 minutes ago, CHBMB said:

Well that's not surprising, port 80 is the Unraid webui port, try forwarding to port 81 which is what you've mapped port 80 IN the container to.

Awesome, that's now working!!!

 

Thanks ever so much for your help.

Hi,

 

I've just upgrade my unRaid server from 6.3.4 (?) to 6.4.0 and since then my container letsencrypt isn't working as it used to.

I've reinstalled the container and I still can't find the solution to the problem with some googleing :(

 

The log:

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
DH parameters bit setting changed. Deleting old dhparams file.
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..................................................................................................................................................................................................................................................................................................................................................................................................................................................................+......................................................................................................................+...+.........................................+...............................................................................................................................................+.......................................................................+...................................................+..................+.................................................................................+....................................................................+.................................................................................+..........................................................................................................+.+..................................................................................+..................................................................................................................................................................................+..........................................................+..........................................+.............................................................................................+..................................+................................................................................................................................................................................................+..............................................+.........................+.......................................................................................................+...................................................................................+.+........................................................+..........................................................................................+....................................+.......+............+...............................................................................................................................+.........................................................................................................................................................................................+.........+............................................+..........................................................+..+................................+........................................................................+....................................................................................+..................+..+...................................................................................................................................................................+......................................................................+..................................................................................................................................................................................................................................................................................................................................................................+.......................................................................+.......................................+..+.........................................+..................................+............................+............................................................+................................................................................................................................................................................+.+...............................................................................................................+.................................................+..............................................+...................+......................................................+.....................................................................................................................................................................................................+............................+.................................................................................+...........+......................................+........................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................+.................................................................................+...........................................................................+................................................................................................................................................................................................................................................................................+....++*++*
DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d domain.duckdns.org
E-mail address entered: [email protected]
Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --cert-path: No such file or directory

Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

The container config: Screenshot_1.jpg

 

Thank you!

Screenshot_1.jpg

Edited by Muff

I will only post this once. Feel free to refer folks to this post.

 

A few points of clarification:

 

The last update of this image didn't break things. Letsencrypt abruptly disabled the authentication method previously used by this image (tls over port 443) due to a security vulnerability. It is unclear whether they will ever re-enable it again. 

 

So we added the option of validating  over port 80, via setting the HTTPVAL variable to true (similar to how PUID is set to 99). But you have to make sure port 80 is forwarded to the container from your router. 

 

Keep in mind that unraid gui runs on port 80, so you should map port 80 on your router to any other port, ie. 85. Then in the container settings, map port 85 to port 80.

 

Unraid template has been updated to include this new variable setting, and I think the brand new unraid stable as well as the previous betas will automatically add that variable to your settings (not 100% sure because I'm still on 6.3.5). Either way, check your settings. 

 

If your isp blocks port 80, there's nothing we can do as it is the only port letsencrypt will validate through at this point. 

 

Someone mentioned dns validation. It's not gonna happen as it is. It requires a script to change dns settings on your dns provider. Since all the dns providers have different api's for this process, we cannot automate it for you, therefore we will not add dns validation (unless there is a standardized way to update dns entries in the future but I wouldn't hold my breath). 

 

You do not need to make changes to your nginx site config and you do not need to enable listening on port 80. Validation is done through a separate web server temporarily put up during validation and is not affected by your nginx config. 

 

And one last thing, the error message about the directory not existing is harmless, it just means that you didn't have a letsencrypt cert the last time the container was started, probably because the validation had failed. 

Edited by aptalca

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.