EdgarWallace Posted January 14, 2018 Share Posted January 14, 2018 @CHBMB that means it‘s working for you under 6.4? I have altered my post and it shows that there is an issue with port 443 already assigned. Gesendet von iPad mit Tapatalk Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 2 minutes ago, EdgarWallace said: @CHBMB that means it‘s working for you under 6.4? I have altered my post and it shows that there is an issue with port 443 already assigned. Gesendet von iPad mit Tapatalk Port 443 is probably already assigned by the Unraid webui. Settings => Identification => SSL.... 1 Quote Link to comment
EdgarWallace Posted January 14, 2018 Share Posted January 14, 2018 Yes it was - I was not aware it's simply "allowed" to modify the unRAID's webui Port 443. I just changed it towards 442 and all is working again. I do believe that some will fall into that trap as well as soon as they are updating. Maybe @aptalca you could add this to your great guide? Thanks @aptalca and @CHBMB Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues.https://lime-technology.com/applications/tapatalk/index.php?/topic/51808-[support]-Linuxserver.io---Letsencrypt-(Nginx)#entry619712Sent from my LG-H815 using Tapatalk Quote Link to comment
saarg Posted January 14, 2018 Share Posted January 14, 2018 (edited) 1 hour ago, EdgarWallace said: Yes it was - I was not aware it's simply "allowed" to modify the unRAID's webui Port 443. I just changed it towards 442 and all is working again. I do believe that some will fall into that trap as well as soon as they are updating. Maybe @aptalca you could add this to your great guide? Thanks @aptalca and @CHBMB It's already mentioned in the release thread and release notes in the webui of unraid 6.4 that it now uses port 443. Edited January 14, 2018 by saarg Quote Link to comment
upthetoon Posted January 14, 2018 Share Posted January 14, 2018 (edited) Sorry to add to the list of people with probably obvious issues but I'm having trouble getting this working too. I've been using it through the RC's and have unraid set to port 444 to avoid the clash. It was working fine before the CA change. I've followed the instructions above (thank you) and set the HTTPVAL flag to true. I'm using port 81 for the docker and have port 80 fwd to 81 in my router. I'm getting this error which I can't see is happening for anyone else... Failed authorization procedure. <redacted>.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://<redacted>.unraid.net:444/.well-known/acme-challenge/QaX0x01RBkOvVSiPIP5VlKlhGyQDYNZXTuanOrzQ-n0: Invalid port in redirect target. Only ports 80 and 443 are supported, not 444 Startup command; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="<redacted>" -e "URL"="duckdns.org" -e "SUBDOMAINS"="<redacted>" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -e "HTTPVAL"="true" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Edited January 14, 2018 by upthetoon Quote Link to comment
mrangryoven Posted January 14, 2018 Share Posted January 14, 2018 My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. Here is my run command I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues. PS, this is a repost. i deleted my previous one and added this run command. Quote Link to comment
FreeMan Posted January 14, 2018 Share Posted January 14, 2018 11 minutes ago, mrangryoven said: This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. I'd guess that you can't prove ownership of duckdns.org, therefore the attempt to prove your ownership is failing. Domain Name = Yourdomain.duckdns.org Sub domains = www,ftp,etc Quote Link to comment
riffles21 Posted January 14, 2018 Share Posted January 14, 2018 (edited) 1 hour ago, mrangryoven said: My letsencrypt docker is not working. Re-installed multiple times with no success, settings are as they were pre unRAID 6.4.0 update. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is what im getting at the moment. Im using duckdns.org as my domain and subdomain as my duck dns name. Port 81 for the docker and was using 443 but i have entered 443 manually in the box as it was staying grey on the docker page. Here is my run command I have changed the port in the unraid Settings > Identification > SSL for HTTPS to 442 and applied, this is also not helping! Any ideas? I see i am not alone with my issues. PS, this is a repost. i deleted my previous one and added this run command. I have exactly the same issue. It was running fine last week and now all of a sudden it stopped working. Maybe it has something to do with this: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 Edit: solved the problem, thanks @CHBMB. Set HTTPVAL to 'true' and forwarded external port 80 to internal 81. Edited January 14, 2018 by riffles21 problem solved 1 Quote Link to comment
RAINMAN Posted January 14, 2018 Share Posted January 14, 2018 Great, I tried a bunch of things before seeing this thread and now i am banned for a week. All my services are now down for a week without a way around them? This is pretty crap. Quote Link to comment
Taddeusz Posted January 14, 2018 Share Posted January 14, 2018 2 minutes ago, RAINMAN said: Great, I tried a bunch of things before seeing this thread and now i am banned for a week. All my services are now down for a week without a way around them? This is pretty crap. Welcome to the 21st century. Quote Link to comment
Muff Posted January 14, 2018 Share Posted January 14, 2018 20 hours ago, izarkhin said: In the container map port 80 to some other port (8083 in this case): In the container advanced settings set HTTPVAL to true: On the router forward port 80 to the same port you mapped your container's port 80 to (port 8083 ion this case): Ah, it was under the Advanced Settings. I missed that. Thank you! And now I get this error: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... DH parameters bit setting changed. Deleting old dhparams file. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ....................................................................................................................+...............................................................................................................................+.......+.............................................................................................................+...........................................................................................................+.........................................................................................+..........................................................................................................................................................+.............................................................................................................................+........................................+....................................................................................................+...+...................................................................+...................................................................................................................................................................................+..................................................................................................................................................................................+.......................................................................+...............................................+...............................................................................+................................................................................................................+..................................................................................+.......................+...................................................................................................................................................................................................................................................................+...........................+.........................................................................................................+.................................................................................................+...............................................................................................................................................................+..........................+.............+......+..........+............................................................................................................................................................................................................+........................................................................................................+.....................................................................................................................+.............................+.............................................+....+...............................................................+............................................................................................+................+...................................................+........................................................................................................................................................+....................................................................+...................................+...+.....................................+..................................................................+.....+......................................+..................................................+.....................................................+........................................................................+..................................................................+......+..............................................................................................................................................................................................+......+......+....................................................................................................................................................................................................................................++*++* DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d webb.duckdns.org E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for webb.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. webb.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webb.duckdns.org/.well-known/acme-challenge/RrOIRCumpKol_Q0gFd_-1NHrtiAdj9-v6CDTfn3eOVg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: webb.duckdns.org Type: unauthorized Detail: Invalid response from http://webb.duckdns.org/.well-known/acme-challenge/RrOIRCumpKol_Q0gFd_-1NHrtiAdj9-v6CDTfn3eOVg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container And the pictures and from my Firewall (UniFi Security Gateway 3P) and the docker config Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 24 minutes ago, riffles21 said: Maybe it has something to do with this: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996 It has everything to do with that, @aptalca has had to re-implement the authorisation of this container completely. It's not a problem with the container, it's LetsEncrypt changing how they do things. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 Anyone needing help. Read this first..... 1 Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 @Muff Looks like you're forwarding 80 and 81 externally to 80 & 81 internally. You need to forward 80 externally to 81 internally. 2 Quote Link to comment
RAINMAN Posted January 14, 2018 Share Posted January 14, 2018 Is there any way to start the docker with the old certificates and bypass the removing and attempt at reissue? I have backups but if i add them in they get distroyed when the container starts. Quote Link to comment
Muff Posted January 14, 2018 Share Posted January 14, 2018 20 minutes ago, CHBMB said: @Muff Looks like you're forwarding 80 and 81 externally to 80 & 81 internally. You need to forward 80 externally to 81 internally. Ah, I didn't know what I was thinking when I grouped all my ports on both Source and Destination so I split them up now and it's working. Thank you! Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 10 minutes ago, RAINMAN said: Is there any way to start the docker with the old certificates and bypass the removing and attempt at reissue? I have backups but if i add them in they get distroyed when the container starts. I suppose you could use the regular nginx container and configure it to use your backed up certs Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 Posting this again so it remains seen! Anyone needing help. Read this first..... 1 Quote Link to comment
Dhagon Posted January 14, 2018 Share Posted January 14, 2018 4 hours ago, CHBMB said: That looks like everything is working fine to me. Sent from my LG-H815 using Tapatalk Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along.. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 7 minutes ago, Dhagon said: Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along.. Sounds like a NAT reflection issue to me. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 8 minutes ago, Dhagon said: Well it had been working before this update.. Now nextcloud works with the fix.. And after updating Unraid to 6.4, ombi started working again for some reason.. Now my problem is that I can't connect to either of them via reverse proxy from my own PC using the same url, only using IP:port works.. Url works for my phone and my friends PC externally.. It really sounds unrelated, but it only started happening once this letsencrypt change of port thing came along.. There are two issues at play. Firstly LetsEncrypt have changed the method used to issue certs. The second issue is Unraid itself on v6.4.0 has implemented a system using LetsEncrypt. It sounds like you've sorted the first issue, in that your certs have been issued. Whether the second issue is contributing to your ongoing problem I couldn't say, but it may be worth delving into. Quote Link to comment
steve1673 Posted January 14, 2018 Share Posted January 14, 2018 3 hours ago, CHBMB said: What had you got in DOMAIN NAME? If you don't want to post it in public can you PM me? I have a theory.... Let me know if you need more info on this - This was my issue as well. turning on subdomains only fixes everything except the root site. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 1 minute ago, steve1673 said: Let me know if you need more info on this - This was my issue as well. turning on subdomains only fixes everything except the root site. Please PM me what you have in DOMAIN NAME. Quote Link to comment
CHBMB Posted January 14, 2018 Share Posted January 14, 2018 (edited) Posting this again so it remains seen! Anyone needing help. Read this first..... Edited January 14, 2018 by CHBMB Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.