January 14, 20188 yr My Letsencrypt docker isnt working after the new OS update. I have removed it and re-added it and got it to start up but it wont generate the certificate. All my settings are the same as previous however ive had to set the port 80 to 81 and 443 to 444 as unraid now uses Nginx so i assume these have been taken already as it wasnt mapping them natively. Any help is appreciated, i need this docker working asap! Thanks,
January 14, 20188 yr Instead of port translations you can change the network type of the letsencrypt container to br0 and assign a different IP address to the container. This allows the container to keep using the original ports 80 and 443.
January 14, 20188 yr Author 7 minutes ago, Codeh said: Make sure you redo your port forwarding after changing the mapping. Have done that already. Still not working sadly.
January 14, 20188 yr Just now, mrangryoven said: Have done that already. Still not working sadly. What does the docker log say?
January 14, 20188 yr Author 14 minutes ago, Codeh said: What does the docker log say? Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is the error that im getting, it says cert does not exist? It hasnt tried to create it yet.
January 14, 20188 yr 11 minutes ago, mrangryoven said: Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container This is the error that im getting, it says cert does not exist? It hasnt tried to create it yet. There's a support thread for the LetsEncrypt container and lots of information in the last couple of days as to why it's not working. See the last post I made in the last 5 minutes.
January 24, 20188 yr On 1/14/2018 at 4:54 PM, CHBMB said: There's a support thread for the LetsEncrypt container and lots of information in the last couple of days as to why it's not working. See the last post I made in the last 5 minutes. Leaving a link would have saved us time @CHBMB.
January 24, 20188 yr Leaving a link would have saved us time [mention=6219]CHBMB[/mention].If people read a support thread it would save me even more, seriously look back through the letsencrypt thread and count how many times over the last couple of weeks I've posted the same link. It's not always practical for me to post the link as I may be on mobile or shock/horror have something else going on.Would it have been better to post nothing at all and just leave you all to figure it out / not figure it out for yourselves? Because that would be easier for me to be honest.Sent from my LG-H815 using Tapatalk
January 24, 20188 yr Having to post the same thing over and over again sounds inefficient. It gets easily lost in the support thread. Maybe information like this should be included in the first post of the support thread.
January 24, 20188 yr 1 hour ago, realies said: Having to post the same thing over and over again sounds inefficient. It gets easily lost in the support thread. Maybe information like this should be included in the first post of the support thread. Yeah, funny thing is, we update all our documentation on github, there's a link to it on that opening post of the support thread. Guess what, people don't read it. Just like how people don't post in the support thread in the first place. You want to do better? Step up.... Whole reason I kept posting the same link over and over is because a lot of people can't be arsed to read the last couple of pages to check if their issue has been covered. Edited January 24, 20188 yr by CHBMB
January 29, 20188 yr Here is the resolution since Google brought me first to this page instead of any let's encrypt support pages and the official support thread did not link to any support thread or post any resolutions: https://www.linuxserver.io/2018/01/11/psa-changes-to-our-lets-encrypt-container/ Quote Following a very recent announcement by the Let's Encrypt team regarding a vulnerability that has surfaced relating to the use of the TLS-SNI-01 challenge when validating certificates, we have had to make an emergency change to our image. In short, they have disabled that method of verification until they can properly mitigate the issue. This means that our Let's Encrypt container will not work as we only make use of the TLS-SNI method of certificate validation. With this in mind, we have made the decision to (hopefully) lessen the impact of this issue to our users by making a change to our image which allows certificate validation via HTTP (port 80). We're just awaiting final peer review before we push these changes through our pipeline, so in the mean time, we stress that our users try their best not to restart their Let's Encrypt container until we have pushed this change up. We will update you once the new image is available, and what you need to do to enable HTTP validation. Update: The changes to our image have now been merged. In order to get certificate validation working, you'll need to add the following environment variable to your docker create/run command: -e HTTPVAL=true In the unraid GUI, select 'Edit' in the Lets Encrypt container, and expand 'Advanced Settings' change HTTPVAL variable from 'false' to 'true'
January 29, 20188 yr 2 minutes ago, vortexrap said: In the unraid GUI, select 'Edit' in the Lets Encrypt container, and expand 'Advanced Settings' change HTTPVAL variable from 'false' to 'true' It's not always that simple, but in essence yes. And there is plenty of discussion about all this in the actual support thread, the situation is complicated by concurrent use of ports for the Unraid gui, some people have port 80 blocked by their ISP and in general a poor understanding of port forwarding and docker port allocation.
June 1, 20188 yr Just to update and add, I had similar issue after the 6.5.1 update. All I had to do was re-map the port bindings so that there was no conflict. (In this case the contested port was 443 which is also used by nginx, even though it was not an issue before.) Rebuilt the image and now all is well. TL:DR Check your port mappings and bindings before complaining about stuff not working. Also, support threads FTW./
July 14, 20187 yr @vortexrap, @LordShad0w, I'm seeing the following: But still getting Failed authorization procedure. jxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: jxxxx1.duckdns.org Type: connection Detail: Fetching http://jxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refused ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Edited July 14, 20187 yr by jang430
July 14, 20187 yr 4 hours ago, jang430 said: @vortexrap, @LordShad0w, I'm seeing the following: But still getting Failed authorization procedure. jxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: jxxxx1.duckdns.org Type: connection Detail: Fetching http://jxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refused ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container You don't own or control duckdns.org, only jXXXX1.duckdns.org. Read the descriptions of the docker fields carefully.
July 14, 20187 yr @jonathanm, ok. Changed settings to the following: Same error persists. I tried to go to www.jxxxx1.duckdns.org, still the same error. Cleaning up challengesFailed authorization procedure. www.jxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.jxxxx1.duckdns.org/.well-known/acme-challenge/ib2mhAZlmQIeMYjkM3Bg6gX0uIhwzoGfoFVcbRzpri8: Connection refusedIMPORTANT NOTES:- The following errors were reported by the server:Domain: www.jxxxx1.duckdns.orgType: connectionDetail: Fetchinghttp://www.jxxxx1.duckdns.org/.well-known/acme-challenge/ib2mhAZlmQIeMYjkM3Bg6gX0uIhwzoGfoFVcbRzpri8:Connection refusedTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
July 15, 20187 yr It can't connect on port 80, so it seems that the issue is port forwarding. How did you test it? Or the dns is not pointing to the correct IP. Edited July 15, 20187 yr by saarg
July 15, 20187 yr I turned off the LE docker container, and started an nginx docker container, mapping exactly on the same ports as LE. Without changing any port forwarding in the router (already pre-adjusted), I can see that it's forwarded to the nginx page.
July 15, 20187 yr Looks correct if your IP is correct. Can you try to remove the two http and https port mappings that are empty in the bottom of your template? That might be the issue.
July 15, 20187 yr didn't notice it popped up again. I did try deleting it earlier, and still not working.
July 16, 20187 yr Finally got it working. All I did was delete the whole docker container, then recreated it with exactly the same values. I reached the following page: Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] I get to access the page above by typing https://jxxxx1.duckdns.org. By typing http://jxxxx1.duckdns.org, I don't reach that page. Why is this the case?
Archived
This topic is now archived and is closed to further replies.