linuxserver.io

[Support] Linuxserver.io - Letsencrypt (Nginx)

2184 posts in this topic Last Reply

Recommended Posts

3 hours ago, steve1977 said:

Thanks, that's quite of an issue...

 

Any pointers on the first two issues?

 

And maybe also any thoughts whether there is a tool around that allows me to check whether port forwarding is even possible with my ISP (and if so what ports).

 

 

https://github.com/linuxserver/docker-letsencrypt#setting-up-the-application

Share this post


Link to post

Thanks. I had read through it and tried to follow it.

 

I have no clue what is occupying port 444. I assume from this thread that 443 is taken by Unraid. I can see i the docker settings what other dockers are using, but port 444 is not among them. Is there some other software or plugin for Unraid that can tell me what ports are being used by what?

 

I have signed up for duckdns amd included all respective information (following the how-to). Duckdns is running. Not sure what I am missing within Letsecrypt though?

Share this post


Link to post
1 hour ago, steve1977 said:

Thanks. I had read through it and tried to follow it.

 

I have no clue what is occupying port 444. I assume from this thread that 443 is taken by Unraid. I can see i the docker settings what other dockers are using, but port 444 is not among them. Is there some other software or plugin for Unraid that can tell me what ports are being used by what?

 

I have signed up for duckdns amd included all respective information (following the how-to). Duckdns is running. Not sure what I am missing within Letsecrypt though?

 

You're missing the port forwarding on your router as sparklyballs wrote above. 

 

Validation requests from letsencrypt come to your router, but they need to be forwarded to your unraid's ip and the port you selected for letsencrypt

Share this post


Link to post

Thanks. Sparklyballs mentioned three issues though. Do you suspect the closed ports causing the first two issues? Why is 445 "working", but 444 not.

Share this post


Link to post
10 hours ago, aptalca said:

 

Looks like you didn't forward the port on your router

 

Ah, thank you!

Share this post


Link to post

Hi Guys,

 

    New to unraid and letsencrypt, cant seem to figure out what I am doing wrong.

I am forwarding ports 80 and 443 from the router to my unraid box

My domain is registered with namecheap

I have replaced my domain with FooDomain in the log

It certainly seems to have created certificates

The log says - Saving debug log to /var/log/letsencrypt/letsencrypt.log - but there is no log there

 

What can I do to debug it? Can I turn on extra logging? 

 

Here is the container log. Any help would be amazing!

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a 2048 bit RSA private key
....................................................................................................+++

+
writing new private key to '/config/keys/cert.key'
-----
Subject Attribute /C has no known NID, skipped
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..............................
DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
Sub-domains processed are: -d unraid.FooDomain.com
E-mail address entered: admin@FooDomain.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for FooDomain.com
tls-sni-01 challenge for unraid.FooDomain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/FooDomain.com/fullchain.pem. Your cert will
expire on 2018-02-27. To obtain a new or tweaked version of this

certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot


- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
 

Share this post


Link to post
On 11/25/2017 at 7:33 AM, steve1977 said:

Why is 445 "working", but 444 not.

 

It is not really safe to randomly pick ports under 1023, as they are often already in use.  Here is a list of known ports:
  https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers 
you'll want to avoid reusing anything with an "official" IANA status.

 

Good alternatives for port 443 are 2443 and 8443, as those are available and easy to remember.

Share this post


Link to post
14 hours ago, Unthred said:

Hi Guys,

 

    New to unraid and letsencrypt, cant seem to figure out what I am doing wrong.

I am forwarding ports 80 and 443 from the router to my unraid box

My domain is registered with namecheap

I have replaced my domain with FooDomain in the log

It certainly seems to have created certificates

The log says - Saving debug log to /var/log/letsencrypt/letsencrypt.log - but there is no log there

 

What can I do to debug it? Can I turn on extra logging? 

 

Here is the container log. Any help would be amazing!

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a 2048 bit RSA private key
....................................................................................................+++

+
writing new private key to '/config/keys/cert.key'
-----
Subject Attribute /C has no known NID, skipped
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..............................
DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
Sub-domains processed are: -d unraid.FooDomain.com
E-mail address entered: admin@FooDomain.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for FooDomain.com
tls-sni-01 challenge for unraid.FooDomain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/FooDomain.com/fullchain.pem. Your cert will
expire on 2018-02-27. To obtain a new or tweaked version of this

certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot


- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
 

 

Most likely a mapping issue. What settings did you use? Where is your config folder stored?

Share this post


Link to post
3 hours ago, aptalca said:

 

Most likely a mapping issue. What settings did you use? Where is your config folder stored?

 

Thanks for the prompt response 

Settings I used were pretty much the default as follows

 

http: - Port 80

https: Port 443

email: admin@FooDomain.com

Domain Name: FooDomain.com

subdomains: unraid,

Only Subdomains: false

Diffie Hellman: 2048

AppData Config Path: /mnt/user/appdata/letsencrypt

 

 

After installing the docker I have this file structure in /mnt/user/appdata/letsencrypt

drwxr-xr-x 1 root   root    8 Nov 29 12:24 crontabs
drwxr-xr-x 1 root   root   22 Nov 29 12:24 etc
drwxr-xr-x 1 root   root   52 Nov 29 12:24 fail2ban
drwxr-xr-x 1 nobody users  54 Nov 29 12:24 keys
drwxr-xr-x 1 nobody users  54 Nov 29 12:24 log
drwxrwxr-x 1 nobody users  84 Nov 29 12:24 nginx
drwxrwxr-x 1 nobody users  20 Nov 29 12:24 www
-rw-r--r-- 1 root   root  118 Nov 29 12:24 donoteditthisfile.conf
 

the logs dir contains 

drwxr-xr-x 1 root   root    0 Nov 29 12:24 fail2ban
drwxr-xr-x 1 root   root    0 Nov 29 12:24 letsencrypt
drwxr-xr-x 1 nobody users   0 Nov 29 12:24 nginx
drwxr-xr-x 1 nobody users   0 Nov 29 12:24 php
 

but nothing in any of these directories. without logs I am struggling to workout what is wrong.

 

Is there anything I can do to increase the logging?

 

Thanks

Share this post


Link to post
6 hours ago, Unthred said:

 

Thanks for the prompt response 

Settings I used were pretty much the default as follows

 

http: - Port 80

https: Port 443

email: admin@FooDomain.com

Domain Name: FooDomain.com

subdomains: unraid,

Only Subdomains: false

Diffie Hellman: 2048

AppData Config Path: /mnt/user/appdata/letsencrypt

 

 

After installing the docker I have this file structure in /mnt/user/appdata/letsencrypt

drwxr-xr-x 1 root   root    8 Nov 29 12:24 crontabs
drwxr-xr-x 1 root   root   22 Nov 29 12:24 etc
drwxr-xr-x 1 root   root   52 Nov 29 12:24 fail2ban
drwxr-xr-x 1 nobody users  54 Nov 29 12:24 keys
drwxr-xr-x 1 nobody users  54 Nov 29 12:24 log
drwxrwxr-x 1 nobody users  84 Nov 29 12:24 nginx
drwxrwxr-x 1 nobody users  20 Nov 29 12:24 www
-rw-r--r-- 1 root   root  118 Nov 29 12:24 donoteditthisfile.conf
 

the logs dir contains 

drwxr-xr-x 1 root   root    0 Nov 29 12:24 fail2ban
drwxr-xr-x 1 root   root    0 Nov 29 12:24 letsencrypt
drwxr-xr-x 1 nobody users   0 Nov 29 12:24 nginx
drwxr-xr-x 1 nobody users   0 Nov 29 12:24 php
 

but nothing in any of these directories. without logs I am struggling to workout what is wrong.

 

Is there anything I can do to increase the logging?

 

Thanks

 

Try changing the config path to /mnt/cache or /mnt/disk

Share this post


Link to post
1 hour ago, aptalca said:

 

Try changing the config path to /mnt/cache or /mnt/disk

Tried changing it to /mnt/cache/appdata/letsencrypt still the same error

 

So there is a symlink of letsencrypt in the dir its complaining about that does not go anywhere

letsencrypt -> ../etc/letsencrypt/live/FooDomain

 

the live dir is where it fails as it does not exist. Do you know what is trying to create that dir?

 

oh also I dont have a /mnt/disk.... I have /mnt/disk1 and mnt/disk2 does that mean I have messed up somehow when installing unraid? This is my first play with it as an evaluation to buying it if it all goes well..... so far this is the only real issue I am having.

 

Thanks

Share this post


Link to post
3 hours ago, Unthred said:

Tried changing it to /mnt/cache/appdata/letsencrypt still the same error

 

So there is a symlink of letsencrypt in the dir its complaining about that does not go anywhere

letsencrypt -> ../etc/letsencrypt/live/FooDomain

 

the live dir is where it fails as it does not exist. Do you know what is trying to create that dir?

 

oh also I dont have a /mnt/disk.... I have /mnt/disk1 and mnt/disk2 does that mean I have messed up somehow when installing unraid? This is my first play with it as an evaluation to buying it if it all goes well..... so far this is the only real issue I am having.

 

Thanks

 

Does your domain name contain any weird characters? You can pm me if you don't want to post it publicly. 

 

I think a user had a similar issue that stemmed from the domain name being different (can't remember exactly how)  that broke the scripts that create the folders 

Share this post


Link to post

I'm currently trying to get lychee working in this docker underneath the www folder and I get "Server error: API not found". Lychee has no issues in apache when accessed locally, but for some reason lychee doesn't want to work correctly when passed over from nginx to apache OR when just using the www folder in letsencrypt. This stuff is literally drag and drop into a www folder and it should work.

 

As for the unraid UI, it seems to completely strip EVERYTHING but some text leaving the page bare and white with some text in one column.

 

Whenever I try to access index.php it just downloads the php file instead of running it.

 

Is there something wrong with this docker when it comes to php? Logs to docker look clean. No errors in log files. whats happening here?

 

Share this post


Link to post
I'm currently trying to get lychee working in this docker underneath the www folder and I get "Server error: API not found". Lychee has no issues in apache when accessed locally, but for some reason lychee doesn't want to work correctly when passed over from nginx to apache OR when just using the www folder in letsencrypt. This stuff is literally drag and drop into a www folder and it should work.
 
As for the unraid UI, it seems to completely strip EVERYTHING but some text leaving the page bare and white with some text in one column.
 
Whenever I try to access index.php it just downloads the php file instead of running it.
 
Is there something wrong with this docker when it comes to php? Logs to docker look clean. No errors in log files. whats happening here?
 
Impossible to say without you posting any config files.

Wouldn't recommend reverse proxying your Unraid webui either.

I have lychee working on it's own subdomain photos.server.com without any issues.

Sent from my LG-H815 using Tapatalk

Share this post


Link to post

I've tried getting unifi passed through (has trouble loading), homeassist (has trouble loading), qbittorrent (502 bad gateway), lychee on apache (loads really big icons on white background out of order), lychee in  www folder (Server error: API not found), and unraid has the same issue as if I were handing off to lychee on apache with all white background some text, but no acutal website.

 

I'll be honest, I've never even used nginx before this docker. Any assistance would be extremely helpful.

 

proxy.conf

default

Edited by Darksurf

Share this post


Link to post

I would appreciate some assistance setting this webserver up to host just a website.  I don't need to access any dockers at this time.

 

I am new to website hosting.  I have setup the duckdns docker and have registered with the site.  I have put my html files on a separate share in unraid.

 

It seems was able to get a key from letenscypt.

 

Which file do I edit, default, to get the server to publish the site

 

 

Share this post


Link to post

sgt_spike you need to edit the "default" file. You can look at the one I have posted previously, but I'll be honest, it doesn't work right for me... I've got PLEX working in reverse proxy and keeweb working as nginx is hosting it, but thats about it... Everything else is broken :(

Share this post


Link to post

hi, as im testing this to change from apache to letsencrypt i start with a questions ;)

 

webdav, when i see this correctly it is builded with the regular webdav where OPTIONS and PROPFIND are missing ...

 

https://github.com/arut/nginx-dav-ext-module

 

any chance to add that module in some way for me into this container ?

Edited by alturismo

Share this post


Link to post
6 minutes ago, alturismo said:

hi, as im testing this to change from apache to letsencrypt i start with a questions ;)

 

webdav, when i see this correctly it is builded with the regular webdav where OPTIONS and PROPFIND are missing ...

 

https://github.com/arut/nginx-dav-ext-module

 

any chance to add that module in some way for me into this container ?

 

Not likely as it stands currently as that requires compiling nginx adding that to the configure stage and we use the apk package manager version of nginx 

Share this post


Link to post
1 minute ago, sparklyballs said:

 

Not likely as it stands currently as that requires compiling nginx adding that to the configure stage and we use the apk package manager version of nginx 

 

ok, thanks for the info, then i better stay as is now ;)

Share this post


Link to post
On 12/4/2017 at 8:34 AM, Darksurf said:

I've tried getting unifi passed through (has trouble loading), homeassist (has trouble loading), qbittorrent (502 bad gateway), lychee on apache (loads really big icons on white background out of order), lychee in  www folder (Server error: API not found), and unraid has the same issue as if I were handing off to lychee on apache with all white background some text, but no acutal website.

 

I'll be honest, I've never even used nginx before this docker. Any assistance would be extremely helpful.

 

proxy.conf

default

 

If I were to post screenshots of what I'm seeing, would that help people diagnose my issue and give me some feedback?

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Copyright © 2005-2018 Lime Technology, Inc.
unRAID® is a registered trademark of Lime Technology, Inc.