openmediavault-letsencrypt

    • OMV 2.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • OhMyVirtual wrote:

      Don't forget that switching to acmetool would be a lot of work for luxflow... He was just trying to help by submitting a patch to get the plugin working on OMV 3.x. He may not have intended to start maintaining plugin.
      omv 4.0.5 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.0.4
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • omv-letsencrpyt is not owned by me
      so If you want to change, then you can change it by yourself
      since I didn't use acmetool before and you know the both certbot and acmetool command, I think you are right person for this job

      here are list of file to be modified I think

      this is for OMV 3.x
      changing command to adapt to acmetool
      github.com/OpenMediaVault-Plug…/rpc/letsencrypt.inc#L259

      removing certbot dependency
      github.com/OpenMediaVault-Plug…f58749/debian/control#L12

      installing and uninstall acmetool for debian OMV in postinst & postrm
      (github.com/hlandau/acme#getting-started)
      github.com/OpenMediaVault-Plug…678f58749/debian/postinst
      github.com/OpenMediaVault-Plug…13678f58749/debian/postrm

      for OMV 2.x, it just same file in same path
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • tinh_x7 wrote:

      @luxflow,

      From what I read, your method is also working on OMV2.
      My OMV-testing repo is enabled, but I don't see your plug-in.
      I'm only seeing this package: OpenMediaVault-letsencrypt 2.4
      I just update original plugin to adapt to OMV 3.x, I didn't add any function at all
      and add another method to setup virtualhost for letsencrypt
      In OMV 2.x, I just patch small bug that's all
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details

      The post was edited 1 time, last by luxflow ().

    • Bambuleee wrote:

      I want to use the cert for web ui and emby.
      OMV webui is working fine, but how can I use it fpr the emby webui?
      Can I choose the same cert-file like omv is using? (because of the renewal, I want to use the same one)
      If I can do it this way, where is it located in the filesystem?
      you can't automatically because omv-emby doesn't support it (I'm not sure omv-emby plugins will support it)
      but you can manually apply ssl

      you have two options for emby (other plugins is also simmilar)

      1. use app specific ssl option
      emby/manage server/advanced/custom cerficates path
      in case emby, emby uses pfx format, but letsencrypt provide pem
      you need to convert it from pem to pfx and change permission so user emby can read

      your cert is located in /etc/letsencrypt/live which is renewed automatically

      (maybe using cron?)

      2. setup reverse proxy for emby (recommend)
      put it /etc/nginx/sites-enabled/emby
      change text inside `<>` accoring to your environment

      add this line to /etc/default/openmediavault
      OMV_NGINX_SITE_WEBGUI_SERVERNAME="<your domain for omv webui like webui.example.org>"

      Source Code

      1. server {
      2. server_name <domain.example.org>;
      3. listen 80;
      4. rewrite ^ https://<domain.example.org>$request_uri? permanent;
      5. }
      6. server {
      7. server_name <domain.example.org>;
      8. listen 443 ssl spdy;
      9. ssl_certificate /etc/letsencrypt/live/<your domain>/fullchain.pem;
      10. ssl_certificate_key /etc/letsencrypt/live/<your domain>/privkey.pem;
      11. ssl_prefer_server_ciphers On;
      12. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      13. ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
      14. resolver 8.8.8.8 8.8.4.4 valid=300s;
      15. resolver_timeout 5s;
      16. keepalive_timeout 180;
      17. # This is for strict transport security HSTS
      18. # add_header Strict-Transport-Security max-age=31536000;
      19. client_max_body_size 1024M;
      20. location / {
      21. # Send traffic to the backend
      22. proxy_pass http://127.0.0.1:8096;
      23. proxy_set_header X-Real-IP $remote_addr;
      24. proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
      25. proxy_set_header Host $host;
      26. proxy_set_header X-Forwarded-Proto $remote_addr;
      27. proxy_set_header X-Forwarded-Protocol $scheme;
      28. proxy_redirect off;
      29. # Send websocket data to the backend aswell
      30. proxy_http_version 1.1;
      31. proxy_set_header Upgrade $http_upgrade;
      32. proxy_set_header Connection "upgrade";
      33. }
      34. }
      Display All
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details

      The post was edited 8 times, last by luxflow ().

    • Option 1 sounds great. I will try. THX

      Works fine. For everybody the cron:

      Source Code

      1. /etc/init.d/emby stop
      2. openssl pkcs12 -inkey /etc/letsencrypt/live/hostname.dyndns.de/privkey.pem -in /etc/letsencrypt/live/hostname.dyndns.de/fullchain.pem -export -out /media/balbla/emby/ssl/hostname.dyndns.de.pfx -passout pass:
      3. chown -c emby /media/blabla/emby/ssl/hostname.dyndns.de.pfx
      4. /etc/init.d/emby start

      The post was edited 2 times, last by Bambuleee ().

    • tinh_x7 wrote:

      SlashOpt wrote:

      lulu99 wrote:

      I now have also this error when I want to renew with an additional domain:

      >>> *************** Error ***************
      The configuration object is in use
      <<< *************************************

      Any ideas?

      Regards lulu
      The reason for this is that you have the certificate in use in OMV (I know, this is the reason why you use the plugin in the first place ;) ) I faced the same issue and the way I resolved it is to switch OMV to use a self-signed certificate then (re-)create the LE certificate. Unfortunately, even though I succeeded with the re-creation of the certificate and I do find a new one in /etc/letsencrypt/live, it did not make it into OMV's config file and I will have to edit the file manually so I have the new certificate available for OMV. I do have the strange feeling the plugin does not (always) work as expected.
      I might write a script to do that if I find the time as I'm using the certificate for two OMV systems and create the cert on one of them so the "problem" to add the cert into OMV's config is the same ;)

      Regards,
      SlashOpt
      I'm using a self-cert for OMV, and LE for my webservers, but I'm still having this error.
      I've to deleted the files in CSR and keys folders, and un-install the plugin to generate new certs.

      Guys,

      I'm trying to renew my cert a little earlier before the expiration date, but I encountered the "The Configuration object is in use."
      Is there a work around for this?

      Thanks.
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10
    • tinh_x7 wrote:

      I'm trying to renew my cert a little earlier before the expiration date, but I encountered the "The Configuration object is in use."
      Is there a work around for this?
      it seems it is desired behavior rather than bug
      to renew domain, add additional subdomain,
      just press `run` `omv-letsencrypt` in Schedule jobs tab
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • Hi ,

      I have this problem with plugin letencrypt OMV 2.2.1


      Source Code

      1. Suggested packages:
      2. augeas-doc augeas-tools
      3. The following packages will be upgraded:
      4. augeas-lenses libaugeas0
      5. 2 upgraded, 0 newly installed, 0 to remove and 127 not upgraded.
      6. Need to get 986 kB of archives.
      7. After this operation, 380 kB of additional disk space will be used.
      8. WARNING: The following packages cannot be authenticated!
      9. augeas-lenses libaugeas0
      10. E: There are problems and -y was used without --force-yes
      I want to know where i can find this logs

      / var /log /
      ls

      alternatives.log boot.3.gz debug.2.gz fail2ban.log.2.gz mail.err.1 mail.warn.2.gz php5-fpm.log.10.gz smartd.log user.log
      alternatives.log.1 boot.4.gz debug.3.gz fail2ban.log.3.gz mail.err.2.gz mail.warn.3.gz php5-fpm.log.11.gz syslog user.log.1
      alternatives.log.2.gz bootstrap.log debug.4.gz fail2ban.log.4.gz mail.err.3.gz mail.warn.4.gz php5-fpm.log.2.gz syslog.1 user.log.2.gz
      alternatives.log.3.gz btmp dmesg fail2ban.log.5.gz mail.info messages php5-fpm.log.3.gz syslog.2.gz user.log.3.gz
      alternatives.log.4.gz btmp.1 dmesg.0 faillog mail.info.1 messages.1 php5-fpm.log.4.gz syslog.3.gz user.log.4.gz
      apt clamav dmesg.1.gz fontconfig.log mail.info.2.gz messages.2.gz php5-fpm.log.5.gz syslog.4.gz watchdog
      auth.log ConsoleKit dmesg.new fsck mail.info.3.gz messages.3.gz php5-fpm.log.6.gz syslog.5.gz wtmp
      auth.log.1 cron-apt dpkg.log kern.log mail.info.4.gz messages.4.gz php5-fpm.log.7.gz syslog.6.gz wtmp.1
      auth.log.2.gz daemon.log dpkg.log.1 kern.log.1 mail.log monit.log php5-fpm.log.8.gz syslog.7.gz
      auth.log.3.gz daemon.log.1 dpkg.log.2.gz kern.log.2.gz mail.log.1 news php5-fpm.log.9.gz tallylog
      auth.log.4.gz daemon.log.2.gz dpkg.log.3.gz kern.log.3.gz mail.log.2.gz nginx proftpd transmissionbt.log
      boot daemon.log.3.gz dpkg.log.4.gz kern.log.4.gz mail.log.3.gz ntpstats pycentral.log transmissionbt.log.1
      boot.0 daemon.log.4.gz dpkg.log.5.gz lastlog mail.log.4.gz openmediavault regen_ssh_keys.log transmissionbt.log.2.gz
      boot.1.gz debug fail2ban.log lpr.log mail.warn php5-fpm.log rsyncd.log transmissionbt.log.3.gz
      boot.2.gz debug.1 fail2ban.log.1 mail.err mail.warn.1 php5-fpm.log.1 samba transmissionbt.log.4.gz

      Thanks