Guys,
I'm only seeing OpenMediaVault-letsencrypt 2.4 in the plugins.
I don't see the new plugin in there.
By the way, is this new method will conflict with my current LE ?
Guys,
I'm only seeing OpenMediaVault-letsencrypt 2.4 in the plugins.
I don't see the new plugin in there.
By the way, is this new method will conflict with my current LE ?
Working now, thanks
Don't forget that switching to acmetool would be a lot of work for luxflow... He was just trying to help by submitting a patch to get the plugin working on OMV 3.x. He may not have intended to start maintaining plugin.
omv-letsencrpyt is not owned by me
so If you want to change, then you can change it by yourself
since I didn't use acmetool before and you know the both certbot and acmetool command, I think you are right person for this job
here are list of file to be modified I think
this is for OMV 3.x
changing command to adapt to acmetool
https://github.com/OpenMediaVa…/rpc/letsencrypt.inc#L259
removing certbot dependency
https://github.com/OpenMediaVa…f58749/debian/control#L12
installing and uninstall acmetool for debian OMV in postinst & postrm
(https://github.com/hlandau/acme#getting-started)
https://github.com/OpenMediaVa…678f58749/debian/postinst
https://github.com/OpenMediaVa…13678f58749/debian/postrm
for OMV 2.x, it just same file in same path
From what I read, your method is also working on OMV2.
My OMV-testing repo is enabled, but I don't see your plug-in.
I'm only seeing this package: OpenMediaVault-letsencrypt 2.4
I just update original plugin to adapt to OMV 3.x, I didn't add any function at all
and add another method to setup virtualhost for letsencrypt
In OMV 2.x, I just patch small bug that's all
I want to use the cert for web ui and emby.
OMV webui is working fine, but how can I use it fpr the emby webui?
Can I choose the same cert-file like omv is using? (because of the renewal, I want to use the same one)
If I can do it this way, where is it located in the filesystem?
I want to use the cert for web ui and emby.
OMV webui is working fine, but how can I use it fpr the emby webui?
Can I choose the same cert-file like omv is using? (because of the renewal, I want to use the same one)
If I can do it this way, where is it located in the filesystem?
you can't automatically because omv-emby doesn't support it (I'm not sure omv-emby plugins will support it)
but you can manually apply ssl
you have two options for emby (other plugins is also simmilar)
1. use app specific ssl option
emby/manage server/advanced/custom cerficates path
in case emby, emby uses pfx format, but letsencrypt provide pem
you need to convert it from pem to pfx and change permission so user emby can read
your cert is located in /etc/letsencrypt/live which is renewed automatically
(maybe using cron?)
2. setup reverse proxy for emby (recommend)
put it /etc/nginx/sites-enabled/emby
change text inside `<>` accoring to your environment
add this line to /etc/default/openmediavault
OMV_NGINX_SITE_WEBGUI_SERVERNAME="<your domain for omv webui like webui.example.org>"
server {
server_name <domain.example.org>;
listen 80;
rewrite ^ https://<domain.example.org>$request_uri? permanent;
}
server {
server_name <domain.example.org>;
listen 443 ssl spdy;
ssl_certificate /etc/letsencrypt/live/<your domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your domain>/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
keepalive_timeout 180;
# This is for strict transport security HSTS
# add_header Strict-Transport-Security max-age=31536000;
client_max_body_size 1024M;
location / {
# Send traffic to the backend
proxy_pass http://127.0.0.1:8096;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_redirect off;
# Send websocket data to the backend aswell
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Alles anzeigen
Option 1 sounds great. I will try. THX
Works fine. For everybody the cron:
/etc/init.d/emby stop
openssl pkcs12 -inkey /etc/letsencrypt/live/hostname.dyndns.de/privkey.pem -in /etc/letsencrypt/live/hostname.dyndns.de/fullchain.pem -export -out /media/balbla/emby/ssl/hostname.dyndns.de.pfx -passout pass:
chown -c emby /media/blabla/emby/ssl/hostname.dyndns.de.pfx
/etc/init.d/emby start
Ok, after you imported the pfx into Emby server, then browse for cert in "custom certificate path" in Emby server advanced settings.
Then restart Emby.
Now, Emby app let you connect via HTTPS.
Right.
And no need to renew it manually.
I'm using a self-cert for OMV, and LE for my webservers, but I'm still having this error.
I've to deleted the files in CSR and keys folders, and un-install the plugin to generate new certs.
Guys,
I'm trying to renew my cert a little earlier before the expiration date, but I encountered the "The Configuration object is in use."
Is there a work around for this?
Thanks.
it is obvious bug
will be fixed when I have free time or other dev
====
it is not bug
see below
Ok, how many days before the expiration does LE cron job auto renew?
30 days before expire I think
I'm trying to renew my cert a little earlier before the expiration date, but I encountered the "The Configuration object is in use."
Is there a work around for this?
it seems it is desired behavior rather than bug
to renew domain, add additional subdomain,
just press `run` `omv-letsencrypt` in Schedule jobs tab
Got it to work.
Thanks.
Hi ,
I have this problem with plugin letencrypt OMV 2.2.1
Source Code
I want to know where i can find this logs
/ var /log /
ls
alternatives.log boot.3.gz debug.2.gz fail2ban.log.2.gz mail.err.1 mail.warn.2.gz php5-fpm.log.10.gz smartd.log user.log
alternatives.log.1 boot.4.gz debug.3.gz fail2ban.log.3.gz mail.err.2.gz mail.warn.3.gz php5-fpm.log.11.gz syslog user.log.1
alternatives.log.2.gz bootstrap.log debug.4.gz fail2ban.log.4.gz mail.err.3.gz mail.warn.4.gz php5-fpm.log.2.gz syslog.1 user.log.2.gz
alternatives.log.3.gz btmp dmesg fail2ban.log.5.gz mail.info messages php5-fpm.log.3.gz syslog.2.gz user.log.3.gz
alternatives.log.4.gz btmp.1 dmesg.0 faillog mail.info.1 messages.1 php5-fpm.log.4.gz syslog.3.gz user.log.4.gz
apt clamav dmesg.1.gz fontconfig.log mail.info.2.gz messages.2.gz php5-fpm.log.5.gz syslog.4.gz watchdog
auth.log ConsoleKit dmesg.new fsck mail.info.3.gz messages.3.gz php5-fpm.log.6.gz syslog.5.gz wtmp
auth.log.1 cron-apt dpkg.log kern.log mail.info.4.gz messages.4.gz php5-fpm.log.7.gz syslog.6.gz wtmp.1
auth.log.2.gz daemon.log dpkg.log.1 kern.log.1 mail.log monit.log php5-fpm.log.8.gz syslog.7.gz
auth.log.3.gz daemon.log.1 dpkg.log.2.gz kern.log.2.gz mail.log.1 news php5-fpm.log.9.gz tallylog
auth.log.4.gz daemon.log.2.gz dpkg.log.3.gz kern.log.3.gz mail.log.2.gz nginx proftpd transmissionbt.log
boot daemon.log.3.gz dpkg.log.4.gz kern.log.4.gz mail.log.3.gz ntpstats pycentral.log transmissionbt.log.1
boot.0 daemon.log.4.gz dpkg.log.5.gz lastlog mail.log.4.gz openmediavault regen_ssh_keys.log transmissionbt.log.2.gz
boot.1.gz debug fail2ban.log lpr.log mail.warn php5-fpm.log rsyncd.log transmissionbt.log.3.gz
boot.2.gz debug.1 fail2ban.log.1 mail.err mail.warn.1 php5-fpm.log.1 samba transmissionbt.log.4.gz
Thanks
Are you using puppet? I can't think of anything else that uses augeas-lenses.
no i don't using puppet , i installed letencrypt in my NAS OMV 2.2.1 to secure access from external but it doesn't work with valid https ?
thanks
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!