openmediavault-letsencrypt

    • OMV 2.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • `datetime timezone issue in service logs` is fixed
      and will be released in next version (3.2)
      as soon as @ryecoaaron upload binary

      if you don't want to wait, just install manually 3.2 right now (see attachment)

      thanks for reporting
      Files
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details

      The post was edited 2 times, last by luxflow ().

    • I cannot understand your problem
      Please describe more detail what is your issue and what you did also what you want

      You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
      omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration

      enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • luxflow wrote:

      I cannot understand your problem
      Please describe more detail what is your issue and what you did also what you want

      You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
      omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration

      enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate


      Okay.. Then everything is like it should. Ty very much.. !!
      HP Microserver Gen 8 | 10GB RAM | 12TB WD red (snapraid) | OMV 3.x (latest) | DD Cine S2 V6.5
    • openmediavault-letsencrypt

      I generated a New certificate in LE but i get errors. Certificate is okay but if i choose it in the Main settings i got this error. Regenerating tells certificate is okay. hint: I use backports kernel...


      HP Microserver Gen 8 | 10GB RAM | 12TB WD red (snapraid) | OMV 3.x (latest) | DD Cine S2 V6.5

      The post was edited 1 time, last by Ruschi ().

    • Source Code

      1. #completely remove old letsencrypt
      2. apt-get purge openmediavault-letsencrypt
      3. #remove letsencrypt directory
      4. rm -rf /etc/letsencrypt
      5. #reinstall
      6. apt-get install openmediavault-letsencrypt
      @Ruschi
      First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
      After that try generate letsencrypt cert again
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • luxflow wrote:

      and will be released in next version (3.2)
      as soon as @ryecoaaron upload binary
      Missed that note. 3.2 is in testing repo. Not sure if it should be in regular repo or not?
      omv 4.0.5 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.0.2
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • luxflow wrote:

      Source Code

      1. #completely remove old letsencrypt
      2. apt-get purge openmediavault-letsencrypt
      3. #remove letsencrypt directory
      4. rm -rf /etc/letsencrypt
      5. #reinstall
      6. apt-get install openmediavault-letsencrypt
      @Ruschi
      First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
      After that try generate letsencrypt cert again


      "Because I'm happy"

      this worked.
      Now I can choose it. Great..
      HP Microserver Gen 8 | 10GB RAM | 12TB WD red (snapraid) | OMV 3.x (latest) | DD Cine S2 V6.5
    • luxflow wrote:

      googling following keyword

      tvserver nginx reverse proxy
      couchpotato nginx reverse proxy
      nextcloud nginx reverse proxy

      give you application specific reverse proxy configuration

      if you use same domain, only different thing is path (/tvserver /couchpotato /nextcloud)
      you just get only one cert from LE for that domain
      In which .conf do I now have to put in the proxy_pass configuration?
      what about this folder /.well-known/acme-challange/

      My proxy_pass looks like this.

      #tvheadend
      server {
      listen [::]:80;
      server_name nas.xxxxxx.com 192.168.178.20;
      location /tvheadend {
      proxy_set_header HOST $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass 127.0.0.1:9981;
      }
      }
      HP Microserver Gen 8 | 10GB RAM | 12TB WD red (snapraid) | OMV 3.x (latest) | DD Cine S2 V6.5
      1. first install omv-nginx
      2. add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
      3. omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)
      Images
      • nginx.PNG

        92.43 kB, 598×898, viewed 96 times
      • nginx2.PNG

        60.69 kB, 591×896, viewed 88 times
      OMV3 on Proxmox
      Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
      omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
      Click link for more details
    • luxflow wrote:

      1. first install omv-nginx
      2. add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
      3. omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)

      ty very much..

      It works but I get an 404 error.. but i read that this is more a "problem" of Tvheadend. I have to read more.
      I also did a SSL test yesterday .. looks good but the key exchange is weak. I should use the diffie-hellman params.
      HP Microserver Gen 8 | 10GB RAM | 12TB WD red (snapraid) | OMV 3.x (latest) | DD Cine S2 V6.5
    • 2 things relating to the plugin on OMV;

      - Qualys TLS check rightfully rates the cert with a B ("This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.")
      - The server Key is only 2048 bit, while I'd prefer RSA 4096 bits (e 65537), like, for example, on this test.


      Sure, I can change nginx config manually, but it gets overwritten at every OMV update, so that's a bad idea.. hence the reason I mention this here.


      Thanks in advance for improvements on this TLS implementation for OMV.