openmediavault-letsencrypt

    I'm having a problem with a few of my subdomains when generating/renewing certificates.
    According to one of the Certbot engineers on the LetsEncrypt community it might have something to do with this plugin.
    https://community.letsencrypt.…-invalid-response/44873/5


    Check out the thread here, and ignore the error: "There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:". It is from me retrying to many times.


    Can one of the developers help me check this out, because he seems to think this might be a plugin problem.
    Thank you!

    • Offizieller Beitrag
    Zitat von joq3

    Can one of the developers help me check this out, because he seems to think this might be a plugin problem.

    I wish there was someone else working on this because this is difficult for me to fix since I don't use it. That said, if you look at this line, the plugin is passing the webroot that you specify to certbot. I don't know how else this could be done. This is exactly that same as what the plugin used to do - link

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von ryecoaaron

    I wish there was someone else working on this because this is difficult for me to fix since I don't use it. That said, if you look at this line, the plugin is passing the webroot that you specify to certbot. I don't know how else this could be done. This is exactly that same as what the plugin used to do - link

    Hi ryecoaaron, I'm thankful for the plugin you have made. Sadly I am of no use with helping, but I have tried my best to find out what is missing.
    See the latest replies from the Certbot engineer/developer here:
    https://community.letsencrypt.…invalid-response/44873/10

    • Offizieller Beitrag
    Zitat von joq3

    See the latest replies from the Certbot engineer/developer here:

    Well, I can tell what needs to be fixed now. I'm a bit surprised that no one has run into this issue before since the plugin has never supported multiple webroots. It will need a lot of changes to accommodate this correctly.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von ryecoaaron

    Well, I can tell what needs to be fixed now. I'm a bit surprised that no one has run into this issue before since the plugin has never supported multiple webroots. It will need a lot of changes to accommodate this correctly.

    Yes that is very weird, and I was able to make it work for quite a few domains too.
    I just realised another thing. Is it neccessary for OMV to run on port 80?
    I have changed the port to 70.


    Regarding this info: "Port 80 must be open for Let's Encrypt to verify your domain."


    I have port 80 open, but OMV is not on port 80 anymore.


    Also what's the webroot supposed to point at? My Nginx (websites) locations, like this: "/srv/91a2af43-24c7-475f-b28b-3cb663d2aa7e/Media/OMV/Web/www/"? or the standard "/var/www/openmediavault/"?
    Thank you!

    • Offizieller Beitrag
    Zitat von joq3

    Is it neccessary for OMV to run on port 80?

    Nope.


    Zitat von joq3

    Also what's the webroot supposed to point at?

    You are asking the guy who doesn't use it :) After reading the documentation more, they verify that the file is in the webroot for the domain. If you are getting a cert for you OMV web interface, then the webroot would be /var/www/openmediavault. If you are getting a cert for a domain setup in the nginx plugin, you would have /srv/91a2af43-24c7-475f-b28b-3cb663d2aa7e/Media/OMV/Web/www/ for the webroot.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von ryecoaaron

    Nope.

    You are asking the guy who doesn't use it :) After reading the documentation more, they verify that the file is in the webroot for the domain. If you are getting a cert for you OMV web interface, then the webroot would be /var/www/openmediavault. If you are getting a cert for a domain setup in the nginx plugin, you would have /srv/91a2af43-24c7-475f-b28b-3cb663d2aa7e/Media/OMV/Web/www/ for the webroot.

    Great!
    Yes I understand you don't use it, but I'm just trying to figure out why this problem isn't more widespread than it is.


    Another thing, does the Let's Encrypt plugin support multiple domain-names? I know it does work quite well with subdomains (apart from the problems we're discussing). But will it work if I add another domain, or do I need two seperate certs? If so, how do I set it up with this plugin?
    To clarify, right now I have domain.com, sub1.domain.com.... and I want to add domain2.com and sub.domain2.com to this.


    Thank you!

    • Offizieller Beitrag
    Zitat von joq3

    does the Let's Encrypt plugin support multiple domain-names?

    The example here shows two domains and the comment below the domain textbox says you can.

    Zitat von joq3

    If so, how do I set it up with this plugin?

    If you need more than one webroot, you can't right now until I change the plugin. If you don't, then just separate the domain with commas like the comment says.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Hallo Guys, i end up with


    "Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for xxx.org
    Using the webroot path /srv/dev-disk-by-id-ata-ADATA_SP900_2G0920019205-part3/www/nextcloud for all unmatched domains.
    Waiting for verification...
    Challenge failed for domain xxx.org
    Cleaning up challenges
    Challenges failed for all domains
    Fertig..."


    what am i doing wrong here?


    EDIT
    Ok, i got it working - had to stop my NGINX Server to get it working. Stupid beginner Mistake.
    WORKING PERFECTLY NOW with Nextcloud 12.0.3

    • Offizieller Beitrag
    Zitat von joq3

    If so, how do I set it up with this plugin?

    I just pushed the multiple webroot change to the omv 3.x testing repo and omv 4.x repo. Try it out and let me know if it is working.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Another note, I found a place (multiple domains and webroots) I can actually use the letsencrypt plugin. So, I should be a little better at testing now :)

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von ryecoaaron

    I just pushed the multiple webroot change to the omv 3.x testing repo and omv 4.x repo. Try it out and let me know if it is working.

    I just did my first test, no success :(
    This is the log (I have added an extra domain now):



    This part of the log is weird too:
    "Using the webroot path /srv/91a2af43-24c7-475f-b28b-3cb663d2aa7e/Media/OMV/Web/dev3 for all unmatched domains" I have not selected that.


    And the weird thing is that it fails on the same things every time.
    "Challenge failed for domain dev3.boxstudio.se
    Challenge failed for domain dev2.boxstudio.se
    Challenge failed for domain dev1.boxstudio.se
    Challenge failed for domain boxstudio.se
    Challenge failed for domain media.linkd.se
    Challenge failed for domain http://www.boxstudio.se"


    Everything here except media.linkd.se is for Nginx (websites) which I have set the webroot to the locations of the web files.
    And media.linkd.se is set to "/var/lib/docker/overlay2/9c456d9636e71fbf11f2e3e1f3720380b8f721abf112807dd5e4a70a3a05901f/diff/opt/ombi/Views/" which I think is the webroot of Ombi, but I am not sure.


    Where do I find the OpenVPN Access Server webroot?


    Also this error is weird: "OSError: [Errno 2] No such file or directory: '/etc/letsencrypt/renewal/linkd.se/boxstudio.se.conf'" I deleted the old certificate completely before pressing generate, to avoid problems.

    Now everything is going to shit here. I wanted a completely fresh try. So I went and deleted every Server in NGinx Websites, deleted the old certificate and deleted Let's Encrypt plugin. And also the Nginx (websites) plugin.
    But when uninstalling Nginx (websites) I got this error:


    I click Close, and page reloads, then I get these errors: "RPC service 'PhpFpm' not found." and "RPC service 'Nginx' not found.".
    The plugin is gone, and if I reinstall it, and try to enable it, this error occurs:
    "An error has occured" without any explaination at all when I press more info, it is empty.


    So now I am stuck, I've made everything worse than before, I can't get Nginx (websites) to work at all.
    And if I try to generate a new certificate after all this, this is the turnout (challenge fails for every domain):



    EDIT: I did try after clearing cookies (private window), same issues.

    • Offizieller Beitrag

    The plugin works on my sites except for one. Not sure why but I couldn't investigate (my internet was out for almost 12 hours yesterday).


    Did you fill in everything on the Settings tab? I added a name field so the cert filename doesn't use the first domain.


    I have no idea how to find the webroot of a docker plugin.

    Zitat von joq3

    "Using the webroot path /srv/91a2af43-24c7-475f-b28b-3cb663d2aa7e/Media/OMV/Web/dev3 for all unmatched domains" I have not selected that.

    Not sure why it would do that. That would be a good question for certbot people. I need to add the command line command that the plugin uses to show the certbot people what we are using.


    Sounds like your nginx/php-fpm config is messed and/or omv is partial uninstalled. What is the output of: dpkg -l | grep openm

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Not a fun day yesterday, without internet ;)


    Yes, I have filled in name, I called it NAS this time (not the same name as before), also used a new email.


    I understand that, I will try to look inside all the folders.


    I figured out the part why it used that adress for the unmatched domains, it will use the last domain you add, so I changed it so my main domain is at the bottom of the list and it will be choosen for unmatched domains.


    This is the output:



    (This output is after I installed the nginx plugin again).

    And this happened now when I tried to uninstall the plugin, another error:


    Now the output is like this:


    EDIT: But the Nginx (websites still shows up in OMV).
    And gives me these errors when trying to access it:
    "RPC service 'Nginx' not found."
    "RPC service 'PhpFpm' not found."

    • Offizieller Beitrag

    I would try:


    omv-mkconf nginx
    omv-mkconf php5fpm
    systemctl restart nginx
    systemctl restart php5-fpm


    nginx still showing up in OMV is a browser cache issue. Try control-shift-R

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    2 Mal editiert, zuletzt von ryecoaaron ()

    Tried it (with Nginx uninstalled), the result:

    Code
    root@nas:~# omv-mkconf nginx
root@nas:~# omv-mkconf php-fpm
ERROR: The script '/usr/share/openmediavault/mkconf/php-fpm' does not exist
root@nas:~# systemctl restart nginx
root@nas:~# systemctl restart php5-fpm
    • Offizieller Beitrag

    I had a typo with omv-mkconf php5-fpm. Retry the commands. Do an omv-aptclean as well and post the output of: ls -al /var/www/openmediavault/js/omv/module/admin/service/

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von ryecoaaron

    I had a typo with omv-mkconf php5-fpm. Retry the commands. Do an omv-aptclean as well and post the output of: ls -al /var/www/openmediavault/js/omv/module/admin/service/

    Typo again I think, I had to do this:
    omv-mkconf nginx

    omv-mkconf php5fpm
    systemctl restart nginx

    systemctl restart php5-fpm


    This is the output:

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden