openmediavault-letsencrypt

    • OMV 3.x
    • I don't know…

      For me, I'm with a 4.14 kernel from the backports repo, which installed me certbot v0.23 as I suppose, which is running with python 3.x
      At the moment, this should work as it seems that I have the necessary packages to… but there is a mystery that I have to understand before my cert expired… :(
      Lian Li PC-V354 with Be Quiet fans | Gigabyte GA-G33M-DS2R | Intel E8400@3,6Ghz | 6GB DDR2 RAM
      1x500MB SSD for System/Backup | 7x2To HDD with ZFS RAIDz2 for Datas/Snapshots
      Powered by OMV v4.1.7 / Kernel 4.16.x / ZFS 0.7.9
    • tomspatz wrote:

      OK so whats the way to fix it.
      OMV 3.x isn't using the same version of certbot. So, your issue is different.
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      tomspatz wrote:

      OK so whats the way to fix it.
      OMV 3.x isn't using the same version of certbot. So, your issue is different.
      hmmmmmmm
      so sorry but maybe i did not have a problem with this. :(
      I only want to know about the automaticly renewal of the certificate and found this post. Of course the cert may be extended manualy before it expired.
      As I understand there is a cron job for this. Maybe I have set something wrong and have to correct this.
      u are welcome to give me a little help ;)
      Is there a possibility to check this before the certificate expired?

      thx
    • tomspatz wrote:

      u are welcome to give me a little help
      Is there a possibility to check this before the certificate expired?
      OMV 3.x and 4.x use the same version of the plugin just a different version of certbot. So, you should have a cron job here - /etc/cron.d/openmediavault-letsencrypt
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Source Code

      1. # this file was automatically generated
      2. @monthly root omv-rpc "LetsEncrypt" "generateCertificate" "{\"command\":\"renew\"}" >/dev/null 2>&1
      Yes the code above exists under this path. So the cert should be renewed monthly as I understand, but in omv Zertifikate tab /SSL shows me that it will expire on 13.06.2018.
      Some posts above u wrote about a hint with the reneval of the certs in omv3 now I am completely distracted.
    • tomspatz wrote:

      Yes the code above exists under this path. So the cert should be renewed monthly as I understand, but in omv Zertifikate tab /SSL shows me that it will expire on 13.06.2018.
      Some posts above u wrote about a hint with the reneval of the certs in omv3 now I am completely distracted.
      I guess I try to block out the 3.x version since it doesn't update the private cert when renewing. The easiest fix in OMV 3.x is to delete the cert, uninstall the plugin and then re-install it.
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • I cannot reach OpenMediaVault or other services using NGinx. I tried to restart NGinx with PuTTy, but I get this error:

      Source Code

      1. Jun 04 07:43:32 nas nginx[10334]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-81f7b250-cc5b-4220-8ce9-43b5d220dab7.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
      I have no idea how to fix this?
    • joq3 wrote:

      I have no idea how to fix this?
      You are probably using OMV 3.x. This is a known bug because the private key is not updated when the new cert is generated.
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • joq3 wrote:

      Yes I am, is there a fix?
      Upgrade to OMV 4.x is the best fix. Otherwise manually copying the new private cert from the letsencrypt directory to /etc/ssl/private/openmediavault-81f7b250-cc5b-4220-8ce9-43b5d220dab7.key should fix it.
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • joq3 wrote:

      Can you upgrade to 4.0 without reinstalling anything?
      Yes unless you have an omv-extras plugin that hasn't been ported to OMV 4.x. Those should be removed before upgrading.
      omv 4.1.11 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • sbocquet wrote:

      I don't know…

      For me, I'm with a 4.14 kernel from the backports repo, which installed me certbot v0.23 as I suppose, which is running with python 3.x
      At the moment, this should work as it seems that I have the necessary packages to… but there is a mystery that I have to understand before my cert expired… :(
      OK... I found the problem with the letsencrypt forum...

      So, as always, it was so simple that I haven't though of it (RTFM !).

      My port 80 was only opened to my internal network in the firewall, and certbot need a file to be seen globally in order to renew the certificat.
      So I opened the port 80, renew my cert and closed it after.

      I have just asked if this can be done through HTTPS, else I will do the same in 90 days...
      Lian Li PC-V354 with Be Quiet fans | Gigabyte GA-G33M-DS2R | Intel E8400@3,6Ghz | 6GB DDR2 RAM
      1x500MB SSD for System/Backup | 7x2To HDD with ZFS RAIDz2 for Datas/Snapshots
      Powered by OMV v4.1.7 / Kernel 4.16.x / ZFS 0.7.9
    • My cert will expire on August 15., up till now its not automaticly renewed. When I start a manual renewal I get:

      Brainfuck Source Code

      1. Command: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /usr/bin/certbot renew 2>&1
      2. Cert exists: 1
      3. Saving debug log to /var/log/letsencrypt/letsencrypt.log
      4. -------------------------------------------------------------------------------
      5. Processing /etc/letsencrypt/renewal/xxx.de.conf
      6. -------------------------------------------------------------------------------
      7. Cert is due for renewal, auto-renewing...
      8. Plugins selected: Authenticator webroot, Installer None
      9. Renewing an existing certificate
      10. Performing the following challenges:
      11. http-01 challenge for xxx.de
      12. Waiting for verification...
      13. Challenge failed for domain xxx.de
      14. Cleaning up challenges
      15. Attempting to renew cert (xxx.de) from /etc/letsencrypt/renewal/xxx.de.conf produced an unexpected error: Challenges failed for all domains. Skipping.
      16. All renewal attempts failed. The following certs could not be renewed:
      17. /etc/letsencrypt/live/xxx.de/fullchain.pem (failure)
      18. -------------------------------------------------------------------------------
      19. All renewal attempts failed. The following certs could not be renewed:
      20. /etc/letsencrypt/live/xxx/fullchain.pem (failure)
      21. -------------------------------------------------------------------------------
      22. 1 renew failure(s), 0 parse failure(s)
      23. Fertig...
      Display All

      Debug Log looks like this:

      Source Code

      1. 2018-07-22 02:46:26,669:DEBUG:certbot.main:certbot version: 0.25.0
      2. 2018-07-22 02:46:26,672:DEBUG:certbot.main:Arguments: ['-q']
      3. 2018-07-22 02:46:26,674:DEBUG:certbot.main:Discovered plugins: PluginsRegistry($
      4. 2018-07-22 02:46:26,704:DEBUG:certbot.log:Root logging level set at 30
      5. 2018-07-22 02:46:26,707:INFO:certbot.log:Saving debug log to /var/log/letsencry$
      6. 2018-07-22 02:46:26,734:DEBUG:certbot.plugins.selection:Requested authenticator$
      7. 2018-07-22 02:46:26,752:DEBUG:certbot.storage:Should renew, less than 30 days b$
      8. 2018-07-22 02:46:26,752:INFO:certbot.renewal:Cert is due for renewal, auto-rene$
      9. 2018-07-22 02:46:26,752:DEBUG:certbot.plugins.selection:Requested authenticator$
      10. 2018-07-22 02:46:26,753:DEBUG:certbot.plugins.selection:Single candidate plugin$
      11. Description: Place files in webroot directory
      12. Interfaces: IAuthenticator, IPlugin
      13. Entry point: webroot = certbot.plugins.webroot:Authenticator
      14. Initialized: <certbot.plugins.webroot.Authenticator object at xxxxxxxxxx>
      15. Prep: True
      16. 2018-07-22 02:46:26,756:DEBUG:certbot.plugins.selection:Selected authenticator $
      17. 2018-07-22 02:46:26,756:INFO:certbot.plugins.selection:Plugins selected: Authen$
      18. 2018-07-22 02:46:26,763:DEBUG:certbot.main:Picked account: <Account(Registratio$
      19. 2018-07-22 02:46:26,768:DEBUG:acme.client:Sending GET request to https://acme-v$
      Display All


      I checked my webroot for the presense of .well-known/acme-challenge, it was not there, so I created these folders new, but get the same error. I also checked my portmapping for port 80, it active and pointing to my webroot.

      The cert is listed under certs-tab in OMV4-web-gui and used with nginx. Do I have to "unmount" the cert from nginx for the renewal or is there something else to get this thing, especially auto renewals, working?

      I know there was an issue with auto-renewals with OMV3, but I thought this was solved with OMV4. My OMV4 is fully patched btw.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett

      The post was edited 1 time, last by riff-raff ().

    • check your ports (443 and 80) must by redirect to your NAS to letsencrypt renew work, once done you can revert to other config.

      For me the pluging works as expected, I renew 2 Nas on last 2 weeks sucesfully.
      OMV 4.1.11 x64 on a HP T510, 16GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
      Dockers: MLDonkey ; PiHole ; weTTY
      Videos: @TechnoDadLife
    • As I said in post before, I checked my port mapping already, 443 and 80 point to my web root. There was no change since requesting the initial cert.

      Neither did I change the configuration since requesting the initial cert
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett