openmediavault-letsencrypt

  • I don't know…


    For me, I'm with a 4.14 kernel from the backports repo, which installed me certbot v0.23 as I suppose, which is running with python 3.x
    At the moment, this should work as it seems that I have the necessary packages to… but there is a mystery that I have to understand before my cert expired… :(

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

    • Offizieller Beitrag

    OK so whats the way to fix it.

    OMV 3.x isn't using the same version of certbot. So, your issue is different.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • OMV 3.x isn't using the same version of certbot. So, your issue is different.

    hmmmmmmm
    so sorry but maybe i did not have a problem with this. :(
    I only want to know about the automaticly renewal of the certificate and found this post. Of course the cert may be extended manualy before it expired.
    As I understand there is a cron job for this. Maybe I have set something wrong and have to correct this.
    u are welcome to give me a little help ;)
    Is there a possibility to check this before the certificate expired?


    thx

    • Offizieller Beitrag

    u are welcome to give me a little help
    Is there a possibility to check this before the certificate expired?

    OMV 3.x and 4.x use the same version of the plugin just a different version of certbot. So, you should have a cron job here - /etc/cron.d/openmediavault-letsencrypt

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Code
    # this file was automatically generated
    @monthly root omv-rpc "LetsEncrypt" "generateCertificate" "{\"command\":\"renew\"}" >/dev/null 2>&1

    Yes the code above exists under this path. So the cert should be renewed monthly as I understand, but in omv Zertifikate tab /SSL shows me that it will expire on 13.06.2018.
    Some posts above u wrote about a hint with the reneval of the certs in omv3 now I am completely distracted.

    • Offizieller Beitrag

    Yes the code above exists under this path. So the cert should be renewed monthly as I understand, but in omv Zertifikate tab /SSL shows me that it will expire on 13.06.2018.
    Some posts above u wrote about a hint with the reneval of the certs in omv3 now I am completely distracted.

    I guess I try to block out the 3.x version since it doesn't update the private cert when renewing. The easiest fix in OMV 3.x is to delete the cert, uninstall the plugin and then re-install it.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I cannot reach OpenMediaVault or other services using NGinx. I tried to restart NGinx with PuTTy, but I get this error:

    Code
    Jun 04 07:43:32 nas nginx[10334]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-81f7b250-cc5b-4220-8ce9-43b5d220dab7.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

    I have no idea how to fix this?

    • Offizieller Beitrag

    I have no idea how to fix this?

    You are probably using OMV 3.x. This is a known bug because the private key is not updated when the new cert is generated.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Yes I am, is there a fix?

    Upgrade to OMV 4.x is the best fix. Otherwise manually copying the new private cert from the letsencrypt directory to /etc/ssl/private/openmediavault-81f7b250-cc5b-4220-8ce9-43b5d220dab7.key should fix it.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Upgrade to OMV 4.x is the best fix. Otherwise manually copying the new private cert from the letsencrypt directory to /etc/ssl/private/openmediavault-81f7b250-cc5b-4220-8ce9-43b5d220dab7.key should fix it.

    Can you upgrade to 4.0 without reinstalling anything?

    • Offizieller Beitrag

    Can you upgrade to 4.0 without reinstalling anything?

    Yes unless you have an omv-extras plugin that hasn't been ported to OMV 4.x. Those should be removed before upgrading.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I don't know…


    For me, I'm with a 4.14 kernel from the backports repo, which installed me certbot v0.23 as I suppose, which is running with python 3.x
    At the moment, this should work as it seems that I have the necessary packages to… but there is a mystery that I have to understand before my cert expired… :(

    OK... I found the problem with the letsencrypt forum...


    So, as always, it was so simple that I haven't though of it (RTFM !).


    My port 80 was only opened to my internal network in the firewall, and certbot need a file to be seen globally in order to renew the certificat.
    So I opened the port 80, renew my cert and closed it after.


    I have just asked if this can be done through HTTPS, else I will do the same in 90 days...

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

  • My cert will expire on August 15., up till now its not automaticly renewed. When I start a manual renewal I get:



    Debug Log looks like this:



    I checked my webroot for the presense of .well-known/acme-challenge, it was not there, so I created these folders new, but get the same error. I also checked my portmapping for port 80, it active and pointing to my webroot.


    The cert is listed under certs-tab in OMV4-web-gui and used with nginx. Do I have to "unmount" the cert from nginx for the renewal or is there something else to get this thing, especially auto renewals, working?


    I know there was an issue with auto-renewals with OMV3, but I thought this was solved with OMV4. My OMV4 is fully patched btw.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

    Einmal editiert, zuletzt von riff-raff ()

  • check your ports (443 and 80) must by redirect to your NAS to letsencrypt renew work, once done you can revert to other config.


    For me the pluging works as expected, I renew 2 Nas on last 2 weeks sucesfully.

  • As I said in post before, I checked my port mapping already, 443 and 80 point to my web root. There was no change since requesting the initial cert.


    Neither did I change the configuration since requesting the initial cert

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • Sure, my webpage (Nextcloud) is reachable through port 443.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • The OMV Web panel is not open to the WAN, but I want the URBackup panel to be. I created a subdomain 'urbackup.sld.tld' and created an A record where our domain is hosted. When I use the subdomain it does work, but there is no certificate. I generated a certificate with LetsEncrypt and set the web root to the location of the URBackup web root. I have power cycle the server, but I don't get a certificate. I can see the details of the certificate in OMV, but Is there something I need to do within URBackup for it to use the certificate?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!