openmediavault-letsencrypt

  • Update: in this plug-in version, even though that my OwnCloud installation directory is non-default, I still had to used the default path to get it to work:


    /var/www/openmediavault/


    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    2 Mal editiert, zuletzt von tinh_x7 ()

  • I installed the letsencrypt plugin, when I click "Generate certificate" i run into this issue

    Code
    Suggested packages:
      augeas-doc augeas-tools
    The following packages will be upgraded:
      augeas-lenses libaugeas0
    2 upgraded, 0 newly installed, 0 to remove and 71 not upgraded.
    Need to get 646 kB of archives.
    After this operation, 380 kB of additional disk space will be used.
    WARNING: The following packages cannot be authenticated!
      augeas-lenses libaugeas0
    E: There are problems and -y was used without --force-yes


    what's wrong?

  • try:
    Source Code
    apt-key update
    apt-get update
    apt-get install augeas-lenses libaugeas0


    Same problem here. apt-get says that „augeas-lenses is already the newest version. libaugeas0 is already the newest version.“


    Solved as showed here.


    OK, now it ended with this:

    Code
    Requesting root privileges to run letsencrypt...
       ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email admin@moonlightwell.tk -d moonlightwell.tk -d mydata.moonlightwell.tk -d jirafeau.moonlightwell.tk -d baikal.moonlightwell.tk -d rainloop.moonlightwell.tk -d tools.moonlightwell.tk -d phpsysinfo.moonlightwell.tk
    Illegal instruction
    <<< *************************************


    Ah, yes, I'm using Raspberry Pi, if that matters.

  • Hello community.


    I've got a problem while i try to generate certificates for my virtual hosts.


    Creating the certificate for the omv-domain succeeded, but not for the vhosts.


    Here the pluginconfig from omv:


    Here the errors from generating the certificates:


    Webroot in the config is standard from omv.
    My vhosts are in /media/UUID/vhost1.tld, /media/UUID/vhost2.tld and so on.
    Ports are open, otherwise generating the certificate for the omv-domain runs in a error.
    How to direct to the webroot of each vhosts to prevent running in errors?
    The hosts are all reachable from the web.


    Thanks for your attention and sorry for my english. ;)

    *future backup system*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    Core2Quad Q8200 @2,33 GHz | 6 GB
    Intel SSD 320 40GB System |
    6x2TB WD-Red Raid5


    *replacement under construction*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    i3-2120 @ 3,30 GHz | 8 GB
    Sandisk SSD 126GB System | 3x6TB WD-Red Raid5

  • The LetsEncrypt client is trying to verify that you are the owner of the given domains by placing some files in your webroot and then access it via http. It fails as it cannot access http://vhost1.tld/.well-known/…gEKpZPYaz1ecmwkyRhiLl67OQ
    So it comes to the conclusion you are not the owner. That's the way LetsEncrypt works.


    So you just cannot place anything in the "domain" field. It must lead to a domain owned by you and be reachable via http://... for verification.


    At least that is my understanding.

    OMV 2.x - Kralizec // Hardware: HP Microserver N54L, 4GB RAM, 2x3TB WD Red - RAID 1, Sandisk SSD 60GB for system

  • That's right and i know, how LE is working.
    On the cli by hand with webroot for each vhost LE do what it should without any errors.


    That's the problem. The plugin supports only one webroot.
    So i try to find a how to for a reverse proxy with or for nginx in german.
    Hope it works. :/

    *future backup system*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    Core2Quad Q8200 @2,33 GHz | 6 GB
    Intel SSD 320 40GB System |
    6x2TB WD-Red Raid5


    *replacement under construction*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    i3-2120 @ 3,30 GHz | 8 GB
    Sandisk SSD 126GB System | 3x6TB WD-Red Raid5

  • @fubz,


    Thanks for the plugin. I am running OMV on port 81, put a nginx (using nginx plugins) on port 80 just for webroot validation and redirecting all other things to https://. My https nginx do reverse proxy for every other service (transmission, omv on port 81, etc). In this way I did not need to mass with internal services ssl configuration, good enough.


    I had an error that took me a while to figure out. I removed, by accident, the certificate created by plugin using webgui/certificates page. After this letsencrypt plugin start fail because it cannot find the UUID of certificate object in OMV system. There is no way to configure this item through webgui and letsencrypt plugin has no fall-back-create-again-solution. If a complete remove and reinstall resulted in the same error. I manage to solve it by editing config.xml and removing letsencrypt config by hand. After reinstalling plugin I could generate certificate again.
    Suggestion: implement a bailout plan in case the configured uuid is missing, in my opinion create a new on would be the best way to do. This should be done even if letsencrypt returns "no renew necessary" because if someone, like me, is dumb enough to delete certificate by mistake, a renew would restore it in place.


    Suggestion 2: Implement some way to generate independent certificates. Lets assume someone host two completely different domains, one for OMV and other under omv-nginx plugin for serve a different site. This person will not want to use combined certificate for those two domains but separated certificates to completely separate both domains (imagine if this second domain is, someday, moved to another server, the combined cert does not make sense anymore).


    Thanks for the great work!


    att,
    Benito

  • Hi


    first of all, thanks for the plugin!


    I just set up letsencrypt without knowing this plugin existed. After I got it working I was trying to find a way to automatically update the certificates in omv and found this thread. :)


    So now that I already have a working cert and the --force-renew option does not exist yet (which I would also be happy to see). I need to ask: Does this plugin automatically update the certificates for omv usage?

    • Offizieller Beitrag

    Also the plugin is compatible with omv 3.0 if anyone is interested in this plugin i can fork it on github an continue the work just let me know and paste here what you would like to have.


    The plugin is probably compatible with up to version 3.0.13, plugins need to be adapted for datamodels to work in omv 3.0.15 and future versions.
    So if you want to fork and PR to do the work...wouldn't be a problem I guess. Don't know if @fubz is aware of the changes.
    There are some plugins at github that have been ported already if you want to take a look on what has to be done.

  • It should, if you are running only one domain with omv.
    Cronjob is running monthly to renew it.
    If you have subdomains/v-servers running on omv, no, not for all.

    *future backup system*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    Core2Quad Q8200 @2,33 GHz | 6 GB
    Intel SSD 320 40GB System |
    6x2TB WD-Red Raid5


    *replacement under construction*
    OMV 3.0.96 (Erasmus) -
    Linux 4.9.0-0.bpo.4-amd64
    i3-2120 @ 3,30 GHz | 8 GB
    Sandisk SSD 126GB System | 3x6TB WD-Red Raid5

  • I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).


    Anyone know what is happening? I had let's encrypt running for some time now (so I thought it was renewing the certificate automatically) and I found out that in the plugin says "you have to do a reverse proxy to redirect all the yourdomain.tld/acme-challenge/* to your webroot but I don't understand what does it mean (neither I know what is a reverse proxy and how to set it up).


    Hope someone can give a clue on that also...

    DISCLAIMER: :!: I'm not a native English speaker, I'm sorry if I don't explain as good as you would want. :!:


    My NAS:
    Always the latest OMV Erasmus running on an AMD Sempron 3850 @1.3GHz with 4.9.0 Backports Kernel
    with 120GB Samsung SSD 850 EVO for OpenMediaVault & 2x500GB Primary Data HDD + 1TB Secondary HDD for Backup & 2TB USB 3.0 External HDD for offline backup


    Plugin list:
    Flash Memory, Locate, OMV-Extras.org, RSnapshot, Sensors, Syncthing, SMB/CIFS, SSH, USB Backup
    _____________________________________________________________________________________________________________________________


    Zitat

    The Schrödinger's code is that one which is going to work and it's full of bugs at the same time; until you test it, you won't be able to determine it.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!