openmediavault-letsencrypt

    • OMV 2.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Here's my partial log:

      Display Spoiler

      2016-05-30 00:27:18,096:DEBUG:certbot.main:Root logging level set at 30
      2016-05-30 00:27:18,097:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
      2016-05-30 00:27:18,097:DEBUG:certbot.main:certbot version: 0.7.0
      2016-05-30 00:27:18,097:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/openmediavault/', '--text', '--keep-until-expiring', '--agree-tos', '--expand', '--$
      2016-05-30 00:27:18,097:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#$
      2016-05-30 00:27:18,097:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
      2016-05-30 00:27:18,099:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
      Description: Place files in webroot directory
      Interfaces: IAuthenticator, IPlugin
      Entry point: webroot = certbot.plugins.webroot:Authenticator
      Initialized: <certbot.plugins.webroot.Authenticator object at 0x264cfd0>
      Prep: True
      2016-05-30 00:27:18,099:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x264cfd0> and installer None
      2016-05-30 00:27:18,194:DEBUG:certbot.main:Picked account: <Account(7e6cda13ea7ccb5deebbfdd1b6cf82e3)>
      2016-05-30 00:27:18,195:DEBUG:root:Sending GET request to acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
      2016-05-30 00:27:18,197:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      2016-05-30 00:27:18,501:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
      2016-05-30 00:27:18,502:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Security$
      2016-05-30 00:27:18,502:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Tr$
      2016-05-30 00:27:18,504:DEBUG:root:Requesting fresh nonce
      2016-05-30 00:27:18,504:DEBUG:root:Sending HEAD request to acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
      2016-05-30 00:27:18,589:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
      2016-05-30 00:27:18,589:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Serv$
      2016-05-30 00:27:18,589:DEBUG:acme.client:Storing nonce: '\t%9\xf4)\xfdq\xa0R.\xb6Q\tuE\xbf:3\x0cU\xe7\xb3^\x07*\x18\xc9\x16m\xca\x9e\xa6'
      2016-05-30 00:27:18,589:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
      2016-05-30 00:27:18,589:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "cloud.xyz.com"}, "resource": "new-authz"}
      2016-05-30 00:27:18,590:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
      2016-05-30 00:27:18,591:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
      2016-05-30 00:27:18,592:DEBUG:root:Sending POST request to acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
      2016-05-30 00:27:18,726:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1004
      2016-05-30 00:27:18,726:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1004', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
      2016-05-30 00:27:18,726:DEBUG:acme.client:Storing nonce: '\x8fM}B\xb7\x97\xac\r\xa1\xd3Nz9V\xac\x02\x1d\x88\xa4V\xeb\r\xe9\xc9i;\xab\xe4|\x08w)'
      2016-05-30 00:27:18,726:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1004', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
      2016-05-30 00:27:18,727:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'xDq9U8UrLvlw_ZauMTMSOquwJcr1QNGvpPcTHWsTMPE'$
      2016-05-30 00:27:18,727:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
      2016-05-30 00:27:18,727:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "server.xyz.com"}, "resource": "new-authz"}
      2016-05-30 00:27:18,728:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
      2016-05-30 00:27:18,729:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
      2016-05-30 00:27:18,729:DEBUG:root:Sending POST request to acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
      2016-05-30 00:27:18,823:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1005
      2016-05-30 00:27:18,823:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1005', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
      2016-05-30 00:27:18,823:DEBUG:acme.client:Storing nonce: '\x98vi\xc2\xeb\x85\xb5.\x81\x98v\xf9\xd8\xca\xfap\x13940\xa2C\xceGEr\xc0\xddW\x8d\xb4\xf8'
      2016-05-30 00:27:18,823:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1005', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
      2016-05-30 00:27:18,824:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'QKL4jKqwuVmRPLLm-237SiUKwgvRVS5ZDc3F5dRe0o8'$
      2016-05-30 00:27:18,824:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
      2016-05-30 00:27:18,824:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "seafile.xyz.com"}, "resource": "new-authz"}
      2016-05-30 00:27:18,824:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
      2016-05-30 00:27:18,826:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
      2016-05-30 00:27:18,826:DEBUG:root:Sending POST request to acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
      2016-05-30 00:27:18,930:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1006
      2016-05-30 00:27:18,930:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1006', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
      2016-05-30 00:27:18,930:DEBUG:acme.client:Storing nonce: '\xfa\xf3\x1d\x86\xe7o\xe9\x00\xe65\xa5&v\xc8\xc3SH\x1c\xc2\xc4\xd8&\nx\xb0\\\xbb5\xfal.E'
      2016-05-30 00:27:18,930:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1006', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
      2016-05-30 00:27:18,930:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'Kd0WaMy5h1NMM4eTazDM5FOK6jDO1SIArVjE_m2evsY'$
      2016-05-30 00:27:18,931:INFO:certbot.auth_handler:Performing the following challenges:
      2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for cloud.xyz.com
      2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for server.xyz.com
      2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for seafile.xyz.com
      2016-05-30 00:27:18,931:INFO:certbot.plugins.webroot:Using the webroot path /var/www/openmediavault for all unmatched domains.
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10
    • After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:

      It said>>Error: the configuration object is in use...

      Source Code

      1. 2016-06-07 23:11:52,164:DEBUG:certbot.main:Root logging level set at 30
      2. 2016-06-07 23:11:52,164:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
      3. 2016-06-07 23:11:52,164:DEBUG:certbot.main:certbot version: 0.8.0
      4. 2016-06-07 23:11:52,164:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud', '--text', '--keep-until-expiring'$
      5. 2016-06-07 23:11:52,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#$
      6. 2016-06-07 23:11:52,165:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
      7. 2016-06-07 23:11:52,166:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
      8. Description: Place files in webroot directory
      9. Interfaces: IAuthenticator, IPlugin
      10. Entry point: webroot = certbot.plugins.webroot:Authenticator
      11. Initialized: <certbot.plugins.webroot.Authenticator object at 0x224df50>
      12. Prep: True
      13. 2016-06-07 23:11:52,167:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x224df50> and installer None
      14. 2016-06-07 23:11:52,268:DEBUG:certbot.main:Picked account: <Account(7e6cda13ea7ccb5deebbfdd1b6cf82e3)>
      15. 2016-06-07 23:11:52,269:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
      16. 2016-06-07 23:11:52,271:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      17. 2016-06-07 23:11:52,434:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
      18. 2016-06-07 23:11:52,435:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Tue, 07 Jun 2016 23:11:52 GMT', 'Strict-Transport-Security$
      19. 2016-06-07 23:11:52,435:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 07 Jun 2016 23:11:52 GMT', 'Strict-Tr$
      20. 2016-06-07 23:11:52,439:INFO:certbot.renewal:[b]Cert not yet due for renewal[/b]
      Display All


      When I did a /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud --force-renew, it said:

      Source Code

      1. Domain: server.xyz.com
      2. Type: connection
      3. Detail: [b]Could not connect to http://server.xyz.com/[/b].well-known/acme-challenge/hnAgQKkLgTkpxhv_2rKve7jFUnfIHCqzzIDm7HiQ4xU
      4. Domain: cloud.xyz.com
      5. Type: connection
      6. Detail: [b]Could not connect to http://cloud.xyz.com/[/b].well-known/acme-challenge/93RjY09WbT9-QT2_cR99ydvkYQ5ipC7rCUI1o7ufppc
      7. To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally$
      8. 2016-06-07 23:16:12,416:INFO:certbot.auth_handler:Cleaning up challenges
      9. 2016-06-07 23:16:12,416:DEBUG:certbot.plugins.webroot:Removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/93RjY09WbT9-QT2_cR99$
      10. 2016-06-07 23:16:12,417:DEBUG:certbot.plugins.webroot:Removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/hnAgQKkLgTkpxhv_2rKv$
      11. 2016-06-07 23:16:12,417:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-cha$
      12. 2016-06-07 23:16:12,419:DEBUG:certbot.main:Exiting abnormally:
      13. Traceback (most recent call last):
      14. File "~/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
      15. sys.exit(main())
      16. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 735, in main
      17. return config.func(config, plugins)
      18. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 554, in obtain_cert
      19. _, action = _auth_from_domains(le_client, config, domains, lineage)
      20. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 90, in _auth_from_domains
      21. renewal.renew_cert(config, domains, le_client, lineage)
      22. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 236, in renew_cert
      23. new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
      24. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate
      25. self.config.allow_subset_of_names)
      Display All
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10

      The post was edited 1 time, last by tinh_x7 ().

    • tinh_x7 wrote:

      After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:

      It said>>Error: the configuration object is in use...


      It looks like your dns entries are not setup correctly, based on:
      "To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address"

      Have you recently made a change to your DNS records? It can take a while to populate.
      Also try manually creating the folder and files in your webroot to test and make sure those directories are accessible. For example:

      Source Code

      1. mkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known
      2. mkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge
      3. echo "<body>Test</body>" > /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/test.html


      Then go to server.xyz.com/test.html
      If you do not get a webpage that says "Test" then your webroot is configured wrong.
      (Clean up your test files: rm -r /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known)

      Otherwise I would post on the Lets Encrypt forums, you will get more prompt and knowledgeable support. My knowledge domain is limited to this one specific use case of Let's Encrypt. If you find anything else please bring back the information so we can try to incorporate it into the plug-in.

      p.s. force-renew is coming to the plugin shortly :)
    • I didn't get the 'Test' page...

      I notice that the last line of the first log, it said:

      Source Code

      1. 2016-06-07 23:11:52,439:INFO:certbot.renewal: Cert not yet due for renewal

      Maybe it'll to renew the last minute or day?
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10

      The post was edited 2 times, last by tinh_x7 ().

    • fubz wrote:

      gsola96 wrote:

      I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).


      what does your lets encrypt log say?
      /var/log/letsencrypt/letsencrypt.log


      here you are: it was too long to paste it here: [url]http://pastebin.com/1wCEuSY6[/url]
      DISCLAIMER: :!: I'm not a native English speaker, I'm sorry if I don't explain as good as you would want. :!:

      My NAS:
      Always the latest OMV Erasmus running on an AMD Sempron 3850 @1.3GHz with 4.9.0 Backports Kernel
      with 120GB Samsung SSD 850 EVO for OpenMediaVault & 2x500GB Primary Data HDD + 1TB Secondary HDD for Backup & 2TB USB 3.0 External HDD for offline backup

      Plugin list:
      Flash Memory, Locate, OMV-Extras.org, RSnapshot, Sensors, Syncthing, SMB/CIFS, SSH, USB Backup
      _____________________________________________________________________________________________________________________________

      The Schrödinger's code is that one which is going to work and it's full of bugs at the same time; until you test it, you won't be able to determine it.
    • Update: I finally can renewed my certs by stop Nginx web servers completely before I ran the plugin.
      My OMV port 80 is opening.

      sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb

      I got these errors when I'm try to install SNIProxy:

      Source Code

      1. sudo dpkg -i sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb
      2. Selecting previously unselected package sniproxy.
      3. (Reading database ... 150856 files and directories currently installed.)
      4. Unpacking sniproxy (from sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb) ...
      5. dpkg: dependency problems prevent configuration of sniproxy:
      6. sniproxy depends on libc6 (>= 2.14); however:
      7. Version of libc6:amd64 on system is 2.13-38+deb7u11.
      8. sniproxy depends on libev4 (>= 1:4.04); however:
      9. Package libev4 is not installed.
      10. sniproxy depends on libpcre3 (>= 1:8.35); however:
      11. Version of libpcre3:amd64 on system is 1:8.30-5.
      12. sniproxy depends on libudns0 (>= 0.4); however:
      13. Package libudns0 is not installed.
      14. dpkg: error processing sniproxy (--install):
      15. dependency problems - leaving unconfigured
      16. Processing triggers for man-db ...
      17. Errors were encountered while processing:
      Display All


      Is this going to break my OMV v2.x ?

      Source Code

      1. You might want to run 'apt-get -f install' to correct these.
      2. The following packages have unmet dependencies:
      3. sniproxy : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is installed
      4. Depends: libev4 (>= 1:4.04) but it is not installed
      5. Depends: libpcre3 (>= 1:8.35) but 1:8.30-5 is installed
      6. Depends: libudns0 (>= 0.4) but it is not installable
      7. E: Unmet dependencies. Try using -f.


      Let's Encrypt error:

      Source Code

      1. >>> *************** Error ***************
      2. The configuration object is in use
      3. <<< *************************************
      4. >>> *************** Error ***************
      5. The configuration object is in use
      6. <<< *************************************
      7. >>> *************** Error ***************
      8. The configuration object is in use
      9. <<< *************************************
      10. >>> *************** Error ***************
      11. The configuration object is in use
      12. <<< *************************************
      13. >>> *************** Error ***************
      14. The configuration object is in use
      15. <<< *************************************
      16. >>> *************** Error ***************
      17. The configuration object is in use
      18. <<< *************************************
      Display All
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10

      The post was edited 14 times, last by tinh_x7 ().

    • I've got some beginner questions here.

      I've got my OpenMediaVault accessible only from within my LAN. Having an SSL certificate so web browsers stop complaining when I visit my OpenMediaVault sounds nice, as well as security improvements against attackers that may have gained entry through WiFi, but it's not immediately apparent to me how to use this service.

      Do I have to have a domain name to use this?

      Do I need to set up a separate public web server as well?

      Is this actually going to be a net decrease in security for me opening up my OpenMediaVault to the Internet for LetsEncrypt validation?
    • 1. You need to own the domain that you plan to use with Let's Encrypt.
      2. You can use it on the same system as OMV running with different port.
      Your web server can be install on /media/UUID/.... or /var/www/


      You don't have to open OMV to the world, just your web service(s) or services that you need to access from outside.
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10
    • Error installing the plugin

      Hi Everyone,

      After seen the availability of this plugin I was quite excited to test it but unfortunately I have got the following:

      Reading package lists...
      Building dependency tree...
      Reading state information...
      The following NEW packages will be installed:
      openmediavault-letsencrypt
      0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
      Need to get 0 B/11.8 kB of archives.
      After this operation, 42.0 kB of additional disk space will be used.
      WARNING: The following packages cannot be authenticated!
      openmediavault-letsencrypt
      Authentication warning overridden.
      Selecting previously unselected package openmediavault-letsencrypt.
      (Reading database ... 44932 files and directories currently installed.)
      Unpacking openmediavault-letsencrypt (from .../openmediavault-letsencrypt_2.4_all.deb) ...
      Processing triggers for openmediavault ...
      Restarting engine daemon ...
      Setting up openmediavault-letsencrypt (2.4) ...
      Removing old letsencrypt files...
      Clone the LetsEncrypt repository
      Cloning into '/opt/letsencrypt'...
      error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing github.com/letsencrypt/letsencrypt.git/info/refs
      fatal: HTTP request failed

      dpkg: error processing openmediavault-letsencrypt (--configure):
      subprocess installed post-installation script returned error exit status 128
      Processing triggers for openmediavault ...
      Restarting engine daemon ...
      Errors were encountered while processing:
      openmediavault-letsencrypt

      >>> *************** Error ***************
      Failed to execute command 'export LANG=C; export DEBIAN_FRONTEND=noninteractive; apt-get --yes --force-yes --fix-missing --allow-unauthenticated --reinstall install openmediavault-letsencrypt 2>&1': Reading package lists...



      I went to the site github.com/letsencrypt/letsencrypt.git/info/refs and I've got:

      Please upgrade your git client. GitHub.com no longer supports git over dumb-http: https://github.com/blog/809-git-dumb-http-transport-to-be-turned-off-in-90-days

      Hope someone can support me in solving this issue.

      Thanks in Advance!!
    • Hi.

      I hope somebody can tell me if I am on the right way.

      My OMV is on port 8080. I have nginx installed. My webpage is on port 80. But with the possibility of LE I now want to change to SSL. My router is openend for port 80 with a port forwarding to port 80 of my internal ip address for my webpage.

      To use SSL I also open 443 on the router with a port forwarding to port 443 of my internal ip address.

      I hope until here everything is right.

      My webpage is in the folder /media/UUID/webpage. Is it right to put this also in the LE plugin under webroot?

      If this is all correct is it right that I need this port 80 opened to my webpage to get LE work, also for updating?

      Because what I normaly want is that if somebody is coming from outside without SSL on the port 80 he is redirected to the SSL part. But how can I get this to work with nginx when I also want to use the autoupdate for LE?

      Would be nice if somebody can explain it for nginx and not only SNI Proxy.

      Thanks a lot.

      Regards lulu
    • Ok, I now got it and found a nice solution, to get everything work, only using SSL (redirecting to SSL when coming in without) and also using Letsencrypt including update. And all of this without SNI Proxy, just with NGINX.

      My router is forwarding port 80 to port 443 of my internal ip-address of the server and 443 also to 443 of the server.

      My nginx-server-config is looking like this:

      Source Code

      1. server {
      2. listen [::]:443 ssl ipv6only=off;
      3. ssl_certificate /etc/ssl/certs/openmediavault....ab.crt;
      4. ssl_certificate_key /etc/ssl/private/openmediavault...ab.key;
      5. server_name vhost1.mydoamain.org;
      6. set $root_path "/media/UUID/.../";
      7. root $root_path;
      8. index index.html index.php;
      9. set $socket "unix:/var/run/fpm-74dff9ad-4c79-4ff1-85fa-7a4ead13d8e2.sock";
      10. location ~ \.php$ {
      11. fastcgi_split_path_info ^(.+\.php)(/.+)$;
      12. fastcgi_pass $socket;
      13. fastcgi_index index.php;
      14. include fastcgi_params;
      15. }
      16. access_log /var/log/nginx/e738d1de-04f3-41cd-9f9d-22e47a536063-access.log;
      17. error_log /var/log/nginx/e738d1de-04f3-41cd-9f9d-22e47a536063-error.log;
      18. large_client_header_buffers 4 8k;
      19. error_page 497 https://$host$request_uri;
      20. location /.well-known/acme-challenge { root /media/UUID/webpage; }
      21. }
      22. server {
      23. listen [::]:443 ssl;
      24. ssl_certificate /etc/ssl/certs/openmediavault-...ab.crt;
      25. ssl_certificate_key /etc/ssl/private/openmediavault...ab.key;
      26. server_name vhost2.mydoamain.org vhost3.mydoamain.org;
      27. set $root_path "/media/UUID/www/";
      28. root $root_path;
      29. index index.html;
      30. access_log /var/log/nginx/69e6011e-e268-4926-a1da-cccac0fe59bd-access.log;
      31. error_log /var/log/nginx/69e6011e-e268-4926-a1da-cccac0fe59bd-error.log;
      32. large_client_header_buffers 4 8k;
      33. error_page 497 https://$host$request_uri;
      34. location /.well-known/acme-challenge { root /media/UUID/www; }
      35. }
      Display All


      "error_page 497 https://$host$request_uri;" brings everybody without entering with "https" to the SSL page. And this works also if you don't use the standard ports for SSL. Then just change it to for example "https://$host:1234$request_uri;" so put the port number behind $host.

      LE is working fine with this.

      Regards lulu