openmediavault-letsencrypt

  • BTW, I found a (temporary) way to run letsencrypt with --force-renew from web interface. Just add it to webroot field after a space. Example:
    /media/{GUID}/www/ --force-renew

  • I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).


    what does your lets encrypt log say?
    /var/log/letsencrypt/letsencrypt.log

  • Here's my partial log:


    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:


    It said>>Error: the configuration object is in use...



    When I did a /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud --force-renew, it said:


    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    Einmal editiert, zuletzt von tinh_x7 ()

  • After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:


    It said>>Error: the configuration object is in use...


    It looks like your dns entries are not setup correctly, based on:
    "To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address"


    Have you recently made a change to your DNS records? It can take a while to populate.
    Also try manually creating the folder and files in your webroot to test and make sure those directories are accessible. For example:

    Code
    mkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known
    mkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge
    echo "<body>Test</body>" > /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/test.html


    Then go to server.xyz.com/test.html
    If you do not get a webpage that says "Test" then your webroot is configured wrong.
    (Clean up your test files: rm -r /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known)


    Otherwise I would post on the Lets Encrypt forums, you will get more prompt and knowledgeable support. My knowledge domain is limited to this one specific use case of Let's Encrypt. If you find anything else please bring back the information so we can try to incorporate it into the plug-in.


    p.s. force-renew is coming to the plugin shortly :)

  • I didn't get the 'Test' page...


    I notice that the last line of the first log, it said:

    Code
    2016-06-07 23:11:52,439:INFO:certbot.renewal: Cert not yet due for renewal


    Maybe it'll to renew the last minute or day?

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    2 Mal editiert, zuletzt von tinh_x7 ()

  • what does your lets encrypt log say?
    /var/log/letsencrypt/letsencrypt.log


    here you are: it was too long to paste it here: http://pastebin.com/1wCEuSY6</a>

    DISCLAIMER: :!: I'm not a native English speaker, I'm sorry if I don't explain as good as you would want. :!:


    My NAS:
    Always the latest OMV Erasmus running on an AMD Sempron 3850 @1.3GHz with 4.9.0 Backports Kernel
    with 120GB Samsung SSD 850 EVO for OpenMediaVault & 2x500GB Primary Data HDD + 1TB Secondary HDD for Backup & 2TB USB 3.0 External HDD for offline backup


    Plugin list:
    Flash Memory, Locate, OMV-Extras.org, RSnapshot, Sensors, Syncthing, SMB/CIFS, SSH, USB Backup
    _____________________________________________________________________________________________________________________________


    Zitat

    The Schrödinger's code is that one which is going to work and it's full of bugs at the same time; until you test it, you won't be able to determine it.

  • Update: I finally can renewed my certs by stop Nginx web servers completely before I ran the plugin.
    My OMV port 80 is opening.


    sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb  


    I got these errors when I'm try to install SNIProxy:



    Is this going to break my OMV v2.x ?

    Code
    You might want to run 'apt-get -f install' to correct these.
    The following packages have unmet dependencies:
     sniproxy : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is installed
                Depends: libev4 (>= 1:4.04) but it is not installed
                Depends: libpcre3 (>= 1:8.35) but 1:8.30-5 is installed
                Depends: libudns0 (>= 0.4) but it is not installable
    E: Unmet dependencies. Try using -f.


    Let's Encrypt error:

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    14 Mal editiert, zuletzt von tinh_x7 ()

  • I also notice that the time stamp of Let's Encrypt plugin in the OMV log is wrong.
    My computer time is 7:10PM EST , but the log said 11:10 PM EDT.

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • i just installed this plugin and now i cant access the GUI - i did not even enable the plugin

    • Offizieller Beitrag

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I've got some beginner questions here.


    I've got my OpenMediaVault accessible only from within my LAN. Having an SSL certificate so web browsers stop complaining when I visit my OpenMediaVault sounds nice, as well as security improvements against attackers that may have gained entry through WiFi, but it's not immediately apparent to me how to use this service.


    Do I have to have a domain name to use this?


    Do I need to set up a separate public web server as well?


    Is this actually going to be a net decrease in security for me opening up my OpenMediaVault to the Internet for LetsEncrypt validation?

  • 1. You need to own the domain that you plan to use with Let's Encrypt.
    2. You can use it on the same system as OMV running with different port.
    Your web server can be install on /media/UUID/.... or /var/www/


    You don't have to open OMV to the world, just your web service(s) or services that you need to access from outside.

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • Hi Everyone,


    After seen the availability of this plugin I was quite excited to test it but unfortunately I have got the following:


    Reading package lists...
    Building dependency tree...
    Reading state information...
    The following NEW packages will be installed:
    openmediavault-letsencrypt
    0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
    Need to get 0 B/11.8 kB of archives.
    After this operation, 42.0 kB of additional disk space will be used.
    WARNING: The following packages cannot be authenticated!
    openmediavault-letsencrypt
    Authentication warning overridden.
    Selecting previously unselected package openmediavault-letsencrypt.
    (Reading database ... 44932 files and directories currently installed.)
    Unpacking openmediavault-letsencrypt (from .../openmediavault-letsencrypt_2.4_all.deb) ...
    Processing triggers for openmediavault ...
    Restarting engine daemon ...
    Setting up openmediavault-letsencrypt (2.4) ...
    Removing old letsencrypt files...
    Clone the LetsEncrypt repository
    Cloning into '/opt/letsencrypt'...
    error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://github.com/letsencrypt/letsencrypt.git/info/refs
    fatal: HTTP request failed

    dpkg: error processing openmediavault-letsencrypt (--configure):
    subprocess installed post-installation script returned error exit status 128
    Processing triggers for openmediavault ...
    Restarting engine daemon ...
    Errors were encountered while processing:
    openmediavault-letsencrypt


    >>> *************** Error ***************
    Failed to execute command 'export LANG=C; export DEBIAN_FRONTEND=noninteractive; apt-get --yes --force-yes --fix-missing --allow-unauthenticated --reinstall install openmediavault-letsencrypt 2>&1': Reading package lists...



    I went to the site https://github.com/letsencrypt/letsencrypt.git/info/refs and I've got:


    Please upgrade your git client.GitHub.com no longer supports git over dumb-http: https://github.com/blog/809-git-dumb-http-transport-to-be-turned-off-in-90-days


    Hope someone can support me in solving this issue.


    Thanks in Advance!!

  • Hi.


    I hope somebody can tell me if I am on the right way.


    My OMV is on port 8080. I have nginx installed. My webpage is on port 80. But with the possibility of LE I now want to change to SSL. My router is openend for port 80 with a port forwarding to port 80 of my internal ip address for my webpage.


    To use SSL I also open 443 on the router with a port forwarding to port 443 of my internal ip address.


    I hope until here everything is right.


    My webpage is in the folder /media/UUID/webpage. Is it right to put this also in the LE plugin under webroot?


    If this is all correct is it right that I need this port 80 opened to my webpage to get LE work, also for updating?


    Because what I normaly want is that if somebody is coming from outside without SSL on the port 80 he is redirected to the SSL part. But how can I get this to work with nginx when I also want to use the autoupdate for LE?


    Would be nice if somebody can explain it for nginx and not only SNI Proxy.


    Thanks a lot.


    Regards lulu

  • Ok, I now got it and found a nice solution, to get everything work, only using SSL (redirecting to SSL when coming in without) and also using Letsencrypt including update. And all of this without SNI Proxy, just with NGINX.


    My router is forwarding port 80 to port 443 of my internal ip-address of the server and 443 also to 443 of the server.


    My nginx-server-config is looking like this:



    "error_page 497 https://$host$request_uri;" brings everybody without entering with "https" to the SSL page. And this works also if you don't use the standard ports for SSL. Then just change it to for example "https://$host:1234$request_uri;" so put the port number behind $host.


    LE is working fine with this.


    Regards lulu

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!