BTW, I found a (temporary) way to run letsencrypt with --force-renew from web interface. Just add it to webroot field after a space. Example:
/media/{GUID}/www/ --force-renew
openmediavault-letsencrypt
-
- OMV 3.x
- fubz
-
-
Hello,
is it possible to use this with IPv6?
-
I posted some time ago answering tinh_x7 and because of that, I found that I cannot renew or create new certificates. I have port 80 forwarded to my OMV box but I get an error that let's encrypt can't "access" /var/www/openmediavault/acme-challenge/(some random string of numbers/letters).
what does your lets encrypt log say?
/var/log/letsencrypt/letsencrypt.log -
-
Here's my partial log:
2016-05-30 00:27:18,096:DEBUG:certbot.main:Root logging level set at 30
2016-05-30 00:27:18,097:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-05-30 00:27:18,097:DEBUG:certbot.main:certbot version: 0.7.0
2016-05-30 00:27:18,097:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/openmediavault/', '--text', '--keep-until-expiring', '--agree-tos', '--expand', '--$
2016-05-30 00:27:18,097:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#$
2016-05-30 00:27:18,097:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2016-05-30 00:27:18,099:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x264cfd0>
Prep: True
2016-05-30 00:27:18,099:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x264cfd0> and installer None
2016-05-30 00:27:18,194:DEBUG:certbot.main:Picked account: <Account(7e6cda13ea7ccb5deebbfdd1b6cf82e3)>
2016-05-30 00:27:18,195:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-05-30 00:27:18,197:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-30 00:27:18,501:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
2016-05-30 00:27:18,502:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Security$
2016-05-30 00:27:18,502:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Tr$
2016-05-30 00:27:18,504:DEBUG:root:Requesting fresh nonce
2016-05-30 00:27:18,504:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-05-30 00:27:18,589:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-05-30 00:27:18,589:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Serv$
2016-05-30 00:27:18,589:DEBUG:acme.client:Storing nonce: '\t%9\xf4)\xfdq\xa0R.\xb6Q\tuE\xbf:3\x0cU\xe7\xb3^\x07*\x18\xc9\x16m\xca\x9e\xa6'
2016-05-30 00:27:18,589:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-05-30 00:27:18,589:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "cloud.xyz.com"}, "resource": "new-authz"}
2016-05-30 00:27:18,590:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
2016-05-30 00:27:18,591:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
2016-05-30 00:27:18,592:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
2016-05-30 00:27:18,726:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1004
2016-05-30 00:27:18,726:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1004', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
2016-05-30 00:27:18,726:DEBUG:acme.client:Storing nonce: '\x8fM}B\xb7\x97\xac\r\xa1\xd3Nz9V\xac\x02\x1d\x88\xa4V\xeb\r\xe9\xc9i;\xab\xe4|\x08w)'
2016-05-30 00:27:18,726:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1004', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
2016-05-30 00:27:18,727:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'xDq9U8UrLvlw_ZauMTMSOquwJcr1QNGvpPcTHWsTMPE'$
2016-05-30 00:27:18,727:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-05-30 00:27:18,727:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "server.xyz.com"}, "resource": "new-authz"}
2016-05-30 00:27:18,728:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
2016-05-30 00:27:18,729:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
2016-05-30 00:27:18,729:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
2016-05-30 00:27:18,823:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1005
2016-05-30 00:27:18,823:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1005', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
2016-05-30 00:27:18,823:DEBUG:acme.client:Storing nonce: '\x98vi\xc2\xeb\x85\xb5.\x81\x98v\xf9\xd8\xca\xfap\x13940\xa2C\xceGEr\xc0\xddW\x8d\xb4\xf8'
2016-05-30 00:27:18,823:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1005', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
2016-05-30 00:27:18,824:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'QKL4jKqwuVmRPLLm-237SiUKwgvRVS5ZDc3F5dRe0o8'$
2016-05-30 00:27:18,824:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-05-30 00:27:18,824:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "seafile.xyz.com"}, "resource": "new-authz"}
2016-05-30 00:27:18,824:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=$
2016-05-30 00:27:18,826:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonc$
2016-05-30 00:27:18,826:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256",$
2016-05-30 00:27:18,930:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1006
2016-05-30 00:27:18,930:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1006', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-Transport-Securit$
2016-05-30 00:27:18,930:DEBUG:acme.client:Storing nonce: '\xfa\xf3\x1d\x86\xe7o\xe9\x00\xe65\xa5&v\xc8\xc3SH\x1c\xc2\xc4\xd8&\nx\xb0\\\xbb5\xfal.E'
2016-05-30 00:27:18,930:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1006', 'Expires': 'Mon, 30 May 2016 00:27:17 GMT', 'Strict-T$
2016-05-30 00:27:18,930:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'Kd0WaMy5h1NMM4eTazDM5FOK6jDO1SIArVjE_m2evsY'$
2016-05-30 00:27:18,931:INFO:certbot.auth_handler:Performing the following challenges:
2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for cloud.xyz.com
2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for server.xyz.com
2016-05-30 00:27:18,931:INFO:certbot.auth_handler:http-01 challenge for seafile.xyz.com
2016-05-30 00:27:18,931:INFO:certbot.plugins.webroot:Using the webroot path /var/www/openmediavault for all unmatched domains. -
After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:
It said>>Error: the configuration object is in use...
Code
Alles anzeigen2016-06-07 23:11:52,164:DEBUG:certbot.main:Root logging level set at 30 2016-06-07 23:11:52,164:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-06-07 23:11:52,164:DEBUG:certbot.main:certbot version: 0.8.0 2016-06-07 23:11:52,164:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud', '--text', '--keep-until-expiring'$ 2016-06-07 23:11:52,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#$ 2016-06-07 23:11:52,165:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2016-06-07 23:11:52,166:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x224df50> Prep: True 2016-06-07 23:11:52,167:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x224df50> and installer None 2016-06-07 23:11:52,268:DEBUG:certbot.main:Picked account: <Account(7e6cda13ea7ccb5deebbfdd1b6cf82e3)> 2016-06-07 23:11:52,269:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {} 2016-06-07 23:11:52,271:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-06-07 23:11:52,434:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280 2016-06-07 23:11:52,435:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Tue, 07 Jun 2016 23:11:52 GMT', 'Strict-Transport-Security$ 2016-06-07 23:11:52,435:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 07 Jun 2016 23:11:52 GMT', 'Strict-Tr$ 2016-06-07 23:11:52,439:INFO:certbot.renewal:[b]Cert not yet due for renewal[/b]
When I did a /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud --force-renew, it said:
Code
Alles anzeigenDomain: server.xyz.com Type: connection Detail: [b]Could not connect to http://server.xyz.com/[/b].well-known/acme-challenge/hnAgQKkLgTkpxhv_2rKve7jFUnfIHCqzzIDm7HiQ4xU Domain: cloud.xyz.com Type: connection Detail: [b]Could not connect to http://cloud.xyz.com/[/b].well-known/acme-challenge/93RjY09WbT9-QT2_cR99ydvkYQ5ipC7rCUI1o7ufppc To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally$ 2016-06-07 23:16:12,416:INFO:certbot.auth_handler:Cleaning up challenges 2016-06-07 23:16:12,416:DEBUG:certbot.plugins.webroot:Removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/93RjY09WbT9-QT2_cR99$ 2016-06-07 23:16:12,417:DEBUG:certbot.plugins.webroot:Removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/hnAgQKkLgTkpxhv_2rKv$ 2016-06-07 23:16:12,417:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-cha$ 2016-06-07 23:16:12,419:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "~/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 735, in main return config.func(config, plugins) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 554, in obtain_cert _, action = _auth_from_domains(le_client, config, domains, lineage) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 90, in _auth_from_domains renewal.renew_cert(config, domains, le_client, lineage) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 236, in renew_cert new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate self.config.allow_subset_of_names)
-
After I changed the WebRoot path from /var/www/openmediavault/ to /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud, this is the new log:
It said>>Error: the configuration object is in use...
It looks like your dns entries are not setup correctly, based on:
"To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address"Have you recently made a change to your DNS records? It can take a while to populate.
Also try manually creating the folder and files in your webroot to test and make sure those directories are accessible. For example:Codemkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known mkdir /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge echo "<body>Test</body>" > /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known/acme-challenge/test.html
Then go to server.xyz.com/test.html
If you do not get a webpage that says "Test" then your webroot is configured wrong.
(Clean up your test files: rm -r /media/54bf67db-da31-4c50-bb3c-27140944b223/www/owncloud/.well-known)Otherwise I would post on the Lets Encrypt forums, you will get more prompt and knowledgeable support. My knowledge domain is limited to this one specific use case of Let's Encrypt. If you find anything else please bring back the information so we can try to incorporate it into the plug-in.
p.s. force-renew is coming to the plugin shortly
-
-
-
what does your lets encrypt log say?
/var/log/letsencrypt/letsencrypt.loghere you are: it was too long to paste it here: http://pastebin.com/1wCEuSY6</a>
-
Let's Encrypt has a cert bot that can install and auto renew too:
-
-
Hi,
is-it possible to work in pure 443 ? I haven't open port 80 on my server.
-
Update: I finally can renewed my certs by stop Nginx web servers completely before I ran the plugin.
My OMV port 80 is opening.sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb
I got these errors when I'm try to install SNIProxy:
Code
Alles anzeigensudo dpkg -i sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb Selecting previously unselected package sniproxy. (Reading database ... 150856 files and directories currently installed.) Unpacking sniproxy (from sniproxy_0.4.0+git.10.gf4bc05d_amd64.deb) ... dpkg: dependency problems prevent configuration of sniproxy: sniproxy depends on libc6 (>= 2.14); however: Version of libc6:amd64 on system is 2.13-38+deb7u11. sniproxy depends on libev4 (>= 1:4.04); however: Package libev4 is not installed. sniproxy depends on libpcre3 (>= 1:8.35); however: Version of libpcre3:amd64 on system is 1:8.30-5. sniproxy depends on libudns0 (>= 0.4); however: Package libudns0 is not installed. dpkg: error processing sniproxy (--install): dependency problems - leaving unconfigured Processing triggers for man-db ... Errors were encountered while processing:
Is this going to break my OMV v2.x ?
CodeYou might want to run 'apt-get -f install' to correct these. The following packages have unmet dependencies: sniproxy : Depends: libc6 (>= 2.14) but 2.13-38+deb7u11 is installed Depends: libev4 (>= 1:4.04) but it is not installed Depends: libpcre3 (>= 1:8.35) but 1:8.30-5 is installed Depends: libudns0 (>= 0.4) but it is not installable E: Unmet dependencies. Try using -f.
Let's Encrypt error:
Code
Alles anzeigen>>> *************** Error *************** The configuration object is in use <<< ************************************* >>> *************** Error *************** The configuration object is in use <<< ************************************* >>> *************** Error *************** The configuration object is in use <<< ************************************* >>> *************** Error *************** The configuration object is in use <<< ************************************* >>> *************** Error *************** The configuration object is in use <<< ************************************* >>> *************** Error *************** The configuration object is in use <<< *************************************
-
I also notice that the time stamp of Let's Encrypt plugin in the OMV log is wrong.
My computer time is 7:10PM EST , but the log said 11:10 PM EDT. -
-
i just installed this plugin and now i cant access the GUI - i did not even enable the plugin
-
-
I've got some beginner questions here.
I've got my OpenMediaVault accessible only from within my LAN. Having an SSL certificate so web browsers stop complaining when I visit my OpenMediaVault sounds nice, as well as security improvements against attackers that may have gained entry through WiFi, but it's not immediately apparent to me how to use this service.
Do I have to have a domain name to use this?
Do I need to set up a separate public web server as well?
Is this actually going to be a net decrease in security for me opening up my OpenMediaVault to the Internet for LetsEncrypt validation?
-
-
1. You need to own the domain that you plan to use with Let's Encrypt.
2. You can use it on the same system as OMV running with different port.
Your web server can be install on /media/UUID/.... or /var/www/You don't have to open OMV to the world, just your web service(s) or services that you need to access from outside.
-
Is the .well-known dir that locate in the webroot is suppose to be root:root or www-data:www-data ?
-
Hi Everyone,
After seen the availability of this plugin I was quite excited to test it but unfortunately I have got the following:
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
openmediavault-letsencrypt
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.8 kB of archives.
After this operation, 42.0 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
openmediavault-letsencrypt
Authentication warning overridden.
Selecting previously unselected package openmediavault-letsencrypt.
(Reading database ... 44932 files and directories currently installed.)
Unpacking openmediavault-letsencrypt (from .../openmediavault-letsencrypt_2.4_all.deb) ...
Processing triggers for openmediavault ...
Restarting engine daemon ...
Setting up openmediavault-letsencrypt (2.4) ...
Removing old letsencrypt files...
Clone the LetsEncrypt repository
Cloning into '/opt/letsencrypt'...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://github.com/letsencrypt/letsencrypt.git/info/refs
fatal: HTTP request failed
dpkg: error processing openmediavault-letsencrypt (--configure):
subprocess installed post-installation script returned error exit status 128
Processing triggers for openmediavault ...
Restarting engine daemon ...
Errors were encountered while processing:
openmediavault-letsencrypt>>> *************** Error ***************
Failed to execute command 'export LANG=C; export DEBIAN_FRONTEND=noninteractive; apt-get --yes --force-yes --fix-missing --allow-unauthenticated --reinstall install openmediavault-letsencrypt 2>&1': Reading package lists...I went to the site https://github.com/letsencrypt/letsencrypt.git/info/refs and I've got:
Please upgrade your git client.GitHub.com no longer supports git over dumb-http: https://github.com/blog/809-git-dumb-http-transport-to-be-turned-off-in-90-days
Hope someone can support me in solving this issue.
Thanks in Advance!!
-
-
Hi.
I hope somebody can tell me if I am on the right way.
My OMV is on port 8080. I have nginx installed. My webpage is on port 80. But with the possibility of LE I now want to change to SSL. My router is openend for port 80 with a port forwarding to port 80 of my internal ip address for my webpage.
To use SSL I also open 443 on the router with a port forwarding to port 443 of my internal ip address.
I hope until here everything is right.
My webpage is in the folder /media/UUID/webpage. Is it right to put this also in the LE plugin under webroot?
If this is all correct is it right that I need this port 80 opened to my webpage to get LE work, also for updating?
Because what I normaly want is that if somebody is coming from outside without SSL on the port 80 he is redirected to the SSL part. But how can I get this to work with nginx when I also want to use the autoupdate for LE?
Would be nice if somebody can explain it for nginx and not only SNI Proxy.
Thanks a lot.
Regards lulu
-
Ok, I now got it and found a nice solution, to get everything work, only using SSL (redirecting to SSL when coming in without) and also using Letsencrypt including update. And all of this without SNI Proxy, just with NGINX.
My router is forwarding port 80 to port 443 of my internal ip-address of the server and 443 also to 443 of the server.
My nginx-server-config is looking like this:
Code
Alles anzeigenserver { listen [::]:443 ssl ipv6only=off; ssl_certificate /etc/ssl/certs/openmediavault....ab.crt; ssl_certificate_key /etc/ssl/private/openmediavault...ab.key; server_name vhost1.mydoamain.org; set $root_path "/media/UUID/.../"; root $root_path; index index.html index.php; set $socket "unix:/var/run/fpm-74dff9ad-4c79-4ff1-85fa-7a4ead13d8e2.sock"; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass $socket; fastcgi_index index.php; include fastcgi_params; } access_log /var/log/nginx/e738d1de-04f3-41cd-9f9d-22e47a536063-access.log; error_log /var/log/nginx/e738d1de-04f3-41cd-9f9d-22e47a536063-error.log; large_client_header_buffers 4 8k; error_page 497 https://$host$request_uri; location /.well-known/acme-challenge { root /media/UUID/webpage; } } server { listen [::]:443 ssl; ssl_certificate /etc/ssl/certs/openmediavault-...ab.crt; ssl_certificate_key /etc/ssl/private/openmediavault...ab.key; server_name vhost2.mydoamain.org vhost3.mydoamain.org; set $root_path "/media/UUID/www/"; root $root_path; index index.html; access_log /var/log/nginx/69e6011e-e268-4926-a1da-cccac0fe59bd-access.log; error_log /var/log/nginx/69e6011e-e268-4926-a1da-cccac0fe59bd-error.log; large_client_header_buffers 4 8k; error_page 497 https://$host$request_uri; location /.well-known/acme-challenge { root /media/UUID/www; } }
"error_page 497 https://$host$request_uri;" brings everybody without entering with "https" to the SSL page. And this works also if you don't use the standard ports for SSL. Then just change it to for example "https://$host:1234$request_uri;" so put the port number behind $host.
LE is working fine with this.
Regards lulu
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!