openmediavault-letsencrypt

  • So if i just use 1 sub domain such as "service.domain.co.uk" then try?


    Can i then also create certificates for the other sub domains?


    I thought the beauty of this plugin was you can add multiples to 1 certificate?


    OMV is using port 80 internally, but its not accessible from external. Do i need to make it accessible to the outside world?

  • Let's Encrypt let you generate multiple certificates call SAN.
    However, in your case, just try one sub domain see if it work.
    Or you can uninstall the plug-in, and re-install it.
    You don't need to make port 80 accessible to WAN, if you don't access it remotely.

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net


    complete output:



    and this is letsencrypt.log if help:




    Perhaps I need to try other day to avoid diary limit?

  • only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.


    Other plugin like failbam or bittorrent add his log if you want to revise code.

  • Still not working even after a re-install and using only 1 domain :(


    • Offizieller Beitrag

    I think we are dealing with a question wether LE supports ssl certificate generation on subdomains where you don't actually own the main domain, ddns.org for example.
    i am guessing the domain owner has to authorize subdomains, providing some records at DNS.


    i also important to mention that all certs for domains domains point in DNS to the actual omv wan ip.

  • I do own my domain, i just edited it out here.


    Its registered through 1and1.co.uk and i created a frame redirect to my public IP along with the ports for my services running on OMV, this part works. Just the generating of the certs for subdomain.mydomain.co.uk

  • I can't access OMV webgui after I enabled Let's Encrypt for OMV.

    Code
    This webpage is not available
    
    
    ERR_CONNECTION_REFUSED


    I tried OMV-firstaid, and got this the error:


    Code
    Updating web administration settings. Please wait ...
    {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}}
    Failed to execute RPC (service=WebGui, method=setSettings)

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • For me, after adding a dependency, the plugin is working like a charm. I only got a problem because of too much certificates requests :saint:


    Maybe @fubz could do a guide as the developer.

    DISCLAIMER: :!: I'm not a native English speaker, I'm sorry if I don't explain as good as you would want. :!:


    My NAS:
    Always the latest OMV Erasmus running on an AMD Sempron 3850 @1.3GHz with 4.9.0 Backports Kernel
    with 120GB Samsung SSD 850 EVO for OpenMediaVault & 2x500GB Primary Data HDD + 1TB Secondary HDD for Backup & 2TB USB 3.0 External HDD for offline backup


    Plugin list:
    Flash Memory, Locate, OMV-Extras.org, RSnapshot, Sensors, Syncthing, SMB/CIFS, SSH, USB Backup
    _____________________________________________________________________________________________________________________________


    Zitat

    The Schrödinger's code is that one which is going to work and it's full of bugs at the same time; until you test it, you won't be able to determine it.

  • Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
    ...


    Perhaps I need to try other day to avoid diary limit?


    There is no way around this except to wait until Lets Encrypt allows you to request a cert again.


    only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.


    Other plugin like failbam or bittorrent add his log if you want to revise code.


    I will work on that


    Still not working even after a re-install and using only 1 domain :(



    Your domain transmission.domain.co.uk points to your OMV installation? Port 80 is open?



    I can't access OMV webgui after I enabled Let's Encrypt for OMV.

    Code
    This webpage is not available
    
    
    ERR_CONNECTION_REFUSED


    I tried OMV-firstaid, and got this the error:


    Code
    Updating web administration settings. Please wait ...
    {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}}
    Failed to execute RPC (service=WebGui, method=setSettings)


    I really have no idea what this issue is. It certainly could be the plugin; however, my understanding of OMV inner workings is still limited. I would create a new thread to get more visibility to the issue.


    It would be nice if someone made a Guide for this. :)


    What would you like to see added to what I have now? I will do my best to create one.

  • Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.


    The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.

    • Offizieller Beitrag

    It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
    i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt.

  • Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.


    The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.


    What are you serving on port 80? more specifically, if you were to traverse your file system to where your transmission.domain.co.uk/index.html loads, what is that path? Currently the plugin is putting your authentication file in /var/www/openmediavault/.well-known/acme-challenge/haskeyhere. Thus, if I go to transmission.domain.co.uk/.well-known/acme-challenge/haskeyhere I would be able to see that file that lets encrypt placed. If this is not the case you have a couple of solutions.
    Use the SNI Proxy I posted to serve all your external content on the default ports 80 and 443. This way if you were to go to transmission.domain.co.uk in your browser, the SNI Proxy would forward the traffic from your transmission install. Also you can then point to your OMV installation on port 9091 through port 80 by specifying SNI Proxy to forward traffic from say for example omv.domain.co.uk.
    Otherwise you will need to set a custom webroot, this is coming in the next release of plugin that is just waiting to be pushed to the repository. In this case you set your web root to /var/www/transmission-where-your-application-is/ This way when lets encrypt goes to your domain it will be able to find the files it placed in the root directory.
    You can also try to read the documentation if my rambling does not make sense https://letsencrypt.org/howitworks/
    Let me know what else I can clarify, I would be glad to help where I can.



    It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
    i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt.


    If you use SNI Proxy you can avoid that whole headache. I route all Lets Encrypt validations for all my subdomains to the same directory. Check out the configuration I posted and let me know if I need to clarify anything. After spending so much time learning about LE and the proxy I take for granted the knowledge.


    My OMV webgui is back working after I turned the server off and turned it back on.
    Not sure why Let's Encrypt cert caused it.
    So far so good.


    I'm glad it got fixed with a "simple" solution :) Sorry If I borked your system.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!