openmediavault-letsencrypt

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • So if i just use 1 sub domain such as "service.domain.co.uk" then try?

      Can i then also create certificates for the other sub domains?

      I thought the beauty of this plugin was you can add multiples to 1 certificate?

      OMV is using port 80 internally, but its not accessible from external. Do i need to make it accessible to the outside world?
    • Let's Encrypt let you generate multiple certificates call SAN.
      However, in your case, just try one sub domain see if it work.
      Or you can uninstall the plug-in, and re-install it.
      You don't need to make port 80 accessible to WAN, if you don't access it remotely.
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10
    • Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net

      complete output:

      Source Code

      1. >>> *************** Error ***************
      2. Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email xxxxx@gmail.com -d raulfg3.zapto.org -d rnas.ddns.net 2>&1': Updating letsencrypt and virtual environment dependencies...
      3. .
      4. .
      5. .
      6. Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email raulfg3@gmail.com -d raulfg3.zapto.org -d rnas.ddns.net
      7. An unexpected error occurred:
      8. There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
      9. Please see the logfiles in /var/log/letsencrypt for more details.
      10. IMPORTANT NOTES:
      11. - If you lose your account credentials, you can recover through
      12. e-mails sent to raulfg3@gmail.com.
      13. - Your account credentials have been saved in your Let's Encrypt
      14. configuration directory at /etc/letsencrypt. You should make a
      15. secure backup of this folder now. This configuration directory will
      16. also contain certificates and private keys obtained by Let's
      17. Encrypt so making regular backups of this
      Display All



      and this is letsencrypt.log if help:

      Source Code

      1. 2016-01-20 19:09:30,911:DEBUG:letsencrypt.cli:Root logging level set at 30
      2. 2016-01-20 19:09:30,911:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
      3. RdU_nTi4HbVapIEWjBeebxCh1Zx9IzZ_OPlHLlhdY9WoHHdoFOuRDRvXzKQmzCd4OhCLKw8T9KGX5UhgWnrUga0yRT32lPWhUrkEuwA5aVQIvZ_wNfCjstaQs9_LeJ9xXgpOwsOQYLWXVX1t4KIp0FCCvdrTkfqWi0mZcb8Orr7J-Y767xKUaXv-yuWrlttE-DvCltr-UOr5DmpvT3i-EGIJ5SjwoK2TPlpslP9F_AwofmpYoFSVuTQmI8dJcdleWhJobemo4dx8psLfD2QLC2CfCYY0_CG5dhnDeNUUFrg"}'}
      4. 2016-01-20 19:10:40,731:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      5. 2016-01-20 19:10:41,534:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 429 150
      6. 2016-01-20 19:10:41,537:DEBUG:root:Received <Response [429]>. Headers: {'Content-Length': '150', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Wed, 20 Jan 2016 19:08:31 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'SCHSXNWFiErze2u6H6j73ctNs29YjUCWzrD5q-9ERbE'}. Content: '{"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net","status":429}'
      7. 2016-01-20 19:10:41,538:DEBUG:acme.client:Storing nonce: 'H!\xd2\\\xd5\x85\x88J\xf3{k\xba\x1f\xa8\xfb\xdd\xcbM\xb3oX\x8d@\x96\xce\xb0\xf9\xab\xefDE\xb1'
      8. 2016-01-20 19:10:41,538:DEBUG:acme.client:Received response <Response [429]> (headers: {'Content-Length': '150', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Wed, 20 Jan 2016 19:08:31 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'SCHSXNWFiErze2u6H6j73ctNs29YjUCWzrD5q-9ERbE'}): '{"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net","status":429}'
      9. 2016-01-20 19:10:41,539:DEBUG:letsencrypt.cli:Exiting abnormally:
      10. Traceback (most recent call last):
      11. File "~/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
      12. sys.exit(main())
      13. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1398, in main
      14. return args.func(args, config, plugins)
      15. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 600, in obtain_cert
      16. _auth_from_domains(le_client, config, domains)
      17. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 404, in _auth_from_domains
      18. lineage = le_client.obtain_and_enroll_certificate(domains)
      19. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
      20. certr, chain, key, _ = self.obtain_certificate(domains)
      21. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
      22. return self._obtain_certificate(domains, csr) + (key, csr)
      23. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 228, in _obtain_certificate
      24. authzr)
      25. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 310, in request_issuance
      26. headers={'Accept': content_type})
      27. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 634, in post
      28. return self._check_response(response, content_type=content_type)
      29. File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 550, in _check_response
      30. raise messages.Error.from_json(jobj)
      31. Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
      Display All



      Perhaps I need to try other day to avoid diary limit?
      OMV 3.0.88 x64 on a HP T510, 8GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
    • only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.

      Other plugin like failbam or bittorrent add his log if you want to revise code.
      OMV 3.0.88 x64 on a HP T510, 8GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
    • Still not working even after a re-install and using only 1 domain :(

      Source Code

      1. >>> *************** Error ***************
      2. Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk 2>&1': Updating letsencrypt and virtual environment dependencies...
      3. .
      4. .
      5. .
      6. Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk
      7. Failed authorization procedure. transmission.domain.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 16 parts
      8. IMPORTANT NOTES:
      9. - The following errors were reported by the server:
      10. Domain: transmission.domain.co.uk
      11. Type: urn:acme:error:unauthorized
      12. Detail: Error parsing key authorization file: Invalid key
      13. authorization: 16 parts
      14. <<< *************************************
      Display All
    • I think we are dealing with a question wether LE supports ssl certificate generation on subdomains where you don't actually own the main domain, ddns.org for example.
      i am guessing the domain owner has to authorize subdomains, providing some records at DNS.

      i also important to mention that all certs for domains domains point in DNS to the actual omv wan ip.
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • I can't access OMV webgui after I enabled Let's Encrypt for OMV.

      Source Code

      1. ​This webpage is not available
      2. ERR_CONNECTION_REFUSED

      I tried OMV-firstaid, and got this the error:

      Source Code

      1. Updating web administration settings. Please wait ...
      2. {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}}
      3. Failed to execute RPC (service=WebGui, method=setSettings)
      OMV v3.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10
    • For me, after adding a dependency, the plugin is working like a charm. I only got a problem because of too much certificates requests :saint:

      Maybe @fubz could do a guide as the developer.
      DISCLAIMER: :!: I'm not a native English speaker, I'm sorry if I don't explain as good as you would want. :!:

      My NAS:
      Always the latest OMV Erasmus running on an AMD Sempron 3850 @1.3GHz with 4.9.0 Backports Kernel
      with 120GB Samsung SSD 850 EVO for OpenMediaVault & 2x500GB Primary Data HDD + 1TB Secondary HDD for Backup & 2TB USB 3.0 External HDD for offline backup

      Plugin list:
      Flash Memory, Locate, OMV-Extras.org, RSnapshot, Sensors, Syncthing, SMB/CIFS, SSH, USB Backup
      _____________________________________________________________________________________________________________________________

      The Schrödinger's code is that one which is going to work and it's full of bugs at the same time; until you test it, you won't be able to determine it.
    • raulfg3 wrote:

      Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
      ...

      Perhaps I need to try other day to avoid diary limit?

      There is no way around this except to wait until Lets Encrypt allows you to request a cert again.

      raulfg3 wrote:

      only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.

      Other plugin like failbam or bittorrent add his log if you want to revise code.

      I will work on that

      mcloum wrote:

      Still not working even after a re-install and using only 1 domain :(

      Source Code

      1. >>> *************** Error ***************
      2. Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk 2>&1': Updating letsencrypt and virtual environment dependencies...
      3. .
      4. .
      5. .
      6. Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk
      7. Failed authorization procedure. transmission.domain.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 16 parts
      8. IMPORTANT NOTES:
      9. - The following errors were reported by the server:
      10. Domain: transmission.domain.co.uk
      11. Type: urn:acme:error:unauthorized
      12. Detail: Error parsing key authorization file: Invalid key
      13. authorization: 16 parts
      14. <<< *************************************
      Display All

      Your domain transmission.domain.co.uk points to your OMV installation? Port 80 is open?


      tinh_x7 wrote:

      I can't access OMV webgui after I enabled Let's Encrypt for OMV.

      Source Code

      1. ​This webpage is not available
      2. ERR_CONNECTION_REFUSED

      I tried OMV-firstaid, and got this the error:

      Source Code

      1. Updating web administration settings. Please wait ...
      2. {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}}
      3. Failed to execute RPC (service=WebGui, method=setSettings)

      I really have no idea what this issue is. It certainly could be the plugin; however, my understanding of OMV inner workings is still limited. I would create a new thread to get more visibility to the issue.

      tekkb wrote:

      It would be nice if someone made a Guide for this. :)

      What would you like to see added to what I have now? I will do my best to create one.
    • Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.

      The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.
    • It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
      i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt.
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • mcloum wrote:

      Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.

      The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.

      What are you serving on port 80? more specifically, if you were to traverse your file system to where your transmission.domain.co.uk/index.html loads, what is that path? Currently the plugin is putting your authentication file in /var/www/openmediavault/.well-known/acme-challenge/haskeyhere. Thus, if I go to transmission.domain.co.uk/.well-known/acme-challenge/haskeyhere I would be able to see that file that lets encrypt placed. If this is not the case you have a couple of solutions.
      Use the SNI Proxy I posted to serve all your external content on the default ports 80 and 443. This way if you were to go to transmission.domain.co.uk in your browser, the SNI Proxy would forward the traffic from your transmission install. Also you can then point to your OMV installation on port 9091 through port 80 by specifying SNI Proxy to forward traffic from say for example omv.domain.co.uk.
      Otherwise you will need to set a custom webroot, this is coming in the next release of plugin that is just waiting to be pushed to the repository. In this case you set your web root to /var/www/transmission-where-your-application-is/ This way when lets encrypt goes to your domain it will be able to find the files it placed in the root directory.
      You can also try to read the documentation if my rambling does not make sense letsencrypt.org/howitworks/
      Let me know what else I can clarify, I would be glad to help where I can.


      subzero79 wrote:

      It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
      i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt.

      If you use SNI Proxy you can avoid that whole headache. I route all Lets Encrypt validations for all my subdomains to the same directory. Check out the configuration I posted and let me know if I need to clarify anything. After spending so much time learning about LE and the proxy I take for granted the knowledge.

      tinh_x7 wrote:

      My OMV webgui is back working after I turned the server off and turned it back on.
      Not sure why Let's Encrypt cert caused it.
      So far so good.

      I'm glad it got fixed with a "simple" solution :) Sorry If I borked your system.
    • OMV 3.0.88 x64 on a HP T510, 8GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;