openmediavault-letsencrypt

    • OMV 2.x
    • BUFU1610 wrote:

      (although I think this is obsolete now, the output:

      Source Code

      1. $ apt-cache policy certbot
      2. certbot:
      3. Installed: (none)
      4. Candidate: 0.10.2-1~bpo8+1
      5. Package pin: 0.10.2-1~bpo8+1
      6. Version table:
      7. 0.10.2-1~bpo8+1 500
      8. 100 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
      You must not have the backports repo enabled. What is the output of: grep backports /etc/apt/sources.list.d/*
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      You must not have the backports repo enabled.
      Exactly. I didn't know about the jessie-backports repo until yesterday.
      I did add a .list and therefore are now able to install backport packages.

      The thing is: If I want to install certbot, it tells me it depends on python-certbot. If I want to install that, it tells me it depends on python-acme, python-cryptography and python-openssl.....
      Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).

      I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)
    • BUFU1610 wrote:

      Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).
      Nope, it isn't endless and this is why omv-extras pins the proper packages (see here). If you want letsencrypt, there is no way around it with jessie/OMV 3.x. Most of the time, installing python packages (not python itself) from backports is minimal risk. Make a backup before doing this though...


      BUFU1610 wrote:

      I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)
      Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • LouBen3010 wrote:

      Hey there,
      I just found out that my OMV does not generate the certificate for a second given domain.
      In the plugin section I defined: "a.mydomain.com,b.mydomain.com" (without quotes) as domains.
      After Pressing "Generate Certificates" I only receive a.mydomain.com in my "live" folder from LetsEncrypt.

      Do you know this issue?

      Best regards
      Benedikt
      I've got exactly he same issue. read above. Really wants a second certifite for my second domain. More people?
    • ryecoaaron wrote:

      Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.
      I am not sure if it is... is adding the deb for the backports as a .list all I have to do to enable the repo?
      because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.
    • BUFU1610 wrote:

      is adding the deb for the backports as a .list all I have to do to enable the repo?
      and then run apt-get update.

      BUFU1610 wrote:

      because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.
      That file gets overwritten whenever you doing anything in omv-extras. Put it in its own file. I still don't understand why you don't have the backports file since OMV 3 started adding it.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • You must have a conflict with another package already being installed then. What is the output of:

      Source Code

      1. apt-get update
      2. apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
      3. python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
      4. python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
      5. python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
      6. python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
      7. python-zope.event python-zope.interface
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • so, this is what I get:

      Source Code

      1. # apt-get update
      2. Ign file: InRelease
      3. Ign file: Release.gpg
      4. Ign file: Release
      5. Ign http://ftp.de.debian.org jessie InRelease
      6. Get:1 http://ftp.debian.org jessie-backports InRelease [166 kB]
      7. Hit http://packages.openmediavault.org erasmus InRelease
      8. Ign file: Translation-en_GB
      9. Ign file: Translation-en
      10. Hit http://ftp.de.debian.org jessie Release.gpg
      11. Hit http://ftp.de.debian.org jessie Release
      12. Hit https://dev2day.de jessie InRelease
      13. Get:2 https://dl.bintray.com jessie InRelease
      14. Hit http://packages.openmediavault.org erasmus/main arm64 Packages
      15. Hit http://packages.openmediavault.org erasmus/main armhf Packages
      16. Ign http://packages.openmediavault.org erasmus/main Translation-en_GB
      17. Ign http://packages.openmediavault.org erasmus/main Translation-en
      18. Get:3 http://ftp.debian.org jessie-backports/main arm64 Packages/DiffIndex [27.8 kB]
      19. Ign https://dl.bintray.com jessie InRelease
      20. Hit https://dev2day.de jessie/main armhf Packages
      21. Get:4 http://ftp.debian.org jessie-backports/main armhf Packages/DiffIndex [27.8 kB]
      22. Get:5 https://dev2day.de jessie/main Translation-en_GB [323 B]
      23. Get:6 http://ftp.debian.org jessie-backports/main Translation-en/DiffIndex [27.8 kB]
      24. Get:7 https://dl.bintray.com jessie Release.gpg [821 B]
      25. Get:8 https://dev2day.de jessie/main Translation-en [320 B]
      26. Get:9 https://dev2day.de jessie/main Translation-en_GB [323 B]
      27. Hit http://ftp.de.debian.org jessie/main Sources
      28. Get:10 https://dev2day.de jessie/main Translation-en [320 B]
      29. Hit https://dl.bintray.com jessie Release
      30. Hit http://ftp.de.debian.org jessie/non-free Sources
      31. Hit http://ftp.de.debian.org jessie/contrib Sources
      32. Hit http://ftp.de.debian.org jessie/main arm64 Packages
      33. Hit http://ftp.de.debian.org jessie/non-free arm64 Packages
      34. Hit http://ftp.de.debian.org jessie/contrib arm64 Packages
      35. Hit http://ftp.de.debian.org jessie/main armhf Packages
      36. Hit http://ftp.de.debian.org jessie/non-free armhf Packages
      37. Hit http://ftp.de.debian.org jessie/contrib armhf Packages
      38. Get:11 https://dev2day.de jessie/main Translation-en_GB [323 B]
      39. Hit https://dl.bintray.com jessie/main arm64 Packages
      40. Hit http://ftp.de.debian.org jessie/contrib Translation-en
      41. Hit http://ftp.de.debian.org jessie/main Translation-en
      42. Hit http://ftp.de.debian.org jessie/non-free Translation-en
      43. Hit https://dl.bintray.com jessie/main armhf Packages
      44. Get:12 https://dev2day.de jessie/main Translation-en [320 B]
      45. Get:13 https://dev2day.de jessie/main Translation-en_GB [323 B]
      46. Get:14 https://dl.bintray.com jessie/main Translation-en_GB
      47. Get:15 https://dev2day.de jessie/main Translation-en [320 B]
      48. Get:16 https://dl.bintray.com jessie/main Translation-en
      49. Get:17 https://dev2day.de jessie/main Translation-en_GB [323 B]
      50. Get:18 https://dl.bintray.com jessie/main Translation-en_GB
      51. Ign https://dev2day.de jessie/main Translation-en_GB
      52. Get:19 https://dev2day.de jessie/main Translation-en [320 B]
      53. Ign https://dev2day.de jessie/main Translation-en
      54. Get:20 https://dl.bintray.com jessie/main Translation-en
      55. Get:21 https://dl.bintray.com jessie/main Translation-en_GB
      56. Get:22 https://dl.bintray.com jessie/main Translation-en
      57. Get:23 https://dl.bintray.com jessie/main Translation-en_GB
      58. Get:24 https://dl.bintray.com jessie/main Translation-en
      59. Get:25 https://dl.bintray.com jessie/main Translation-en_GB
      60. Ign https://dl.bintray.com jessie/main Translation-en_GB
      61. Get:26 https://dl.bintray.com jessie/main Translation-en
      62. Ign https://dl.bintray.com jessie/main Translation-en
      63. Fetched 250 kB in 24s (10.1 kB/s)
      64. Reading package lists... Done
      65. # apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
      66. > python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
      67. > python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
      68. > python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
      69. > python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
      70. > python-zope.event python-zope.interface
      71. Reading package lists... Done
      72. Building dependency tree
      73. Reading state information... Done
      74. Some packages could not be installed. This may mean that you have
      75. requested an impossible situation or if you are using the unstable
      76. distribution that some required packages have not yet been created
      77. or been moved out of Incoming.
      78. The following information may help to resolve the situation:
      79. The following packages have unmet dependencies:
      80. python-cffi : Depends: python-cffi-backend (< 1.9.1-2~bpo8+1+c) but it is not installable
      81. Depends: python-cffi-backend (>= 1.9.1-2~bpo8+1) but it is not installable
      82. Depends: python-pycparser but it is not going to be installed
      83. python-cffi-backend:armhf : Depends: python:armhf (< 2.8) but it is not going to be installed
      84. Depends: python:armhf (>= 2.7~) but it is not going to be installed
      85. Breaks: python-cryptography (< 0.8.2-4~) but 0.8.2-2~bpo8+1 is to be installed
      86. python-openssl : Depends: python-cryptography (>= 1.3) but 0.8.2-2~bpo8+1 is to be installed
      87. E: Unable to correct problems, you have held broken packages.
      Display All

      Is there anything you see in here that can help me?

      The post was edited 1 time, last by BUFU1610 ().

    • I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports). What is the output of:

      apt-cache policy python-cffi python-cffi-backend python python-cryptography python-openssl

      If things don't look right in that output, you may have to wait until you can put omv 4.x on the system.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports).
      Sorry, I should have clarified the armhf thing. The output of the policy check is:

      Source Code

      1. # apt-cache policy python-cffi python-cffi-backend python python-cryptography python-openssl
      2. python-cffi:
      3. Installed: (none)
      4. Candidate: 1.9.1-2~bpo8+1
      5. Package pin: 1.9.1-2~bpo8+1
      6. Version table:
      7. 1.9.1-2~bpo8+1 500
      8. 100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
      9. 0.8.6-1 500
      10. 500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
      11. python-cffi-backend:armhf:
      12. Installed: (none)
      13. Candidate: 1.9.1-2~bpo8+1
      14. Version table:
      15. 1.9.1-2~bpo8+1 0
      16. 100 http://ftp.debian.org/debian/ jessie-backports/main armhf Packages
      17. python:
      18. Installed: 2.7.9-1
      19. Candidate: 2.7.9-1
      20. Version table:
      21. *** 2.7.9-1 0
      22. 500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
      23. 100 /var/lib/dpkg/status
      24. python-cryptography:
      25. Installed: (none)
      26. Candidate: 0.8.2-2~bpo8+1
      27. Package pin: 0.8.2-2~bpo8+1
      28. Version table:
      29. 0.8.2-2~bpo8+1 500
      30. 100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
      31. 0.6.1-1+deb8u1 500
      32. 500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
      33. python-openssl:
      34. Installed: (none)
      35. Candidate: 16.0.0-1~bpo8+1
      36. Package pin: 16.0.0-1~bpo8+1
      37. Version table:
      38. 16.0.0-1~bpo8+1 500
      39. 100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
      40. 0.14-1 500
      41. 500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
      Display All
      I hope I don't have to wait for OMV 4.x ... is there another way to get SSL working on an armhf system?
    • So.... I googled around a bit and found out that apparently some dependencies are not available as needed in jessie-backports.

      I found them in the stretch repo and installed them seperately from the rest:

      Source Code

      1. echo deb http://ftp.debian.org/debian stretch main > /etc/apt/sources.list.d/stretch.list
      2. apt-get update
      3. apt-get install -t stretch python-cffi-backend python-cryptography python-openssl

      after that I used that command you gave me (without those 3 packages I installed from stretch already):

      ryecoaaron wrote:

      You must have a conflict with another package already being installed then. What is the output of:

      Source Code

      1. apt-get update
      2. apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
      3. python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
      4. python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
      5. python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
      6. python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
      7. python-zope.event python-zope.interface
      and after all that went quite well, I tried installing the plugin from the webGUI and that worked as well (although it gave out about a hundred errors in the end, after telling me the following:)

      Source Code

      1. Processing triggers for openmediavault (3.0.88) ...
      2. Updating locale files ...
      3. Updating file permissions ...
      4. Purging internal cache ...
      5. Restarting engine daemon ...
      6. Errors were encountered while processing:
      7. collectd-core
      And now the plugin is there and it seems to work, but I have to get up early tomorrow and will probably test all the functionality tomorrow afternoon (and see if it broke anything else on the way...)

      good night!
    • by the way, can enybody change the pluginconfiguration for a 4096 RSA key? :/
      here are a link for the issue on github:
      github.com/OpenMediaVault-Plug…ault-letsencrypt/issues/4
      omv 3.0.88 | 64 bit | omvextrasorg 3.4.26 | kernel 4.9
      used plugins: nginx | mysql | docker-gui | flashmemory |rsnapshot | antivirus | apt tool | letsEncrypt | fail2ban for omv-webgui/Nextcloud/emby
      used other: netxtcloud | logitechmediaserver | emby
    • happyreacer wrote:

      by the way, can enybody change the pluginconfiguration for a 4096 RSA key?
      I commented on your issue.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • My letsencrypt-cert checks for monthly renewal, but the job says no
      renewal is needed, even 5 days before cert will expire. I receive Email
      from letsencrypt saying I have to check my cert.


      When I push a creation of a new cert manually, a new cert is created,
      but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
      (I use my cert with nginx for nextcloud)


      How can I resolve this issue?
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett
    • riff-raff wrote:

      My letsencrypt-cert checks for monthly renewal, but the job says no
      renewal is needed, even 5 days before cert will expire. I receive Email
      from letsencrypt saying I have to check my cert.
      To start, a lot has changed in this plugin and was tested (not by me since I don't use it). If the plugin is doing something wrong, someone needs to help me make changes.

      riff-raff wrote:

      When I push a creation of a new cert manually, a new cert is created,
      but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
      I think this is the proper way to do it. You shouldn't have to generate new certs very often, should you?


      riff-raff wrote:

      How can I resolve this issue?
      Pull requests on github would be best.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • riff-raff wrote:

      My letsencrypt-cert checks for monthly renewal, but the job says no
      renewal is needed, even 5 days before cert will expire. I receive Email
      from letsencrypt saying I have to check my cert.


      When I push a creation of a new cert manually, a new cert is created,
      but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
      (I use my cert with nginx for nextcloud)


      How can I resolve this issue?
      Do you have your OMV web UI configured to force all connections via SSL? I had this same problem with the plugin, but temporarily disabling the "force SSL" setting worked around this.
    • New

      I'm having an issue with this plugin:

      Source Code: letsencrypt.log

      1. 2017-10-17 11:11:47,766:DEBUG:certbot.main:certbot version: 0.19.0
      2. 2017-10-17 11:11:47,766:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/openmediavault/', '--text', '--keep-until-expiring', '--agree-tos', '--expand', '--email', 'master@ricardoamaral.net', '-d', 'atlasbox.amaral.home']
      3. 2017-10-17 11:11:47,766:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
      4. 2017-10-17 11:11:47,798:DEBUG:certbot.log:Root logging level set at 20
      5. 2017-10-17 11:11:47,798:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
      6. 2017-10-17 11:11:47,799:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
      7. 2017-10-17 11:11:47,806:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
      8. Description: Place files in webroot directory
      9. Interfaces: IAuthenticator, IPlugin
      10. Entry point: webroot = certbot.plugins.webroot:Authenticator
      11. Initialized: <certbot.plugins.webroot.Authenticator object at 0x2af7350>
      12. Prep: True
      13. 2017-10-17 11:11:47,807:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x2af7350> and installer None
      14. 2017-10-17 11:11:47,807:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
      15. 2017-10-17 11:11:47,813:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:master@ricardoamaral.net',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x30baed0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/22845338', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 9757e0b49273b37eb1130015d5afafb4, Meta(creation_host=u'ATLASBOX.AMARAL.HOME', creation_dt=datetime.datetime(2017, 10, 17, 11, 5, 37, tzinfo=<UTC>)))>
      16. 2017-10-17 11:11:47,814:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
      17. 2017-10-17 11:11:47,823:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      18. 2017-10-17 11:11:48,242:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 561
      19. 2017-10-17 11:11:48,245:DEBUG:acme.client:Received response:
      20. HTTP 200
      21. Server: nginx
      22. Content-Type: application/json
      23. Content-Length: 561
      24. Replay-Nonce: _ZPNBeAoYD0EF2apuugfMomLnStLl3zy9hSpbL_v9sw
      25. X-Frame-Options: DENY
      26. Strict-Transport-Security: max-age=604800
      27. Expires: Tue, 17 Oct 2017 11:11:48 GMT
      28. Cache-Control: max-age=0, no-cache, no-store
      29. Pragma: no-cache
      30. Date: Tue, 17 Oct 2017 11:11:48 GMT
      31. Connection: keep-alive
      32. {
      33. "80-8280Rhe8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      34. "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
      35. "meta": {
      36. "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
      37. },
      38. "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
      39. "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
      40. "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
      41. "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
      42. }
      43. 2017-10-17 11:11:48,246:INFO:certbot.main:Obtaining a new certificate
      44. 2017-10-17 11:11:48,247:DEBUG:acme.client:Requesting fresh nonce
      45. 2017-10-17 11:11:48,247:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
      46. 2017-10-17 11:11:48,452:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
      47. 2017-10-17 11:11:48,454:DEBUG:acme.client:Received response:
      48. HTTP 405
      49. Server: nginx
      50. Content-Type: application/problem+json
      51. Content-Length: 91
      52. Allow: POST
      53. Replay-Nonce: tF3PBL3gB_8BGGo1F7KFmuGjd_NSH1thMjj8OVvM3Xs
      54. Expires: Tue, 17 Oct 2017 11:11:48 GMT
      55. Cache-Control: max-age=0, no-cache, no-store
      56. Pragma: no-cache
      57. Date: Tue, 17 Oct 2017 11:11:48 GMT
      58. Connection: keep-alive
      59. 2017-10-17 11:11:48,455:DEBUG:acme.client:Storing nonce: tF3PBL3gB_8BGGo1F7KFmuGjd_NSH1thMjj8OVvM3Xs
      60. 2017-10-17 11:11:48,456:DEBUG:acme.client:JWS payload:
      61. {
      62. "identifier": {
      63. "type": "dns",
      64. "value": "atlasbox.amaral.home"
      65. },
      66. "resource": "new-authz"
      67. }
      68. 2017-10-17 11:11:48,468:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
      69. {
      70. "protected": "eyJub25jZSI6ICJ0RjNQQkwzZ0JfOEJHR28xRjdLRm11R2pkX05TSDF0aE1qajhPVnZNM1hzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDdPMlRadlBxREJKbmNHdnA0VXd1UnBRazNjel9nTnJoS1dUZG84OTJCZ3ZKM0JLbHdpbWJNdnFQOE5qakJYaUVLbjdVa2F6QzY1UFYyVnZGSGp1UHUtZWZmaEd1RER0Z1hhZG1ZYldDZzlXM3M4V2c0MXlGUHdHM0JQZTZSTVUwdkNOUlJTQkNjM2tzNmszM3g3Vm5LQWUwa0FwN1VyMGNqRTZBV25qd21HZERmTHZ5eExTellFVGdZc1EyNHB6ZGdSaEQwdkJrYVdiVnVnbjRqMVZueWlibXhkV09fVE1nSUVacHpsZkpaMnYzOUJqWnNGM2p1MjU1dnJMUUFhUXFiOE91eUlRQmc0SExRS09haG9sbV9maTdUR0tjQ1V5RDZKMk9sNmdjcjhTNHc0a2xrbldBWFdueG5CbE5HUHpCMVBMNTI5bzFraElyOERPbWE2YjhRIn19",
      71. "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiYXRsYXNib3guYW1hcmFsLmhvbWUiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
      72. "signature": "l8nM-XERjZwxN2JDcyusFgYwG4Vy59Fv4KLylmD61J5c8d_5CMrpwgMvRPKqx-ApTpBF7T9UdWQKEUgBc1ybi40yGwLqZUsPsomMr2IaM8qroOjaMUt8d1G_LVqqzXrX4NPkLrf0hgZ9ioj7EieF8EEV210f7qFQ7JH3bYg1IYGnEqGTXjPRyPD57v6KSOCz8y2HMvjzlLdsK6C9CdAsXao_iUj6uCHBrlqDzthNwb6HoN0FEUj1avspCkG1SyH3KX4RA0VJSFHrkMOzy9qXAZ8u0-FfJvQTvLVvqf3osRB1r1K0DN0a8Mq24Kf5cF30mQhB_9E6J6wGhJtgl9RxCw"
      73. }
      74. 2017-10-17 11:11:48,708:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 400 137
      75. 2017-10-17 11:11:48,710:DEBUG:acme.client:Received response:
      76. HTTP 400
      77. Server: nginx
      78. Content-Type: application/problem+json
      79. Content-Length: 137
      80. Boulder-Requester: 22845338
      81. Replay-Nonce: 8qG8BzX5fSIsYp5_yan6JkqO-Sfl9tMsIjEXh9wCQW8
      82. Expires: Tue, 17 Oct 2017 11:11:48 GMT
      83. Cache-Control: max-age=0, no-cache, no-store
      84. Pragma: no-cache
      85. Date: Tue, 17 Oct 2017 11:11:48 GMT
      86. Connection: close
      87. {
      88. "type": "urn:acme:error:malformed",
      89. "detail": "Error creating new authz :: Name does not end in a public suffix",
      90. "status": 400
      91. }
      92. 2017-10-17 11:11:48,711:DEBUG:acme.client:Storing nonce: 8qG8BzX5fSIsYp5_yan6JkqO-Sfl9tMsIjEXh9wCQW8
      93. 2017-10-17 11:11:48,712:DEBUG:certbot.log:Exiting abnormally:
      94. Traceback (most recent call last):
      95. File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
      96. sys.exit(main())
      97. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
      98. return config.func(config, plugins)
      99. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly
      100. lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
      101. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert
      102. lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      103. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
      104. certr, chain, key, _ = self.obtain_certificate(domains)
      105. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
      106. self.config.allow_subset_of_names)
      107. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 66, in get_authorizations
      108. self.authzr[domain] = self.acme.request_domain_challenges(domain)
      109. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 212, in request_domain_challenges
      110. typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
      111. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 191, in request_challenges
      112. response = self.net.post(self.directory.new_authz, new_authz)
      113. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 682, in post
      114. return self._post_once(*args, **kwargs)
      115. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 695, in _post_once
      116. return self._check_response(response, content_type=content_type)
      117. File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 582, in _check_response
      118. raise messages.Error.from_json(jobj)
      119. Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
      120. 2017-10-17 11:11:48,714:ERROR:certbot.log:An unexpected error occurred:
      121. 2017-10-17 11:11:48,714:ERROR:certbot.log:The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
      Display All
      Is the "home" suffix somehow not recognized/allowed? Why? Or is this a different issue?
    • New

      Do you have your OMV web UI configured to force all connections via SSL?
      No I don't, since I do not use the cert for my Weblogin but for Nextcloud. So does not bring me any further. Same setting within nginx: No ForceSSL

      Other suggestions?
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett