openmediavault-letsencrypt

    • Offizieller Beitrag

    Please try to remember that I have used this plugin once to actually generate a cert. I really have no idea what certbot does with old certs and how your proxy mess works. I guess you could try removing the cert lines from nginx configs to get it to start or at least making sure they exist. I guess you could also remove cert references in the database and then regenerate the nginx configs with omv-mkconf nginx and restart it.

    to not destroy my new cert?

    If it doesn't work, why are you worried about keeping it? Can't you just generate a new one?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Please try to remember that I have used this plugin once to actually generate a cert. I really have no idea what certbot does with old certs and how your proxy mess works. I guess you could try removing the cert lines from nginx configs to get it to start or at least making sure they exist. I guess you could also remove cert references in the database and then regenerate the nginx configs with omv-mkconf nginx and restart it.

    If it doesn't work, why are you worried about keeping it? Can't you just generate a new one?

    It did work fantastically, but after everything was up and running I went and removed the old certs, and I think that destroyed something. But I am not sure. And the error I get seems to have something to do with openmediavault itself, as it puts the certs in another folder /etc/ssl/ (which is not a letsencrypt folder). I really don't know what I am doing now.
    How do I remove the cert references in the database? Where do I find the database?

  • Solved it, went to /etc/ssl/ and removed one of the certs and renamed the other.
    Now NGinx works as it should!!


    Fantastic!


    I noticed one thing in the new update of Let'sEncrypt plugin.
    Schedule refresh doesn't work, it doesn't create a Scheduled job.
    Not sure if Test certificate works?


    When I press save in Settings it will not appear a yellow Apply bar, so not sure it does anything!

    • Offizieller Beitrag

    certbox creates the certs in the letsencrypt folder. The OMV web interface can't use them there. So, the plugin calls this code to create the ssl cert the omv way (which copies to the /etc/ssl directory).


    The database is /etc/openmediavault/config.xml. I haven't edited cert references before so I'm not sure. Please make a backup before doing any of this.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • certbox creates the certs in the letsencrypt folder. The OMV web interface can't use them there. So, the plugin calls this code to create the ssl cert the omv way (which copies to the /etc/ssl directory).


    The database is /etc/openmediavault/config.xml. I haven't edited cert references before so I'm not sure. Please make a backup before doing any of this.

    Maybe you missed it, but I solved it after all. Thank you for the guidance.
    Just a minor thing left with the Let's Encrypt plugin:
    I noticed one thing in the new update of Let'sEncrypt plugin.
    Schedule refresh doesn't work, it doesn't create a Scheduled job.
    Not sure if Test certificate works?


    When I press save in Settings it will not appear a yellow Apply bar, so not sure it does anything!

    • Offizieller Beitrag

    I noticed one thing in the new update of Let'sEncrypt plugin.
    Schedule refresh doesn't work, it doesn't create a Scheduled job.

    openmediavault-letsencrypt


    Not sure if Test certificate works?

    It does on my systems. The only difference is that it passes a test-cert flag to certbot - code


    When I press save in Settings it will not appear a yellow Apply bar, so not sure it does anything!

    What is it supposed to do? Everything in that tab only applies to the Generate and Renew button on the Domains tab. So, it doesn't regenerate any configs when saving which means no apply bar.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    What webroot and domain means?

    web root is the root directory that the web site is in. If you were creating a cert for the OMV web interface, it would be /var/www/openmediavault/


    domain is the web site's public domain that points to your server. Not sure how to describe that any differently.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • openmediavault-letsencrypt

    It does on my systems. The only difference is that it passes a test-cert flag to certbot - code

    What is it supposed to do? Everything in that tab only applies to the Generate and Renew button on the Domains tab. So, it doesn't regenerate any configs when saving which means no apply bar.

    This is my /etc/cron.d/ folder after enabling Schedule refresh:


    It doesn't seem to create a file for me?

    • Offizieller Beitrag

    This is my /etc/cron.d/ folder after enabling Schedule refresh:

    The cron file is only generated when renew or generate is clicked. So, enabling it after will not generate the cron file. I guess I can add the code to generate the cron when saving on the settings tab but that is the only setting that will really change anything. Now, I remember why I didn't do that. It would create the cron job before a cert is created. Not sure what to do other than document that you should select first or just click renew.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • The cron file is only generated when renew or generate is clicked. So, enabling it after will not generate the cron file. I guess I can add the code to generate the cron when saving on the settings tab but that is the only setting that will really change anything. Now, I remember why I didn't do that. It would create the cron job before a cert is created. Not sure what to do other than document that you should select first or just click renew.

    I just enabled it and clicked renew certificate. Which created the cron file.


    But I got this error now:

    Code
    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] BIO_new_file("/etc/ssl/certs/openmediavault-0f8bcbb9-ad7e-458e-a341-b0dc4a343790.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs/openmediavault-0f8bcbb9-ad7e-458e-a341-b0dc4a343790.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed


    Show details shows this:


    And nginx -t

    Code
    nginx: [emerg] BIO_new_file("/etc/ssl/certs/openmediavault-0f8bcbb9-ad7e-458e-a3                                                              41-b0dc4a343790.crt") failed (SSL: error:02001002:system library:fopen:No such f                                                              ile or directory:fopen('/etc/ssl/certs/openmediavault-0f8bcbb9-ad7e-458e-a341-b0                                                              dc4a343790.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    So something is screwing up my setup with Let's Encrypt, I dont understand!

    • Offizieller Beitrag

    So something is screwing up my setup with Let's Encrypt, I dont understand!

    For some reason, it is generating bad certs. Renew is working fine on my production system but I don't have a bunch of proxies setup.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • For some reason, it is generating bad certs. Renew is working fine on my production system but I don't have a bunch of proxies setup.

    I wanted to start over now, to try to fix everything. So I uninstalled Let's Encrypt plugin, deleted my certificate that was generated with it. Checked to see Let's Encrypt folder was empty.
    Deleted the certs under /etc/ssl/, and removed my Nginx reverse proxy, then tried restarting Nginx. This is the result of nginx -t


    Code
    root@nas:~# nginx -t
    nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/NAS/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/NAS/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    root@nas:~#

    Somwhere it is still referencing the old key, but I cannot find where!!?

    • Offizieller Beitrag

    Somwhere it is still referencing the old key, but I cannot find where!!?

    The fact that it is looking in the /etc/letsencrypt folder tells me that it is not using the OMV created cert. What is the output of: grep -r "fullchain.pem" /etc/*

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • The fact that it is looking in the /etc/letsencrypt folder tells me that it is not using the OMV created cert. What is the output of: grep -r "fullchain.pem" /etc/*

    I really don't know what it was, but I deleted Let's Encrypt, kept the old certificate, and got a new name of the new one I created, then deleted the old certificate. And now it is up and running, and cron job is created. So we'll see when the time comes for the cron job to run, if it works or not!

    • Offizieller Beitrag

    So we'll see when the time comes for the cron job to run, if it works or not!

    The cron job does the exact same thing as clicking the renew button. It should just say that it doesn't need to renew when you click it now.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • web root is the root directory that the web site is in. If you were creating a cert for the OMV web interface, it would be /var/www/openmediavault/
    domain is the web site's public domain that points to your server. Not sure how to describe that any differently.


    Ok, I got it :)
    If I want to generate SSL cert for "a service" different than omv webGui?
    I mean I expose some services like ipcam manger webGui and so on, how can I generate SSL cert for this services?

    • Offizieller Beitrag

    If I want to generate SSL cert for "a service" different than omv webGui?
    I mean I expose some services like ipcam manger webGui and so on, how can I generate SSL cert for this services?

    If the manager has a directory that it serves html/php/whatever from, then that would be the web root. If it is its own server and doesn't serve files out of a directory, I don't know.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Well, cert works, I created a new one and set it up in nginx. So I should be fine by now. My issue with the scheduled job was due to lack of information. Thank you very much for your support!

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!