openmediavault-letsencrypt

happyreacer · 9. Januar 2018

ill back, i have my first certificate, but only for the side in my ngnix-plugin with my cloud program by the way i don't know how i can makes certifikate for subdomain with proxy_pass-
BUT i cant use the certificate.
The error is:

Code

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-e814a850-7e12-4d0c-8cd5-b03857808755.key") failed

Code

Fehler #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-e814a850-7e12-4d0c-8cd5-b03857808755.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed in /usr/share/php/openmediavault/system/process.inc:175
Stack trace:
#0 /usr/share/openmediavault/engined/module/webserver.inc(40): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(168): OMVModuleNginxAbstract->applyConfig()
#2 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(150): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
#5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatuskZ...', '/tmp/bgoutputR9...')
#6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(151): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
#7 /usr/share/openmediavault/engined/rpc/config.inc(213): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
#8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
#9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
#11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
#12 {main}

Alles anzeigen

Speedrunner · 15. Januar 2018

Hi there,

first of all, thank you for this wonderful plugin. Unfortunately, I can't get it to work for me. I am running Erasmus on a Debian Jessie install, which I only made, because I wanted a different partition layout. Otherwise I would have gone straight to the OpenMediaVault iso. Thus I installed Debian Jessie with SSH and then OpenMediaVault on top. Then I installed omv-extras and the letsencrypt plugin. Then I wanted to use letsencrypt, but can't get it to work.

I have a static IPv4 from Deutsche Telekom. I set up a DNS entry like so: locality.company.tld
The OpenMediaVault box has it's own name, but knows about the domain, so it calls itself omvbox.locality.company.tld
But because I only have one IPv4, when I login from remote, I need to use locality.company.tld. I use that for ssh and can connect to the box with a self signed ssl cert or over port 80.

For the time being, I forward port 80 and port 443 directly from the router to the openmediavault box. Currently I can access them from outside using a web browser.

I wanted to secure them with letsencrypt, to get rid of the error message.

First of all I found it strange that I had to search around to find out which root directory to fill in: "/var/www/openmediavault/" Why wasn't this in the official documentation? Most people will want to secure access to the web admin first. Then I used the domain locality.company.tld, because that is the domain where the box will be at from the outside.

But when I try to attain a cert from letsencrypt, the challenge fails, even though the domain is correct, path is correct and the ports are open. What am I missing?

raulfg3 · 15. Januar 2018

Zitat von Speedrunner

Hi there,

first of all, thank you for this wonderful plugin. Unfortunately, I can't get it to work for me. I am running Erasmus on a Debian Jessie install, which I only made, because I wanted a different partition layout. Otherwise I would have gone straight to the OpenMediaVault iso. Thus I installed Debian Jessie with SSH and then OpenMediaVault on top. Then I installed omv-extras and the letsencrypt plugin. Then I wanted to use letsencrypt, but can't get it to work.

Letsencryt is testing on OMV install (from official *.ISO), not in a debian install, with OMV on top of them, is not the same.

Speedrunner · 15. Januar 2018

Zitat von raulfg3

Letsencryt is testing on OMV install (from official *.ISO), not in a debian install, with OMV on top of them, is not the same.

The letsencrypt plugin is listed under stable:

http://omv-extras.org/joomla/index.php/omv-plugins-3

I installed omv-extras like described in the documentation and then installed the letsencrypt plugin from there. I was under the impression, that here isn't a big difference between installing Debian Jessie minimal and then installing omv on top and simply using the omv iso. So if I install from Debian Jessie, I can't use plugins?

Here is the output from the plugin:

Code

Command: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /usr/bin/certbot certonly --non-interactive --rsa-key-size 2048 --text --keep-until-expiring --agree-tos --allow-subset-of-names --cert-name locality.company.tld --email email@company.tld --webroot -w /var/www/openmediavault/ -d locality.company.tld 2>&1


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for locality.company.tld
Using the webroot path /var/www/openmediavault for all unmatched domains.
Waiting for verification...
Challenge failed for domain locality.company.tld
Cleaning up challenges
Challenges failed for all domains
Fertig...

Alles anzeigen

I checked the location /var/www/openmediavault/.well-known/ and the plugin creates a file there (and then deletes it after). I also put a file there and I can open it up from a remote webbrowser with the appropriate domain. I also fail to see anything interesting in the debug logs located at /var/log/letsencrypt/

I am at a loss here.

I almost forgot: I enabled the jessie-backports Debian repository in the web interface of openmediavault. Again: I didn't do anything in with Debian Jessie except use their installer and then immediately put omv on top. I was also locked out using this procedure, because the omv install creates a new sshd that only allows members of the group ssh to login remotely.

Speedrunner · 15. Januar 2018

Output from /var/log/letsencrypt/letsencrypt.log

Code: letsencrypt.og

2018-01-15 12:12:34,632:DEBUG:acme.client:Storing nonce: wa82WLbQaGXORJI_zQqov-NHcxa8iFNxyf1wF4vgmZs
2018-01-15 12:12:34,633:INFO:certbot.auth_handler:Performing the following challenges:
2018-01-15 12:12:34,633:INFO:certbot.auth_handler:http-01 challenge for locality.company.tld
2018-01-15 12:12:34,634:INFO:certbot.plugins.webroot:Using the webroot path /var/www/openmediavault for all unmatched domains.
2018-01-15 12:12:34,634:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/openmediavault/.well-known/acme-challenge
2018-01-15 12:12:34,643:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/openmediavault/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4
2018-01-15 12:12:34,644:INFO:certbot.auth_handler:Waiting for verification...
2018-01-15 12:12:34,644:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A", 
  "type": "http-01", 
  "resource": "challenge"
}
2018-01-15 12:12:34,653:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "wQz4rAkxLOsSpX1gBRgWnmUZpMHPhpnZnvfMJQiL0MBMfKOGINmMP-NyqnAzusL51GpIrJfj5q7aS4wGtqH7LWcIcuigAYeTm2PN5UvP2Z4t0ooCAXD6QIFKOrit6UB8a6oYPbIZP7sbjJyl8u_luOnLEZ8SlHJkrly9my864zWdBPELOTfhJhcwNsu6SkWFBi4IYuTXBlqEY-jztDaNIIlAk8IY8cK1jGmrJiS4bcS6tuIDAvBdxV6Xxw4eOhhLemV7-wwiRQdiiJiintapGvB7-WnaM46yClnQuVN_C3M0BxcU_R3VCEbVSlmVdDcum9JmPDkv48uGtT1V8A9NGQ"
    }
  }, 
  "protected": "eyJub25jZSI6ICJ3YTgyV0xiUWFHWE9SSklfelFxb3YtTkhjeGE4aUZOeHlmMXdGNHZnbVpzIn0", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlVaOElTODB2cGVJSndMZzhNSWl0VDZyZC1xdU9zTWgxUDdOdFlibF92eTQuXzFSRU4xUlpvQlpyUlBhVHRwV0h0Tkl2eVBnRm9KMTNjZ29aMU0yYWM1QSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", 
  "signature": "NoXG1Nw5RVEKNrbgSlPE2AlPs4pmMikUokngr8ZwjXhmuP_RlSWO62YzzYuTO2B2Umkzp0YwXFTGL4cAQdsQWdvFhCTxZRHsSxrLt0_pe2SE6f8K4VPIz49Fiy4Ciu2zmEdQVIwtKPVmAQzZ2J2cXNGOXW-5yXMTj6FZZw2v3jrih2ii_5yA5OJSfW021p6YtBcWz8g2NgRpPcPHbxw1J8gMFVoYlRLxR40H15log-4uwR6jRtJLxDnduF532wMwPQLEmjWQdgfg7rYWM0lmPr5VL1vkh3VUpb2dbNldX-Qu2xKLen1deyWopK5Xv98HnG4hmNNu2J-7BjvLw2nc6g"
}
2018-01-15 12:12:34,961:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588 HTTP/1.1" 202 336
2018-01-15 12:12:34,963:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 27632158
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588
Replay-Nonce: qTq613KNb9YmNGb2y_fDtiKVkgSPME5jIIvE_zFlfH4
Expires: Mon, 15 Jan 2018 12:12:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 Jan 2018 12:12:34 GMT
Connection: keep-alive


{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588",
  "token": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
  "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A"
}
2018-01-15 12:12:34,963:DEBUG:acme.client:Storing nonce: qTq613KNb9YmNGb2y_fDtiKVkgSPME5jIIvE_zFlfH4
2018-01-15 12:12:37,967:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8.
2018-01-15 12:12:38,212:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8 HTTP/1.1" 200 1737
2018-01-15 12:12:38,213:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1737
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: JYzN8BuSFTfQbMJKi2ZSLBrxCWKvF78Dsfp8nZaPLlg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 15 Jan 2018 12:12:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 Jan 2018 12:12:38 GMT
Connection: keep-alive


{
  "identifier": {
    "type": "dns",
    "value": "locality.company.tld"
  },
  "status": "invalid",
  "expires": "2018-01-22T12:12:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:unauthorized",
        "detail": "Invalid response from http://locality.company.tld/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4: \"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e300 Multiple Choices\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eMultiple C\"",
        "status": 403
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588",
      "token": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
      "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A",
      "validationRecord": [
        {
          "url": "http://locality.company.tld/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
          "hostname": "locality.company.tld",
          "port": "80",
          "addressesResolved": [
            "87.128.72.128",
            "2001:8d8:100f:f000::2d0"
          ],
          "addressUsed": "2001:8d8:100f:f000::2d0",
          "addressesTried": []
        }
      ]
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096589",
      "token": "tAIlg-Fqb7VtPRIVDrq5dXYcAZ44J-Tf6BXGesKFb94"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ]
  ]
}
2018-01-15 12:12:38,214:WARNING:certbot.auth_handler:Challenge failed for domain locality.company.tld
2018-01-15 12:12:38,214:INFO:certbot.auth_handler:Cleaning up challenges
2018-01-15 12:12:38,215:DEBUG:certbot.plugins.webroot:Removing /var/www/openmediavault/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4
2018-01-15 12:12:38,215:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/openmediavault/.well-known/acme-challenge
2018-01-15 12:12:38,217:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
    action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 88, in get_authorizations
    "Challenges failed for all domains")
AuthorizationError: Challenges failed for all domains

Alles anzeigen

krutojmax · 22. Januar 2018

I have problems to generate my certificate.

Code

Command: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /usr/bin/certbot certonly --non-interactive --rsa-key-size 2048 --text --keep-until-expiring --agree-tos --allow-subset-of-names --cert-name Max --email *** --webroot -w / -d ***.my.router.de 2>&1


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ***.my.router.de
Using the webroot path / for all unmatched domains.
Waiting for verification...
Challenge failed for domain ***.my.router.de
Cleaning up challenges
Challenges failed for all domains
Fertig...

Alles anzeigen

With the olde version I have no problems but with the new one i can't generate a cert.

What can I do / test?

ryecoaaron · 22. Januar 2018

Zitat von krutojmax

Using the webroot path / for all unmatched domains.

This is wrong. Did you add any domains and their correct web root (hint - webroot will not be / )?

riff-raff · 30. Januar 2018

I ran into an issue with letsencrypt (nginx, OMV3 latest) yesterday. It relates with my renewal problems I had earlier.

I created a cert with LE and use it with nginx for nextcloud. Cert is shown in Cert-Tab of OMV. It expired yesterday, so all my devices gave me a cert error. Automatic renewal did not work, manual renewal as well. Cert bot says that cert is not due to renewal.

I had to generate a self-singed cert, bind it to nginx, delete LE-cert in OMV and LE and create a new one.

There has to be a way to get this automated renewal working. I think I have a problem with my webroot setup.

Appreciate your help.

stratege1401 · 30. Januar 2018

There is actually a issue for some user located in Europe.

Check https://letsencrypt.status.io/pages/55957a99e800baa4470002da
Active Incident some user being served with a server error 503 (service unavailable) ...

This might prevent the renewal...

stratege1401 · 30. Januar 2018

Also, there is announcement here

https://community.letsencrypt.…i-validation-issues/50811

updating to certbot 0.21 is recommended. Does our plug-in use the latest cerbot

riff-raff · 30. Januar 2018

Well, I don't get an error page, log just says cert is not due.

bellamy · 30. Januar 2018

Hey. I also had issues with my certificate that expired today.
My CronJob from LetsEncrypt is gone, and as I read on another post, I should have something on /etc/cron.d/ but there is nothing there.
Running the renew manually from the GUI, would say it did not need to renew.
Solution was to delete /etc/letsencrypt/ and remove the certificate from WMV GUI and generate a new one. Now it's working.

stratege1401 · 30. Januar 2018

Letsencrypt think of a IX bridge from one of their Network providers with bad routing issue for the 503 error. This error might even don't show up in log. And of course might screw the renewal process.

ryecoaaron · 31. Januar 2018

Zitat von stratege1401

Does our plug-in use the latest cerbot

It uses whatever is in the Debian repos - 0.10.2 or 0.19.0 (Backports).

Zitat von bellamy

My CronJob from LetsEncrypt is gone, and as I read on another post, I should have something on /etc/cron.d/ but there is nothing there.

You need to have Schedule refresh on the Settings tab enabled for it to be created.

OMV 4.0.17 is also needed for the fix that allows the private key to be updated.

riff-raff · 31. Januar 2018

So 4.0.17 is needed for the refresh? How about the 'old' stable OMV3?

I have some doubt about updating my running version 3 with all plugins to version 4, since I can't reach my system physically right now.

ryecoaaron · 1. Februar 2018

Zitat von riff-raff

So 4.0.17 is needed for the refresh? How about the 'old' stable OMV3?

The change was made in core OMV and only to 4.x. I cannot make the change myself. It would be nice if someone else could make the pull request for the change to OMV 3.x.

bellamy · 1. Februar 2018

Zitat von ryecoaaron

It uses whatever is in the Debian repos - 0.10.2 or 0.19.0 (Backports).
You need to have Schedule refresh on the Settings tab enabled for it to be created.
OMV 4.0.17 is also needed for the fix that allows the private key to be updated.

Thanks. It was enabled. But disabling and enabling again created openmediavault-letsencrypt on /etc/cron-d/

Akiranai · 4. Februar 2018

I've got some issue that I can't figure out.

When I am trying to generate a certificate, I'm getting this error : Challenges failed for all domains

I open all my port, put OMV port back to 80, and I still get that error. I tried too by ssh with some different commands but nothing change.

Logs of Letsencrypt :

Code

HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1457
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: 4V_wuhkSd3IIWqEtprUQBLmzHX_qyX_2e_wIqNuFMuQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 04 Feb 2018 19:10:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Feb 2018 19:10:19 GMT
Connection: keep-alive


{
  "identifier": {
    "type": "dns",
    "value": "xxxx.me"
  },
  "status": "invalid",
  "expires": "2018-02-11T19:10:14Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Fetching http://xxxx/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0: Connection refused",
        "status": 400
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/cb72NliLLquEOMbG_f-TS0EUiQm_QkNflOWvB_xqG_E/3344888172",
      "token": "-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0",
      "keyAuthorization": "-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0.luBInpLGMM-vNrtGI_XB5HbTP21cWVxWGcWsgMcMrSg",
      "validationRecord": [
        {
          "url": "http://xxxxxx.me/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0",
          "hostname": "xxxxxxx.me",
          "port": "80",
          "addressesResolved": [
            "82.x.x.x",
            "192.64.119.177"
          ],
          "addressUsed": "82.x.x.x"
        }
      ]
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/cb72NliLLquEOMbG_f-TS0EUiQm_QkNflOWvB_xqG_E/3344888173",
      "token": "cbAov3Yqf9ipuwvKx6PtJWASmoLSSCBT5eRn6aa5EK8"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ]
  ]
}
2018-02-04 19:10:19,658:WARNING:certbot.auth_handler:Challenge failed for domain thesteinsgate.me
2018-02-04 19:10:19,658:INFO:certbot.auth_handler:Cleaning up challenges
2018-02-04 19:10:19,658:DEBUG:certbot.plugins.webroot:Removing /var/www/openmediavault/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0
2018-02-04 19:10:19,659:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/openmediavault/.well-known/acme-challenge
2018-02-04 19:10:19,694:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
    action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 88, in get_authorizations
    "Challenges failed for all domains")
AuthorizationError: Challenges failed for all domains

Alles anzeigen

if anyone know how to deal with that,

Thanks

newbie7800 · 15. Februar 2018

Hi there

I have OMV v.4 and the latest Letsencrypt plugin. When I generate a certificate in the plugin since moving to OMV v.4 it never shows up in my certificates tab of the GUI. Also, in the notes to the Letsencrypt plugin it says OMV configuration "should be applied" after set up but the "apply configuration" never appears after certificate generation or renewal. Any help would be appreciated.

Thanks

saitoh183 · 17. Februar 2018

With the latest plugin can we use --preferred-challenges dns in the extra option area?

I dont have access to port 80 and was forced to use zerossl to generate my new cert via dns valdation.

Jetzt mitmachen!