openmediavault-letsencrypt

    • OMV 3.x (stable)
    • ill back, i have my first certificate, but only for the side in my ngnix-plugin with my cloud program by the way i don't know how i can makes certifikate for subdomain with proxy_pass-
      BUT i cant use the certificate.
      The error is:

      Source Code

      1. Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-e814a850-7e12-4d0c-8cd5-b03857808755.key") failed

      Source Code

      1. Fehler #0:
      2. OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-e814a850-7e12-4d0c-8cd5-b03857808755.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
      3. nginx: configuration file /etc/nginx/nginx.conf test failed in /usr/share/php/openmediavault/system/process.inc:175
      4. Stack trace:
      5. #0 /usr/share/openmediavault/engined/module/webserver.inc(40): OMV\System\Process->execute()
      6. #1 /usr/share/openmediavault/engined/rpc/config.inc(168): OMVModuleNginxAbstract->applyConfig()
      7. #2 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
      8. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
      9. #4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(150): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
      10. #5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatuskZ...', '/tmp/bgoutputR9...')
      11. #6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(151): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
      12. #7 /usr/share/openmediavault/engined/rpc/config.inc(213): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
      13. #8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
      14. #9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
      15. #10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
      16. #11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
      17. #12 {main}
      Display All
      omv 4.0.15 | 64 bit | omvextrasorg 4.1.2 | kernel 4.13
      used plugins: nginx | mysql | docker-gui | flashmemory |rsnapshot | antivirus | apt tool | letsEncrypt |
      used other: netxtcloud | logitechmediaserver | emby

      The post was edited 2 times, last by happyreacer: EDIT: i make the certificate again and i can use it, ().

    • Hi there,

      first of all, thank you for this wonderful plugin. Unfortunately, I can't get it to work for me. I am running Erasmus on a Debian Jessie install, which I only made, because I wanted a different partition layout. Otherwise I would have gone straight to the OpenMediaVault iso. Thus I installed Debian Jessie with SSH and then OpenMediaVault on top. Then I installed omv-extras and the letsencrypt plugin. Then I wanted to use letsencrypt, but can't get it to work.

      I have a static IPv4 from Deutsche Telekom. I set up a DNS entry like so: locality.company.tld
      The OpenMediaVault box has it's own name, but knows about the domain, so it calls itself omvbox.locality.company.tld
      But because I only have one IPv4, when I login from remote, I need to use locality.company.tld. I use that for ssh and can connect to the box with a self signed ssl cert or over port 80.

      For the time being, I forward port 80 and port 443 directly from the router to the openmediavault box. Currently I can access them from outside using a web browser.

      I wanted to secure them with letsencrypt, to get rid of the error message.

      First of all I found it strange that I had to search around to find out which root directory to fill in: "/var/www/openmediavault/" Why wasn't this in the official documentation? Most people will want to secure access to the web admin first. Then I used the domain locality.company.tld, because that is the domain where the box will be at from the outside.

      But when I try to attain a cert from letsencrypt, the challenge fails, even though the domain is correct, path is correct and the ports are open. What am I missing?
    • Speedrunner wrote:

      Hi there,

      first of all, thank you for this wonderful plugin. Unfortunately, I can't get it to work for me. I am running Erasmus on a Debian Jessie install, which I only made, because I wanted a different partition layout. Otherwise I would have gone straight to the OpenMediaVault iso. Thus I installed Debian Jessie with SSH and then OpenMediaVault on top. Then I installed omv-extras and the letsencrypt plugin. Then I wanted to use letsencrypt, but can't get it to work.
      Letsencryt is testing on OMV install (from official *.ISO), not in a debian install, with OMV on top of them, is not the same.
      OMV 3.0.96 x64 on a HP T510, 8GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
      Dockers: MLDonkey ; PiHole ;
    • raulfg3 wrote:

      Speedrunner wrote:

      Hi there,

      first of all, thank you for this wonderful plugin. Unfortunately, I can't get it to work for me. I am running Erasmus on a Debian Jessie install, which I only made, because I wanted a different partition layout. Otherwise I would have gone straight to the OpenMediaVault iso. Thus I installed Debian Jessie with SSH and then OpenMediaVault on top. Then I installed omv-extras and the letsencrypt plugin. Then I wanted to use letsencrypt, but can't get it to work.
      Letsencryt is testing on OMV install (from official *.ISO), not in a debian install, with OMV on top of them, is not the same.
      The letsencrypt plugin is listed under stable:

      omv-extras.org/joomla/index.php/omv-plugins-3

      I installed omv-extras like described in the documentation and then installed the letsencrypt plugin from there. I was under the impression, that here isn't a big difference between installing Debian Jessie minimal and then installing omv on top and simply using the omv iso. So if I install from Debian Jessie, I can't use plugins?

      Here is the output from the plugin:

      Source Code

      1. Command: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /usr/bin/certbot certonly --non-interactive --rsa-key-size 2048 --text --keep-until-expiring --agree-tos --allow-subset-of-names --cert-name locality.company.tld --email email@company.tld --webroot -w /var/www/openmediavault/ -d locality.company.tld 2>&1
      2. Saving debug log to /var/log/letsencrypt/letsencrypt.log
      3. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      4. Obtaining a new certificate
      5. Performing the following challenges:
      6. http-01 challenge for locality.company.tld
      7. Using the webroot path /var/www/openmediavault for all unmatched domains.
      8. Waiting for verification...
      9. Challenge failed for domain locality.company.tld
      10. Cleaning up challenges
      11. Challenges failed for all domains
      12. Fertig...
      Display All

      I checked the location /var/www/openmediavault/.well-known/ and the plugin creates a file there (and then deletes it after). I also put a file there and I can open it up from a remote webbrowser with the appropriate domain. I also fail to see anything interesting in the debug logs located at /var/log/letsencrypt/

      I am at a loss here.

      I almost forgot: I enabled the jessie-backports Debian repository in the web interface of openmediavault. Again: I didn't do anything in with Debian Jessie except use their installer and then immediately put omv on top. I was also locked out using this procedure, because the omv install creates a new sshd that only allows members of the group ssh to login remotely.

      The post was edited 2 times, last by Speedrunner ().

    • Output from /var/log/letsencrypt/letsencrypt.log

      Source Code: letsencrypt.og

      1. 2018-01-15 12:12:34,632:DEBUG:acme.client:Storing nonce: wa82WLbQaGXORJI_zQqov-NHcxa8iFNxyf1wF4vgmZs
      2. 2018-01-15 12:12:34,633:INFO:certbot.auth_handler:Performing the following challenges:
      3. 2018-01-15 12:12:34,633:INFO:certbot.auth_handler:http-01 challenge for locality.company.tld
      4. 2018-01-15 12:12:34,634:INFO:certbot.plugins.webroot:Using the webroot path /var/www/openmediavault for all unmatched domains.
      5. 2018-01-15 12:12:34,634:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/openmediavault/.well-known/acme-challenge
      6. 2018-01-15 12:12:34,643:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/openmediavault/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4
      7. 2018-01-15 12:12:34,644:INFO:certbot.auth_handler:Waiting for verification...
      8. 2018-01-15 12:12:34,644:DEBUG:acme.client:JWS payload:
      9. {
      10. "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A",
      11. "type": "http-01",
      12. "resource": "challenge"
      13. }
      14. 2018-01-15 12:12:34,653:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588:
      15. {
      16. "header": {
      17. "alg": "RS256",
      18. "jwk": {
      19. "e": "AQAB",
      20. "kty": "RSA",
      21. "n": "wQz4rAkxLOsSpX1gBRgWnmUZpMHPhpnZnvfMJQiL0MBMfKOGINmMP-NyqnAzusL51GpIrJfj5q7aS4wGtqH7LWcIcuigAYeTm2PN5UvP2Z4t0ooCAXD6QIFKOrit6UB8a6oYPbIZP7sbjJyl8u_luOnLEZ8SlHJkrly9my864zWdBPELOTfhJhcwNsu6SkWFBi4IYuTXBlqEY-jztDaNIIlAk8IY8cK1jGmrJiS4bcS6tuIDAvBdxV6Xxw4eOhhLemV7-wwiRQdiiJiintapGvB7-WnaM46yClnQuVN_C3M0BxcU_R3VCEbVSlmVdDcum9JmPDkv48uGtT1V8A9NGQ"
      22. }
      23. },
      24. "protected": "eyJub25jZSI6ICJ3YTgyV0xiUWFHWE9SSklfelFxb3YtTkhjeGE4aUZOeHlmMXdGNHZnbVpzIn0",
      25. "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlVaOElTODB2cGVJSndMZzhNSWl0VDZyZC1xdU9zTWgxUDdOdFlibF92eTQuXzFSRU4xUlpvQlpyUlBhVHRwV0h0Tkl2eVBnRm9KMTNjZ29aMU0yYWM1QSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
      26. "signature": "NoXG1Nw5RVEKNrbgSlPE2AlPs4pmMikUokngr8ZwjXhmuP_RlSWO62YzzYuTO2B2Umkzp0YwXFTGL4cAQdsQWdvFhCTxZRHsSxrLt0_pe2SE6f8K4VPIz49Fiy4Ciu2zmEdQVIwtKPVmAQzZ2J2cXNGOXW-5yXMTj6FZZw2v3jrih2ii_5yA5OJSfW021p6YtBcWz8g2NgRpPcPHbxw1J8gMFVoYlRLxR40H15log-4uwR6jRtJLxDnduF532wMwPQLEmjWQdgfg7rYWM0lmPr5VL1vkh3VUpb2dbNldX-Qu2xKLen1deyWopK5Xv98HnG4hmNNu2J-7BjvLw2nc6g"
      27. }
      28. 2018-01-15 12:12:34,961:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588 HTTP/1.1" 202 336
      29. 2018-01-15 12:12:34,963:DEBUG:acme.client:Received response:
      30. HTTP 202
      31. Server: nginx
      32. Content-Type: application/json
      33. Content-Length: 336
      34. Boulder-Requester: 27632158
      35. Link: <https://acme-v01.api.letsencrypt.org/acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8>;rel="up"
      36. Location: https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588
      37. Replay-Nonce: qTq613KNb9YmNGb2y_fDtiKVkgSPME5jIIvE_zFlfH4
      38. Expires: Mon, 15 Jan 2018 12:12:34 GMT
      39. Cache-Control: max-age=0, no-cache, no-store
      40. Pragma: no-cache
      41. Date: Mon, 15 Jan 2018 12:12:34 GMT
      42. Connection: keep-alive
      43. {
      44. "type": "http-01",
      45. "status": "pending",
      46. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588",
      47. "token": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
      48. "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A"
      49. }
      50. 2018-01-15 12:12:34,963:DEBUG:acme.client:Storing nonce: qTq613KNb9YmNGb2y_fDtiKVkgSPME5jIIvE_zFlfH4
      51. 2018-01-15 12:12:37,967:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8.
      52. 2018-01-15 12:12:38,212:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8 HTTP/1.1" 200 1737
      53. 2018-01-15 12:12:38,213:DEBUG:acme.client:Received response:
      54. HTTP 200
      55. Server: nginx
      56. Content-Type: application/json
      57. Content-Length: 1737
      58. Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
      59. Replay-Nonce: JYzN8BuSFTfQbMJKi2ZSLBrxCWKvF78Dsfp8nZaPLlg
      60. X-Frame-Options: DENY
      61. Strict-Transport-Security: max-age=604800
      62. Expires: Mon, 15 Jan 2018 12:12:38 GMT
      63. Cache-Control: max-age=0, no-cache, no-store
      64. Pragma: no-cache
      65. Date: Mon, 15 Jan 2018 12:12:38 GMT
      66. Connection: keep-alive
      67. {
      68. "identifier": {
      69. "type": "dns",
      70. "value": "locality.company.tld"
      71. },
      72. "status": "invalid",
      73. "expires": "2018-01-22T12:12:34Z",
      74. "challenges": [
      75. {
      76. "type": "http-01",
      77. "status": "invalid",
      78. "error": {
      79. "type": "urn:acme:error:unauthorized",
      80. "detail": "Invalid response from http://locality.company.tld/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4: \"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e300 Multiple Choices\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eMultiple C\"",
      81. "status": 403
      82. },
      83. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096588",
      84. "token": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
      85. "keyAuthorization": "UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4._1REN1RZoBZrRPaTtpWHtNIvyPgFoJ13cgoZ1M2ac5A",
      86. "validationRecord": [
      87. {
      88. "url": "http://locality.company.tld/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4",
      89. "hostname": "locality.company.tld",
      90. "port": "80",
      91. "addressesResolved": [
      92. "87.128.72.128",
      93. "2001:8d8:100f:f000::2d0"
      94. ],
      95. "addressUsed": "2001:8d8:100f:f000::2d0",
      96. "addressesTried": []
      97. }
      98. ]
      99. },
      100. {
      101. "type": "dns-01",
      102. "status": "pending",
      103. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/j8OSiXV1DPxMlaIwRtgu12Cb0XSnN2wzoCRCU022Ep8/3103096589",
      104. "token": "tAIlg-Fqb7VtPRIVDrq5dXYcAZ44J-Tf6BXGesKFb94"
      105. }
      106. ],
      107. "combinations": [
      108. [
      109. 1
      110. ],
      111. [
      112. 0
      113. ]
      114. ]
      115. }
      116. 2018-01-15 12:12:38,214:WARNING:certbot.auth_handler:Challenge failed for domain locality.company.tld
      117. 2018-01-15 12:12:38,214:INFO:certbot.auth_handler:Cleaning up challenges
      118. 2018-01-15 12:12:38,215:DEBUG:certbot.plugins.webroot:Removing /var/www/openmediavault/.well-known/acme-challenge/UZ8IS80vpeIJwLg8MIitT6rd-quOsMh1P7NtYbl_vy4
      119. 2018-01-15 12:12:38,215:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/openmediavault/.well-known/acme-challenge
      120. 2018-01-15 12:12:38,217:DEBUG:certbot.main:Exiting abnormally:
      121. Traceback (most recent call last):
      122. File "/usr/bin/certbot", line 11, in <module>
      123. load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
      124. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
      125. return config.func(config, plugins)
      126. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
      127. action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
      128. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
      129. lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      130. File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
      131. certr, chain, key, _ = self.obtain_certificate(domains)
      132. File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
      133. self.config.allow_subset_of_names)
      134. File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 88, in get_authorizations
      135. "Challenges failed for all domains")
      136. AuthorizationError: Challenges failed for all domains
      Display All
    • I have problems to generate my certificate.


      Source Code

      1. Command: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /usr/bin/certbot certonly --non-interactive --rsa-key-size 2048 --text --keep-until-expiring --agree-tos --allow-subset-of-names --cert-name Max --email *** --webroot -w / -d ***.my.router.de 2>&1
      2. Saving debug log to /var/log/letsencrypt/letsencrypt.log
      3. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
      4. Obtaining a new certificate
      5. Performing the following challenges:
      6. http-01 challenge for ***.my.router.de
      7. Using the webroot path / for all unmatched domains.
      8. Waiting for verification...
      9. Challenge failed for domain ***.my.router.de
      10. Cleaning up challenges
      11. Challenges failed for all domains
      12. Fertig...
      Display All
      With the olde version I have no problems but with the new one i can't generate a cert.

      What can I do / test? :)
    • krutojmax wrote:

      Using the webroot path / for all unmatched domains.
      This is wrong. Did you add any domains and their correct web root (hint - webroot will not be / )?
      omv 4.0.19 arrakis | 64 bit | 4.14 backports kernel | omvextrasorg 4.1.2
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • I ran into an issue with letsencrypt (nginx, OMV3 latest) yesterday. It relates with my renewal problems I had earlier.

      I created a cert with LE and use it with nginx for nextcloud. Cert is shown in Cert-Tab of OMV. It expired yesterday, so all my devices gave me a cert error. Automatic renewal did not work, manual renewal as well. Cert bot says that cert is not due to renewal.

      I had to generate a self-singed cert, bind it to nginx, delete LE-cert in OMV and LE and create a new one.

      There has to be a way to get this automated renewal working. I think I have a problem with my webroot setup.

      Appreciate your help.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett

      The post was edited 1 time, last by riff-raff ().

    • There is actually a issue for some user located in Europe.

      Check letsencrypt.status.io/pages/55957a99e800baa4470002da
      Active Incident some user being served with a server error 503 (service unavailable) ...

      This might prevent the renewal...
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • Also, there is announcement here

      community.letsencrypt.org/t/im…i-validation-issues/50811

      updating to certbot 0.21 is recommended
      . Does our plug-in use the latest cerbot
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • Hey. I also had issues with my certificate that expired today.
      My CronJob from LetsEncrypt is gone, and as I read on another post, I should have something on /etc/cron.d/ but there is nothing there.
      Running the renew manually from the GUI, would say it did not need to renew.
      Solution was to delete /etc/letsencrypt/ and remove the certificate from WMV GUI and generate a new one. Now it's working.
    • Letsencrypt think of a IX bridge from one of their Network providers with bad routing issue for the 503 error. This error might even don't show up in log. And of course might screw the renewal process.
      ---------------------------------------------------------------------------------------------------------------------
      French, so forgive my english
      Personal Rig: valid.x86.fr/v72uek as a test bench with Oracle VM.
      And YES, my avatar is real, i am flying "parapentes" in St Hilaire du Touvet and at la coupe icare.
    • stratege1401 wrote:

      Does our plug-in use the latest cerbot
      It uses whatever is in the Debian repos - 0.10.2 or 0.19.0 (Backports).

      bellamy wrote:

      My CronJob from LetsEncrypt is gone, and as I read on another post, I should have something on /etc/cron.d/ but there is nothing there.
      You need to have Schedule refresh on the Settings tab enabled for it to be created.

      OMV 4.0.17 is also needed for the fix that allows the private key to be updated.
      omv 4.0.19 arrakis | 64 bit | 4.14 backports kernel | omvextrasorg 4.1.2
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • So 4.0.17 is needed for the refresh? How about the 'old' stable OMV3?

      I have some doubt about updating my running version 3 with all plugins to version 4, since I can't reach my system physically right now.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett
    • riff-raff wrote:

      So 4.0.17 is needed for the refresh? How about the 'old' stable OMV3?
      The change was made in core OMV and only to 4.x. I cannot make the change myself. It would be nice if someone else could make the pull request for the change to OMV 3.x.
      omv 4.0.19 arrakis | 64 bit | 4.14 backports kernel | omvextrasorg 4.1.2
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      stratege1401 wrote:

      Does our plug-in use the latest cerbot
      It uses whatever is in the Debian repos - 0.10.2 or 0.19.0 (Backports).

      bellamy wrote:

      My CronJob from LetsEncrypt is gone, and as I read on another post, I should have something on /etc/cron.d/ but there is nothing there.
      You need to have Schedule refresh on the Settings tab enabled for it to be created.
      OMV 4.0.17 is also needed for the fix that allows the private key to be updated.
      Thanks. It was enabled. But disabling and enabling again created openmediavault-letsencrypt on /etc/cron-d/ :thumbsup:
    • I've got some issue that I can't figure out.

      When I am trying to generate a certificate, I'm getting this error : Challenges failed for all domains

      I open all my port, put OMV port back to 80, and I still get that error. I tried too by ssh with some different commands but nothing change.

      Logs of Letsencrypt :

      Source Code

      1. HTTP 200
      2. Server: nginx
      3. Content-Type: application/json
      4. Content-Length: 1457
      5. Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
      6. Replay-Nonce: 4V_wuhkSd3IIWqEtprUQBLmzHX_qyX_2e_wIqNuFMuQ
      7. X-Frame-Options: DENY
      8. Strict-Transport-Security: max-age=604800
      9. Expires: Sun, 04 Feb 2018 19:10:19 GMT
      10. Cache-Control: max-age=0, no-cache, no-store
      11. Pragma: no-cache
      12. Date: Sun, 04 Feb 2018 19:10:19 GMT
      13. Connection: keep-alive
      14. {
      15. "identifier": {
      16. "type": "dns",
      17. "value": "xxxx.me"
      18. },
      19. "status": "invalid",
      20. "expires": "2018-02-11T19:10:14Z",
      21. "challenges": [
      22. {
      23. "type": "http-01",
      24. "status": "invalid",
      25. "error": {
      26. "type": "urn:acme:error:connection",
      27. "detail": "Fetching http://xxxx/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0: Connection refused",
      28. "status": 400
      29. },
      30. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/cb72NliLLquEOMbG_f-TS0EUiQm_QkNflOWvB_xqG_E/3344888172",
      31. "token": "-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0",
      32. "keyAuthorization": "-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0.luBInpLGMM-vNrtGI_XB5HbTP21cWVxWGcWsgMcMrSg",
      33. "validationRecord": [
      34. {
      35. "url": "http://xxxxxx.me/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0",
      36. "hostname": "xxxxxxx.me",
      37. "port": "80",
      38. "addressesResolved": [
      39. "82.x.x.x",
      40. "192.64.119.177"
      41. ],
      42. "addressUsed": "82.x.x.x"
      43. }
      44. ]
      45. },
      46. {
      47. "type": "dns-01",
      48. "status": "pending",
      49. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/cb72NliLLquEOMbG_f-TS0EUiQm_QkNflOWvB_xqG_E/3344888173",
      50. "token": "cbAov3Yqf9ipuwvKx6PtJWASmoLSSCBT5eRn6aa5EK8"
      51. }
      52. ],
      53. "combinations": [
      54. [
      55. 1
      56. ],
      57. [
      58. 0
      59. ]
      60. ]
      61. }
      62. 2018-02-04 19:10:19,658:WARNING:certbot.auth_handler:Challenge failed for domain thesteinsgate.me
      63. 2018-02-04 19:10:19,658:INFO:certbot.auth_handler:Cleaning up challenges
      64. 2018-02-04 19:10:19,658:DEBUG:certbot.plugins.webroot:Removing /var/www/openmediavault/.well-known/acme-challenge/-hYmOfp4AjCn5wRs3n5BCbxWVvgtKxhpaD5RHDfqip0
      65. 2018-02-04 19:10:19,659:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/openmediavault/.well-known/acme-challenge
      66. 2018-02-04 19:10:19,694:DEBUG:certbot.main:Exiting abnormally:
      67. Traceback (most recent call last):
      68. File "/usr/bin/certbot", line 11, in <module>
      69. load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
      70. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
      71. return config.func(config, plugins)
      72. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
      73. action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
      74. File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
      75. lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      76. File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
      77. certr, chain, key, _ = self.obtain_certificate(domains)
      78. File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
      79. self.config.allow_subset_of_names)
      80. File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 88, in get_authorizations
      81. "Challenges failed for all domains")
      82. AuthorizationError: Challenges failed for all domains
      Display All
      if anyone know how to deal with that,

      Thanks
    • New

      Hi there

      I have OMV v.4 and the latest Letsencrypt plugin. When I generate a certificate in the plugin since moving to OMV v.4 it never shows up in my certificates tab of the GUI. Also, in the notes to the Letsencrypt plugin it says OMV configuration "should be applied" after set up but the "apply configuration" never appears after certificate generation or renewal. Any help would be appreciated.

      Thanks