How to migrate letsencrypt from former ubuntu installation?

  • Hey guys, I was running ubuntu server 16.04 and had letsencrypt bot running. This means I have my key and other config already in place. How would I migrate these config files to OMV to be able to use the letsencrypt plugin?


    Thanks a lot 8)

    cpu Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
    omv 6.9.13-1 (Shaitan)

    kernel 6.1.0-0.deb11.11-amd64

    • Offizieller Beitrag

    You have to fill out the settings in the plugin no matter what. So, why not just generate a new cert? Then it will be in the web interface as well.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I agree with ryecoaaron, just generate a new one with the web gui and it will renew automatically. You don't need a bot, it's built into the LetsEncrypt plugin already. Just turn on the "Schedule Refresh" option, one click.

    OMV 3.0.90 (Erasmus) IBM/Lenovo ThinkServer TS140 - Intel® Xeon® Processor E3-1225 v3
    8M Cache, 3.20 GHz (Quad Core). 32GB PNY Dual Channel 1600MHz DDR3 Memory. PNY CS1311 120GB SSD on OWC Accelsior S PCIe to SSD. 2, 4 Terrabyte Western Digital Reds 2, 8 Terrabyte Western Digital Reds. Intel Gigabyte LAN.

  • I thought that I need my old key to optain new certs. In this case I will generate a new one an revoke my old certs.


    thank you both!

    cpu Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
    omv 6.9.13-1 (Shaitan)

    kernel 6.1.0-0.deb11.11-amd64

  • My latest insights: I guess the letsencrypt plugin does not replace the cert files in all cases. I will try to explain in a few more words.


    At the beginning, I had copied my old (ubutu) /etc/letsencrypt folder to omv. Then I fired renew in letsencrypt plugin. As the webroot was not ready, renew did not work. But my cert appeared in omv cert manager. I could use it from there on! As I had trouble doing the generate or renew, I have deleted my old files in /etc/letsencrypt and started from scratch (advice from this thread). And it worked.
    But after I have configured my ssl websites in nginx to use the new cert (the one generated from scratch) I got "error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch" when applying settings. Searching the internet turned out that the key does not match the cert. How is this possible? The cert was newly created. I had to do something. Then I studied the source code from letsencrypt plugin a bit (https://github.com/OpenMediaVa…gined/rpc/letsencrypt.inc). I renamed the key and cert file in /etc/ssl and copied the ones from /etc/letsencrypt. It worked.



    So my question in assumption that deleting data in /etc/letsencrypt has no direct dependency to omv certs:


    Why do you think it is possible that the key and cert was not updated accordingly by the letsencrypt plugin?


    Many thanks in advance!

    cpu Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
    omv 6.9.13-1 (Shaitan)

    kernel 6.1.0-0.deb11.11-amd64

  • I came to the conclusion that the key is not updated accordingly. After a warm host restart nginx does not come up anymore:

    cpu Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
    omv 6.9.13-1 (Shaitan)

    kernel 6.1.0-0.deb11.11-amd64

    • Offizieller Beitrag

    Why do you think it is possible that the key and cert was not updated accordingly by the letsencrypt plugin?

    The plugin doesn't state that it can update a cert manually copied in. You would need to copy the letsencrypt dir structure in, create the name in the settings tab the same as the subfolder created in letsencrypt folder, import the cert into OMV's ssl tab, and then manually put the uuid of that created cert in the uuid element of the letsencrypt section of the plugin's section in /etc/openmediavault/config.xml. So, I ask again, why not create a new cert?

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Well, I did generate a new one:

    [...] As I had trouble doing the generate or renew, I have deleted my old files in /etc/letsencrypt and started from scratch (advice from this thread). And it worked. [...]

    I deleted files in /etc/letsencrypt. Maybe I have to delete my LE cert in omv webui as well. But somehow I can not delete it, even I tried to remove all references.


    Hint: when generating certs with letsencrypt, the valid date of the cert in omv is updated. This means at least something has changed. I dont know what this means to the issue I just mentioned above with the key file not being replaced when updating certs with LE.

    cpu Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz
    omv 6.9.13-1 (Shaitan)

    kernel 6.1.0-0.deb11.11-amd64

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!