letsencrypt renewal geht nicht

    • OMV 3.x
    • Resolved
    • letsencryp renewal geht nicht

      Hallo zusammen,

      mir ist mittlerweile (unbemerkt) mein letsencrypt-Zertifikat abgelaufen, das ich über das Plugin erstellt habe.
      Wenn ich über "Geplante Aufgaben" (cron-jobs) ein manuelles Update machen will, dann gibt er mir folgenden Fehler aus

      Source Code

      1. Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; export SHELL=/bin/sh; sudo --shell --non-interactive --user=root -- omv-letsencrypt 2>&1' with exit code '127': /bin/sh: 1: omv-letsencrypt: not found


      Wenn ich auf "Details" klicke kommen folgende Zusatz-Infos

      Source Code

      1. Fehler #0:
      2. exception 'OMV\ExecException' with message 'Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; export SHELL=/bin/sh; sudo --shell --non-interactive --user=root -- omv-letsencrypt 2>&1' with exit code '127': /bin/sh: 1: omv-letsencrypt: not found' in /usr/share/openmediavault/engined/rpc/cron.inc:175
      3. Stack trace:
      4. #0 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMVRpcServiceCron->{closure}('/tmp/bgstatusGk...', '/tmp/bgoutputet...')
      5. #1 /usr/share/openmediavault/engined/rpc/cron.inc(179): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
      6. #2 [internal function]: OMVRpcServiceCron->execute(Array, Array)
      7. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
      8. #4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('execute', Array, Array)
      9. #5 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Cron', 'execute', Array, Array, 1)
      10. #6 {main}

      Ich kann leider sehr wenig damit anfangen, außer, dass ich lese, dass der Befehl 'omv-letsencryp' nicht gekannt wird.
      Per shell bin ich auch nicht wirklich weiter gekommen.

      certbot certificates liefert mir folgenden output

      Brainfuck Source Code

      1. certbot certificates
      2. Saving debug log to /var/log/letsencrypt/letsencrypt.log
      3. -------------------------------------------------------------------------------
      4. Found the following certs:
      5. Certificate Name: omv
      6. Domains: xxx.xxx.xx
      7. Expiry Date: 2018-03-09 17:34:56+00:00 (VALID: 73 days)
      8. Certificate Path: /etc/letsencrypt/live/omv/fullchain.pem
      9. Private Key Path: /etc/letsencrypt/live/omv/privkey.pem
      10. -------------------------------------------------------------------------------
      Im OMV-Dashboard wird mir jedoch folgendes angezeigt.
      Gültig bis 24.12.2017
      CN=meine Webadresse

      Wo ist der Fehler und wie behebe ich ihn?
      Danke und Gruß
      Manu
    • Anscheinend wird das Programm omv-letsencrypt welches im hintergrund dein Zertifikat erneuern soll nicht gefunden.

      Installier das Plugin neu, falls das nicht hilft, mache in Symlink von certbot

      ln -s $(which certbot) /usr/local/bin/omv-letsencrypt

      Die Funktion die hier aufgerufen wird scheint mit omv-letsencrypt eigentlich nur certbot aufzurufen (github.com/OpenMediaVault-Plug…gined/rpc/letsencrypt.inc)

      Gruss
    • pierewoehl wrote:

      Apparently the program omv-letsencrypt which in the background renew your certificate is not found.

      Reinstall the plugin, if that does not help, make a symlink of certbot

      ln -s $ (which certbot) / usr / local / bin / omv-letsencrypt

      Omv-letsencrypt actually only certbot
      Please don't make a symlink. omv-letsencrypt was removed because it was duplicate code. You can see the proper code here - github.com/OpenMediaVault-Plug…lt/mkconf/letsencrypt#L38

      That said, assuming you are using OMV 3.x+, a cron job (not shown in scheduled jobs) will be created by the plugin. The new plugin also was changed to accommodate multiple domains. Just regnerate a new cert.
      omv 4.1.6 arrakis | 64 bit | 4.16 backports kernel | omvextrasorg 4.1.7
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      pierewoehl wrote:

      Apparently the program omv-letsencrypt which in the background renew your certificate is not found.

      Reinstall the plugin, if that does not help, make a symlink of certbot

      ln -s $ (which certbot) / usr / local / bin / omv-letsencrypt

      Omv-letsencrypt actually only certbot
      Please don't make a symlink. omv-letsencrypt was removed because it was duplicate code. You can see the proper code here - github.com/OpenMediaVault-Plug…lt/mkconf/letsencrypt#L38
      That said, assuming you are using OMV 3.x+, a cron job (not shown in scheduled jobs) will be created by the plugin. The new plugin also was changed to accommodate multiple domains. Just regnerate a new cert.
      Thanks, got it solved.

      I had to uninstall letsencrypt, delete the certificate (make sure it is not used anywhere in OMV or it won't delete), reboot and reinstall letsencrypt. Generating a new certificate solved the problem.

      Thanks all for your help!
    • Okay, now it got worse.

      all my ssl is f#cked up. When I try and log in to my system trough the internet I get the error message that my certificate has expired.
      On my server the command certbot certificates gives me a valid certificate.

      Brainfuck Source Code

      1. -------------------------------------------------------------------------------
      2. Found the following certs:
      3. Certificate Name: OMV
      4. Domains: xxx.yyy.zz abc.def.gh
      5. Expiry Date: 2018-05-26 22:18:48+00:00 (VALID: 56 days)
      6. Certificate Path: /etc/letsencrypt/live/OMV/fullchain.pem
      7. Private Key Path: /etc/letsencrypt/live/OMV/privkey.pem

      When I try an dchange something on the Admin-Panel of OMV everything SSL related (like a renew, etc) gives me an error as follows:

      Source Code

      1. Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-7df41814-8987-4eed-8701-d3051d779431.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) nginx: configuration file /etc/nginx/nginx.conf test failed

      And if i click on details

      Source Code

      1. Error #0:
      2. exception 'OMV\ExecException' with message 'Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-7df41814-8987-4eed-8701-d3051d779431.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
      3. nginx: configuration file /etc/nginx/nginx.conf test failed' in /usr/share/php/openmediavault/system/process.inc:175
      4. Stack trace:
      5. #0 /usr/share/openmediavault/engined/module/webserver.inc(40): OMV\System\Process->execute()
      6. #1 /usr/share/openmediavault/engined/rpc/config.inc(168): OMVModuleNginxAbstract->applyConfig()
      7. #2 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
      8. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
      9. #4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(150): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
      10. #5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatusfq...', '/tmp/bgoutputVu...')
      11. #6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(151): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
      12. #7 /usr/share/openmediavault/engined/rpc/config.inc(213): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
      13. #8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
      14. #9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
      15. #10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
      16. #11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
      17. #12 {main}
      Display All
      Im stuck and out of ideas.

      Any suggestions what I could do?
    • This is a well known problem in OMV 3.x. When updating an existing cert, it only updates the public key. Deleting the cert in the cert tab of omv's web interface and purging the plugin is what you need to do.
      omv 4.1.6 arrakis | 64 bit | 4.16 backports kernel | omvextrasorg 4.1.7
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • Users Online 1

      1 Guest