Problem with letsencrypt certificate

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Problem with letsencrypt certificate

      Hi all, through the letsencript plugin I had created the certificate to have an HTTPS connection to my NAS.
      The certificate has expired and I can no longer update it, should I have updated it before the deadline?
      How can I do now?
      It also gives me error messages when creating a new certificate.
      From Italy :) :)

      My NAS: CM Elite 110, Asus P8H77-I, Intel I5 2330, 4GB ram, 1x 4TB HD WDRed, 1x 1TB HD Seagate.
      With: Plex, Transmission, SMB, FTP, USBBackup
    • You need to revert to Http temporaly and delete old cert from NAS, once done you can generate a new cert to use it and revert to https, not know if other way is possible, but this must work because is simmilar to first time you generate the cert.
      OMV 3.0.96 x64 on a HP T510, 16GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
      Dockers: MLDonkey ; PiHole ;
      Videos: @TechnoDadLife
    • David B wrote:

      I am having a similar issue right now. I disabled forced HTTPS to renew the certificate, and I got a response that the certificate renewal was successful, but when I checked the certificate information in Chrome, it's still showing the certificate that is due to expire today.
      This happens on OMV 3 because the private cert is not updated on renewal. Try purging the plugin and reinstalling. OMV 4 shouldn't have this issue.
      omv 4.1.8.2 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.9
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • David B wrote:

      I assume I will have to regenerate the certificate once I reinstall it?
      yep.
      omv 4.1.8.2 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.9
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      David B wrote:

      I am having a similar issue right now. I disabled forced HTTPS to renew the certificate, and I got a response that the certificate renewal was successful, but when I checked the certificate information in Chrome, it's still showing the certificate that is due to expire today.
      This happens on OMV 3 because the private cert is not updated on renewal. Try purging the plugin and reinstalling. OMV 4 shouldn't have this issue.
      I think it's time to move to OMV 4.x then! Is it stable, right? :) :P :D :thumbsup: I

      Just to not be blocked again next time, the certificates must be updated before the deadline ??
      From Italy :) :)

      My NAS: CM Elite 110, Asus P8H77-I, Intel I5 2330, 4GB ram, 1x 4TB HD WDRed, 1x 1TB HD Seagate.
      With: Plex, Transmission, SMB, FTP, USBBackup
    • dexter2478 wrote:

      Is it stable, right?
      Depends on what plugins you use. Core OMV 4.x is stable in my opinion.

      dexter2478 wrote:

      the certificates must be updated before the deadline ?
      This should happen automatically with the cron job that the plugin creates.
      omv 4.1.8.2 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.9
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • dexter2478 wrote:

      Plex, Transmission, SMB, FTP, USBBackup, let's encrypt, docker....
      If you move plex and transmission to docker, you will be fine.
      omv 4.1.8.2 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.9
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • Unfortunately, today I have not been able to solve the problem. I've set everything up in HTTP, removed the letsencrypt plugin, but I can not delete the certificate that is on OMV's "SYSTEM -> CERTIFICATE" pages ... and I think that creates problems for me. If you have any solution to recommend ....

      Otherwise as soon as I have time, step directly to 4.x
      From Italy :) :)

      My NAS: CM Elite 110, Asus P8H77-I, Intel I5 2330, 4GB ram, 1x 4TB HD WDRed, 1x 1TB HD Seagate.
      With: Plex, Transmission, SMB, FTP, USBBackup
    • dexter2478 wrote:

      but I can not delete the certificate that is on OMV's "SYSTEM -> CERTIFICATE" page
      If it is in use, then you can't delete it.
      omv 4.1.8.2 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.9
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • Hello there, I'm getting the same issue. My certificate just expire and I can't make a new one (Challenges failed for all domains). And yes I tried what people said here.
      If anyone have a fix :)

      Thanks

      ps : Forgot logs :v

      Source Code

      1. Server: nginx
      2. Content-Type: application/json
      3. Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;
      4. Replay-Nonce: rNm0Xu3khwkBAizn8Im30_nWan32QNLRhXEu35EHQTw
      5. X-Frame-Options: DENY
      6. Strict-Transport-Security: max-age=604800
      7. Content-Length: 4137
      8. Expires: Sat, 07 Jul 2018 17:03:19 GMT
      9. Cache-Control: max-age=0, no-cache, no-store
      10. Pragma: no-cache
      11. Date: Sat, 07 Jul 2018 17:03:19 GMT
      12. Connection: keep-alive
      13. {
      14. "identifier": {
      15. "type": "dns",
      16. "value": "xxxxx.me"
      17. },
      18. "status": "invalid",
      19. "expires": "2018-07-14T17:03:16Z",
      20. "challenges": [
      21. {
      22. "type": "http-01",
      23. "status": "invalid",
      24. "error": {
      25. "type": "urn:acme:error:connection",
      26. "detail": "Fetching http://xxxx.me: Error getting validation data",
      27. "status": 400
      28. (...)
      29. "type": "dns-01",
      30. "status": "invalid",
      31. "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/t_4_G7NEojW3oz9ZrsDNO4iqaW582BVauuKNUExBu_c/5521325074"
      32. "token": "oJIUf4mUseXqPBuFd3ANCKc9ft_Uk80-gfYXnxnGS4g"
      33. }
      34. ],
      35. "combinations": [
      36. [
      37. 1
      38. ],
      39. [
      40. 0
      41. ]
      42. ]
      43. }
      44. 2018-07-07 19:03:47,516:WARNING:certbot.auth_handler:Challenge failed for domain xxxxx.me
      45. 2018-07-07 19:03:47,516:DEBUG:certbot.error_handler:Calling registered functions
      46. 2018-07-07 19:03:47,517:INFO:certbot.auth_handler:Cleaning up challenges
      47. 2018-07-07 19:03:47,517:DEBUG:certbot.plugins.webroot:Removing /var/www/openmediavault/.well-known/acme-challenge/m1xTuwR
      48. 2018-07-07 19:03:47,517:DEBUG:certbot.plugins.webroot:All challenges cleaned up
      49. 2018-07-07 19:03:47,517:DEBUG:certbot.log:Exiting abnormally:
      50. Traceback (most recent call last):
      51. File "/usr/bin/certbot", line 11, in <module>
      52. load_entry_point('certbot==0.25.0', 'console_scripts', 'certbot')()
      53. File "/usr/lib/python3/dist-packages/certbot/main.py", line 1323, in main
      54. return config.func(config, plugins)
      55. File "/usr/lib/python3/dist-packages/certbot/main.py", line 1213, in certonly
      56. lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
      57. File "/usr/lib/python3/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
      58. lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      59. File "/usr/lib/python3/dist-packages/certbot/client.py", line 383, in obtain_and_enroll_certificate
      60. cert, chain, key, _ = self.obtain_certificate(domains)
      61. File "/usr/lib/python3/dist-packages/certbot/client.py", line 326, in obtain_certificate
      62. orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
      63. File "/usr/lib/python3/dist-packages/certbot/client.py", line 362, in _get_order_and_authorizations
      64. authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
      65. File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 93, in handle_authorizations
      66. "Challenges failed for all domains")
      67. certbot.errors.AuthorizationError: Challenges failed for all domains
      Display All

      The post was edited 1 time, last by Akiranai: adding logs ().