Hi Agricola, I was going to do some other videos with Let's Encrypt, but I got distracted with other things. I tend to get distracted and go off on another topic. I will get back around to them. I have a list of over 50 different topics that people have asked me to cover. Sorry for the confusion.
Nextcloud, your personal cloud server, GNU nano blank page
-
-
@'TechnoDadLife
I am trying to do this guide Securely Login to Nextcloud Remotely on OpenmediavaultExterner Inhalt www.youtube.comInhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.I opened the port on my router but no matter what, when I do docker logs -f letsencrypt
I am getting this below. I am wondering if pihole is preventing to reach the server or how to configure letsencrypt without a Dynamic DNS server since my IP never change not static but almost since my provider is uverse?Code
Alles anzeigenFailed authorization procedure. leXXXXnt.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://leXXXXXXXX.duckdns.org/.well-known/acme-challenge/CqaUOJn496CV5b6sri0Q-5Yc3acXbmDojmeaVSqjppI: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: lefXXXXXXt.duckdns.org Type: connection Detail: Fetching http://lefXXXXXXXXt.duckdns.org/.well-known/acme-challenge/CqaUOJn496CV5b6sri0Q-5Yc3acXbmDojmeaVSqjppI: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
-
Take a picture of your Let's Encrypt container and show what variables you put in.
-
@TechnoDadLife, I'm not as far along on this one as Nefertiti is. I am still stuck at port forwarding. In your example you have "internal" and "external" ports where your forwarding info is placed. I'm on a Macintosh using Airport Extreme and my settings for port forwarding looks like what's below. I have found the mac address of my Odroid. In the settings below, does "public" and "private" correlate to "external" and "internal"? And then the 80/90 & 443/450 ports: which is LDP and which is TCP? Am I speaking Greek? Do I need to go out and get a "real" modem?
Which brings me to the question of of this "Tomato" router you mentioned in the video. Your mention was the first I'd ever heard of such a thing. Are they easier to work with or what? I know this is probably a whole new topic, so you can skip that. My son has a spare Asus router that I am going to try to set up in place of this Apple router, and see if I can make any headway. Thanks for the video. It really is good. I'm just a bit dense and sheltered (at 62) in an Apple world all my life.
-
Zitat von Agricola
Which brings me to the question of of this "Tomato" router you mentioned in the video. Your mention was the first I'd ever heard of such a thing. Are they easier to work with or what? I know this is probably a whole new topic, so you can skip that. My son has a spare Asus router that I am going to try to set up in place of this Apple router, and see if I can make any headway. Thanks for the video. It really is good. I'm just a bit dense and sheltered (at 62) in an Apple world all my life.
Tomato vs. DD-WRT This will show the basics of Tomato and DD_WRT. They are firmware to replace what is currently on your router. I don't know anything about apple products, so you'll have to ask someone else about that.
I found this article though. I have an Apple router. How do I set up port forwarding on this one?
-
Thank you muchly!
-
Take a picture of your Let's Encrypt container and show what variables you put in.
The strange thing when I go to modify letsencrypt container the port forwarding is empty although I keep putting in but it does not look to be saved.
Code
Alles anzeigenBrought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=America/Los_Angeles URL=duckdns.org SUBDOMAINS=lefouvolant EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=p..........@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d lefouvolant.duckdns.org E-mail address entered: philglic@gmail.com http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for lefouvolant.duckdns.org Waiting for verification... Cleaning up challenges IMPORTANT NOTES: Failed authorization procedure. lefouvolant.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://lefouvolant.duckdns.org/.well-known/acme-challenge/0YLatvyuNfcFNUZvtMCwRaP6W-BzNUVcefLTFpJLQy8: Connection refused - The following errors were reported by the server: Domain: lefouvolant.duckdns.org Type: connection Detail: Fetching http://lefouvolant.duckdns.org/.well-known/acme-challenge/0YLatvyuNfcFNUZvtMCwRaP6W-BzNUVcefLTFpJLQy8: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
-
Which brings me to the question of of this "Tomato" router you mentioned in the video. Your mention was the first I'd ever heard of such a thing. Are they easier to work with or what? I know this is probably a whole new topic, so you can skip that. My son has a spare Asus router that I am going to try to set up in place of this Apple router, and see if I can make any headway. Thanks for the video. It really is good. I'm just a bit dense and sheltered (at 62) in an Apple world all my life
I almost thought you said "Thank you mulchly". I guess I was reading your tag.
e strange thing when I go to modify letsencrypt container the port forwarding is empty although I keep putting in but it does not look to be saved.
Where are you trying to put the ports to forward?
-
I almost thought you said "Thank you mulchly". I guess I was reading your tag.
Where are you trying to put the ports to forward?
Like I said in the lets encrypt container but it is not holding it
-
I do not know exactly what I did since modify the container did not work I decided to to delete the letsencrypt container and recreate it and now Success
Now I am going to continue with this great guide.Code
Alles anzeigenroot@raspberrypi:~# docker logs -f letsencrypt [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=America/Los_Angeles URL=duckdns.org SUBDOMAINS=lefouvolant EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=p.......@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d lefouvolant.duckdns.org E-mail address entered: philglic@gmail.com http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for lefouvolant.duckdns.org Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/lefouvolant.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/lefouvolant.duckdns.org/privkey.pem Your cert will expire on 2019-01-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready
-
I almost thought you said "Thank you mulchly". I guess I was reading your tag.
That's funny.
Well, the article on Airport Extreme was a wash. Thanks for the effort though. I have just about decided-based on the total lack of pertinent internet info-that an Airport Extreme is not able to do what "we" want. I have ordered a Netgear R7000 which should be here tomorrow.
At the point in ssh where you enter "docker logs -f letsencrypt" you say in the video that this will take a while. I found it humorous that the print out down a bit says "This is going to take a long time". Just in front of that is the information "Generating DH parameters, 2048 bit long safe prime," which was nothing to me. My computer programmer son-in-law just happened to come by and see the text on the screen and "explained" what that meant. The process taking sooo long is that it is generating a "long safe prime" number that is 2048 bits, which he said amounts to some kind of prime number that is around 600 decimal places long. That is why it takes so long to finish. I found that useless but fascinating.
The down side of the story is that at the end of the "long time" I get the notice "Error getting validation data" with a list of possible solutions. Obviously almost all of it was router related. I figure what the heck and ordered the Netgear router (which is open source supported). I also found this article on upgrading the firmware with Tomato. Can you take a quick look at it and see if it is good info or should I just proceed with setting up the new router as is out of the box? I know it's not required to get Let's Encrypt up and running, but I'm just so curious to see why someone would risk bricking a router.
-
I do not know exactly what I did since modify the container did not work I decided to to delete the letsencrypt container and recreate it and now Success
Now I am going to continue with this great guide.Code
Alles anzeigenroot@raspberrypi:~# docker logs -f letsencrypt [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=America/Los_Angeles URL=duckdns.org SUBDOMAINS=lefouvolant EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=p.......@gmail.com STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d lefouvolant.duckdns.org E-mail address entered: philglic@gmail.com http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for lefouvolant.duckdns.org Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/lefouvolant.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/lefouvolant.duckdns.org/privkey.pem Your cert will expire on 2019-01-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready
UPDATE
I guess I claimed Victory too early although I modified the two PHP Files I cannot get to nextcloud remotely https://lefouvolant.duckdns.org/ or locally https://192.168.2.150:443
GRRRRR!!!!!!!@#$%^&^*( -
Zitat von Agricola
The down side of the story is that at the end of the "long time" I get the notice "Error getting validation data" with a list of possible solutions. Obviously almost all of it was router related. I figure what the heck and ordered the Netgear router (which is open source supported). I also found this article on upgrading the firmware with Tomato. Can you take a quick look at it and see if it is good info or should I just proceed with setting up the new router as is out of the box? I know it's not required to get Let's Encrypt up and running, but I'm just so curious to see why someone would risk bricking a router.
You don't have to upgrade your router. Upgrading your router just gives you features that can be found on professional routers. Don't try to upgrade your router if you are worried about bricking it.
-
Way back at the first install video of OMB you create a "Downloads" folder, but never use it in the setups for Nextcloud or Let's Encrypt. I am needing that folder name in Syncthing for backing up/syncing folders on my two computers. Is there any reason I cannot do so?
On the router issue, I probably will not turn it into a vegetable just yet. Right now I am wrestling with starting over with OMV. My previous install was on a 16gb card and when I started syncing my computers for the first time yesterday the second partition of OMB system volume went to 93% and Syncthing shut down. I'm not sure if it was the small card or having dangling participles with a half-installed Let's Encrypt. Not having a proper backup (I thought I did) I decided to start over with a fresh 32gb card. I'm still learning how to create a disk image backup and I guess I missed a step a couple of days ago. All for the best. "Repetitio mater studiorum." Thanks for the help.
-
@TechnoDadLife,
Would you be kind enough to look At my config. files since I am sure I am typing according to your guide but this not working, Maybe you can spot the error. -
Way back at the first install video of OMB you create a "Downloads" folder, but never use it in the setups for Nextcloud or Let's Encrypt. I am needing that folder name in Syncthing for backing up/syncing folders on my two computers. Is there any reason I cannot do so?
On the router issue, I probably will not turn it into a vegetable just yet. Right now I am wrestling with starting over with OMV. My previous install was on a 16gb card and when I started syncing my computers for the first time yesterday the second partition of OMB system volume went to 93% and Syncthing shut down. I'm not sure if it was the small card or having dangling participles with a half-installed Let's Encrypt. Not having a proper backup (I thought I did) I decided to start over with a fresh 32gb card. I'm still learning how to create a disk image backup and I guess I missed a step a couple of days ago. All for the best. "Repetitio mater studiorum." Thanks for the help.
You should use an external hard drive with your Raspberry pi. You don't want to be copying thing t the SD card, other wise you will shorten its life.
-
Would you be kind enough to look At my config. files since I am sure I am typing according to your guide but this not working, Maybe you can spot the error.
This says you have an error in your let'sencrypt container. Why don't you post pictures of those.
-
You should use an external hard drive with your Raspberry pi. You don't want to be copying thing t the SD card, other wise you will shorten its life.
I have a brand new 4TB Western Digital connected via powered USB. It probably doesn't make much difference but I'm running an Odroid UX4. I know there is a lot of negative on the UX4 but everything has loaded up nicely and performed perfectly, until I actually started to implement a serious backup. I did a fresh install this morning on a brand new 32GB A1 SanDisk and the same thing happened a couple hours ago.
-
This says you have an error in your let'sencrypt container. Why don't you post pictures of those.
Here you go thank you for looking at them.
I am getting this in log nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:28 but /nextcloud.subdomain.conf looks ok to me! -
I look at this /nextcloud.subdomain.conf
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => ['letsencrypt'],
# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
# 'overwritehost' => 'nextcloud.your-domain.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.your-domain.com',
# ),
and I noticed in youtube comment at the end somebody (martin Farias in the replies of Brad conicello was using this method with success but honestly I got no clou about the pro and con to connect this way or no just trying to find a solution I guess I am getting obsessed!
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!