Error while obtaining SSL certificate via Let's Encrypt plugin on OpenMediaVault (/.well-known not found)

  • I have OpenMediaVault 4 with the Let's Encrypt Docker running.
    I have done the configuration as per Techno Dad Life's video (https://www.youtube.com/watch?v=pRt7UlQSB2g)


    All the port forwarding should be done correctly.
    But when trying obtain a cert, by starting the letsencrypt docker image, it results in an error:


    The issue is that the www directory "http://omv.acme.net/.well-known" is not available. I didn't see any instructions, that it should be created manually.


    At which point and how should it be created?
    Is there some nginx config wrong?

  • Okay, now I'm suspecting, that the port-forwarding may not work correctly. Or the let's encrypt nginx server is simply not running.


    First I thought the forwarding might be correct, because of this error message in the let's encrypt logs:



    Code
    Detail: Invalid response from
       http://omv.acme.net/.well-known/acme-challenge/zbe50NOV2kgDMC-8uzj7aTnWtximj9wVJv5LRAMnaGc
    
    
    > openmediavault - Page not found


    But that's because OpenMediaVault used to be running on port 80. Now, since I changed OMV to port 81, the error message changed to this:


    Should it work, if OVM is served at Port 80 and the Let's Encrypt connections forwarded from Port 80 to 90? And if yes - how is it supposed to be working?


    To @Morlan's question, here are screenshots from my dockerconfig:



    Router - Port Forwarding:



    The router also has a section "Traffic Rules" where I replaced those forwards (Not sure if that's a good idea?) and where I also explicitly opened 443 and 444 for SSL:


  • as long as the certificates fail, the reverse proxy inside the container will not start.


    The port forwards look fine. I think you can delete the extra traffic rules.



    Did you enter the correct domain of your dyndns provider? And specified the correct subdomains?

  • Thanks Morlan!



    Zitat von Morlan

    as long as the certificates fail, the reverse proxy inside the container will not start.

    That brought some light in my not-understanding. :)




    Zitat von Morlan

    The port forwards look fine. I think you can delete the extra traffic rules.


    It turned out the actual problem was deeply rooted in the overall home/wan network setup. Someone had done some weird wiring and setup there. So this had nothing to do with OMV.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!