Letsencrypt Docker error

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Letsencrypt Docker error

      I try to setup letsencrypt in my OMV installation.
      I followed step by step this video Installation and Setup Videos - Beginning, Intermediate and Advanced
      OMV, phpmyadmin, duckdns, mariadb, nextcloud everything is up and runnig.
      But when i hit the Save button on the end of the docker configuration, i get this error:

      Fehler #0:OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; docker run -d --restart=always -v /etc/localtime:/etc/localtime:ro --net=bridge -p 0.0.0.0:450:443/tcp -p 0.0.0.0:90:80/tcp -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -e PS1="$(whoami)@$(hostname):$(pwd)\$ " -e HOME="/root" -e TERM="xterm" -e DHLEVEL="2048" -e ONLY_SUBDOMAINS="false" -e AWS_CONFIG_FILE="/config/dns-conf/route53.ini" -e S6_BEHAVIOUR_IF_STAGE2_FAILS="2" -e PUID="1000" -e PGID="100" -e URL="duckdns.org" -e TZ="Europe/Berlin" -e VALIDATION="http" -e EMAIL="jxxxxxx@gmx.net" -e SUBDOMAINS="thegreatxxxx,thegreatxxxx2" -e ONLY_SUBDOMAINS="true" -v "/sharedfolders/Daten/letsencrypt":"/config":rw --name="letsencrypt" --label omv_docker_extra_args="--cap-add=NET_ADMIN --network my-net" --cap-add=NET_ADMIN --network my-net "linuxserver/letsencrypt:latest" 2>&1' with exit code '125': docker: conflicting options: cannot attach both user-defined and non-user-defined network-modes.See 'docker run --help'. in /usr/share/php/openmediavault/system/process.inc:182Stack trace:#0 /usr/share/openmediavault/engined/rpc/docker.inc(597): OMV\System\Process->execute()#1 [internal function]: OMVRpcServiceDocker->runContainer(Array, Array)#2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)#3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('runContainer', Array, Array)#4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Docker', 'runContainer', Array, Array, 1)#5 {main}

      So whats wrong please help.
    • Ok my next problem is when i type in Putty "docker logs -f letsencrypt" i got this error at the end

      An unexpected error occurred:
      pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'})
      Please see the logfile '/tmp/tmp8l9th1mp/log' for more details.
      ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
    • Stealthvince wrote:

      S
      A new error pops when I re-build a new lets-encrypt container :

      Source Code

      1. pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'})

      I found the fix in linuxserver forum. See the 'drumstyx response at 20/11/2019 to fix this issue:

      -Connect to your lets encrypt container bash and:

      Source Code

      1. apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade
    • I hope i get this right.
      So i open Putty Login as root and type in first: apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade
      ant then i can type docker logs -f letsencrypt?

      This is the whole output

      Brainfuck Source Code

      1. docker logs -f letsencrypt
      2. [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      3. [s6-init] ensuring user provided files have correct perms...exited 0.
      4. [fix-attrs.d] applying ownership & permissions fixes...
      5. [fix-attrs.d] done.
      6. [cont-init.d] executing container initialization scripts...
      7. [cont-init.d] 10-adduser: executing...
      8. -------------------------------------
      9. _ ()
      10. | | ___ _ __
      11. | | / __| | | / \
      12. | | \__ \ | | | () |
      13. |_| |___/ |_| \__/
      14. Brought to you by linuxserver.io
      15. We gratefully accept donations at:
      16. https://www.linuxserver.io/donate/
      17. -------------------------------------
      18. GID/UID
      19. -------------------------------------
      20. User uid: 1000
      21. User gid: 100
      22. -------------------------------------
      23. [cont-init.d] 10-adduser: exited 0.
      24. [cont-init.d] 20-config: executing...
      25. [cont-init.d] 20-config: exited 0.
      26. [cont-init.d] 30-keygen: executing...
      27. generating self-signed keys in /config/keys, you can replace these with your own keys if required
      28. Generating a RSA private key
      29. ....................................+++++
      30. ............................................................................................................................................................+++++
      31. writing new private key to '/config/keys/cert.key'
      32. -----
      33. [cont-init.d] 30-keygen: exited 0.
      34. [cont-init.d] 50-config: executing...
      35. Variables set:
      36. PUID=1000
      37. PGID=100
      38. TZ=Europe/Berlin
      39. URL=duckdns.org
      40. SUBDOMAINS=thegreatxxxx,thegreatxxxx
      41. EXTRA_DOMAINS=
      42. ONLY_SUBDOMAINS=false
      43. DHLEVEL=2048
      44. VALIDATION=http
      45. DNSPLUGIN=
      46. EMAIL=j.xxxx@gmx.net
      47. STAGING=
      48. Created donoteditthisfile.conf
      49. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
      50. Generating DH parameters, 2048 bit long safe prime, generator 2
      51. This is going to take a long time
      52. .................+..........................++*++*++*++*
      53. DH parameters successfully created - 2048 bits
      54. SUBDOMAINS entered, processing
      55. SUBDOMAINS entered, processing
      56. Sub-domains processed are: -d thegreatXXXX.duckdns.org -d thegreatXXXX.duckdns.org
      57. E-mail address entered: j.XXXX@gmx.net
      58. http validation is selected
      59. Generating new certificate
      60. An unexpected error occurred:
      61. pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'})
      62. Please see the logfile '/tmp/tmp8l9th1mp/log' for more details.
      63. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
      Display All
    • first bash into your docker:
      docker exec -it letsencrypt bash
      then enter the aformentioned line:
      apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade

      also in case of the config of letsencrypt from your logs you need to change the Variable ONLY_SUBDOMAINS=false to ONLY_SUBDOMAINS=true. Cause right now you are trying to register a ssl-certficate for the domain duckdns.org
    • Ok did that.

      And then I got this

      Brainfuck Source Code

      1. docker exec -it letsencrypt bash
      2. root@odroidxu4:/$ apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade
      3. fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/armv7/APKINDEX.tar.gz
      4. fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/armv7/APKINDEX.tar.gz
      5. (1/13) Installing binutils (2.32-r0)
      6. (2/13) Installing isl (0.18-r0)
      7. (3/13) Installing libgomp (8.3.0-r0)
      8. (4/13) Installing libatomic (8.3.0-r0)
      9. (5/13) Installing mpfr3 (3.1.5-r1)
      10. (6/13) Installing mpc1 (1.1.0-r0)
      11. (7/13) Installing gcc (8.3.0-r0)
      12. (8/13) Installing linux-headers (4.19.36-r0)
      13. (9/13) Installing pkgconf (1.6.1-r1)
      14. (10/13) Installing libffi-dev (3.2.1-r6)
      15. (11/13) Installing musl-dev (1.1.22-r3)
      16. (12/13) Installing openssl-dev (1.1.1d-r0)
      17. (13/13) Installing python3-dev (3.7.5-r1)
      18. Executing busybox-1.30.1-r3.trigger
      19. OK: 335 MiB in 204 packages
      20. Collecting cryptography
      21. Downloading https://files.pythonhosted.org/packages/be/60/da377e1bed002716fb2d5d1d1cab720f298cb33ecff7bf7adea72788e4e4/cryptography-2.8.tar.gz (504kB)
      22. |████████████████████████████████| 512kB 2.4MB/s
      23. Installing build dependencies ... done
      24. Getting requirements to build wheel ... done
      25. Preparing wheel metadata ... done
      26. Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /usr/lib/python3.7/site-packages (from cryptography) (1.11.5)
      27. Requirement already satisfied, skipping upgrade: six>=1.4.1 in /usr/lib/python3.7/site-packages (from cryptography) (1.12.0)
      28. Requirement already satisfied, skipping upgrade: pycparser in /usr/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography) (2.19)
      29. Building wheels for collected packages: cryptography
      30. $ docker logs -f letsencrypt
      31. [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      32. [s6-init] ensuring user provided files have correct perms...exited 0.
      33. [fix-attrs.d] applying ownership & permissions fixes...
      34. [fix-attrs.d] done.
      35. [cont-init.d] executing container initialization scripts...
      36. [cont-init.d] 10-adduser: executing...
      37. -------------------------------------
      38. _ ()
      39. | | ___ _ __
      40. | | / __| | | / \
      41. | | \__ \ | | | () |
      42. |_| |___/ |_| \__/
      43. Brought to you by linuxserver.io
      44. We gratefully accept donations at:
      45. https://www.linuxserver.io/donate/
      46. -------------------------------------
      47. GID/UID
      48. -------------------------------------
      49. User uid: 1000
      50. User gid: 100
      51. -------------------------------------
      52. [cont-init.d] 10-adduser: exited 0.
      53. [cont-init.d] 20-config: executing...
      54. [cont-init.d] 20-config: exited 0.
      55. [cont-init.d] 30-keygen: executing...
      56. generating self-signed keys in /config/keys, you can replace these with your own keys if required
      57. Generating a RSA private key
      58. ................................................+++++
      59. ..+++++
      60. writing new private key to '/config/keys/cert.key'
      61. -----
      62. [cont-init.d] 30-keygen: exited 0.
      63. [cont-init.d] 50-config: executing...
      64. Variables set:
      65. PUID=1000
      66. PGID=100
      67. TZ=Europe/Berlin
      68. URL=duckdns.org
      69. SUBDOMAINS=thegreatxxx,thegreatxxx
      70. EXTRA_DOMAINS=
      71. ONLY_SUBDOMAINS=true
      72. DHLEVEL=2048
      73. VALIDATION=http
      74. DNSPLUGIN=
      75. EMAIL=j.@gmx.net
      76. STAGING=
      77. Created donoteditthisfile.conf
      78. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
      79. Generating DH parameters, 2048 bit long safe prime, generator 2
      80. This is going to take a long time
      81. ...+...........................................................................+..........................................+.........................................................+..........+.........................................................................................................................................................+...........................................................................................................................................................++*++*++*++*
      82. DH parameters successfully created - 2048 bits
      83. SUBDOMAINS entered, processing
      84. SUBDOMAINS entered, processing
      85. Only subdomains, no URL in cert
      86. Sub-domains processed are: -d thegreatxxx.duckdns.org -d thegreatxxxx.duckdns.org
      87. E-mail address entered: j@gmx.net
      88. http validation is selected
      89. Generating new certificate
      90. An unexpected error occurred:
      91. pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'})
      92. Please see the logfile '/tmp/tmpxffn77qx/log' for more details.
      93. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
      Display All
    • Ok deleted the old one. And now i have installed the new version of letsencrypt Docker.
      Does the error say that there is something wrong with duckdns?

      HTML Source Code

      1. $ docker logs -f letsencrypt
      2. [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      3. [s6-init] ensuring user provided files have correct perms...exited 0.
      4. [fix-attrs.d] applying ownership & permissions fixes...
      5. [fix-attrs.d] done.
      6. [cont-init.d] executing container initialization scripts...
      7. [cont-init.d] 10-adduser: executing...
      8. -------------------------------------
      9. _ ()
      10. | | ___ _ __
      11. | | / __| | | / \
      12. | | \__ \ | | | () |
      13. |_| |___/ |_| \__/
      14. Brought to you by linuxserver.io
      15. We gratefully accept donations at:
      16. https://www.linuxserver.io/donate/
      17. -------------------------------------
      18. GID/UID
      19. -------------------------------------
      20. User uid: 1000
      21. User gid: 100
      22. -------------------------------------
      23. [cont-init.d] 10-adduser: exited 0.
      24. [cont-init.d] 20-config: executing...
      25. [cont-init.d] 20-config: exited 0.
      26. [cont-init.d] 30-keygen: executing...
      27. generating self-signed keys in /config/keys, you can replace these with your own keys if required
      28. Generating a RSA private key
      29. ..............+++++
      30. .....................................+++++
      31. writing new private key to '/config/keys/cert.key'
      32. -----
      33. [cont-init.d] 30-keygen: exited 0.
      34. [cont-init.d] 50-config: executing...
      35. Variables set:
      36. PUID=1000
      37. PGID=100
      38. TZ=Europe/Berlin
      39. URL=duckdns.org
      40. SUBDOMAINS=thegreatxxxxx,thegreatxxxx
      41. EXTRA_DOMAINS=
      42. ONLY_SUBDOMAINS=true
      43. DHLEVEL=2048
      44. VALIDATION=http
      45. DNSPLUGIN=
      46. EMAIL=j@gmx.net
      47. STAGING=
      48. Created donoteditthisfile.conf
      49. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
      50. Generating DH parameters, 2048 bit long safe prime, generator 2
      51. This is going to take a long time
      52. ......................................................................................................................................+......................... ..........................................+............................................................................................................+........ ..................................................................+............................................................................................. ................................................................................................................................................................ ........................+....................................................................................................................................... ................................................................................................................................................................ ................................................................................................................................................................ .........................+.......................................................+.............................................................................. ...................+...........+..........+......................+.........................................................................+.................... ................................................................................................................................................................ ...................................................................................................+................................+........................... .......................+................+..........................+....................................+.....+................................................. ................................................................................................................................................................ ................................................................................................................................................................ ........+.........................................................................................................................+............................. ...............+................................+................................................+.........................+.................................... ...........................................................................+...........................++*++*++*++*
      53. DH parameters successfully created - 2048 bits
      54. SUBDOMAINS entered, processing
      55. SUBDOMAINS entered, processing
      56. Only subdomains, no URL in cert
      57. Sub-domains processed are: -d thegreatxxx.duckdns.org -d thegreatxxx.duckdns.org
      58. E-mail address entered: j@gmx.net
      59. http validation is selected
      60. Generating new certificate
      61. Saving debug log to /var/log/letsencrypt/letsencrypt.log
      62. Plugins selected: Authenticator standalone, Installer None
      63. Obtaining a new certificate
      64. Performing the following challenges:
      65. http-01 challenge for thegreatxxxx.duckdns.org
      66. http-01 challenge for thegreatxxxx.duckdns.org
      67. Waiting for verification...
      68. Challenge failed for domain thegreatxxxx.duckdns.org
      69. Challenge failed for domain thegreatxxxx.duckdns.org
      70. http-01 challenge for thegreatxxxx.duckdns.org
      71. http-01 challenge for thegreatxxxx.duckdns.org
      72. Cleaning up challenges
      73. Some challenges have failed.
      74. IMPORTANT NOTES:
      75. - The following errors were reported by the server:
      76. Domain: thegreatxxxx.duckdns.org
      77. Type: unauthorized
      78. Detail: Invalid response from
      79. http://thegreatxxxx.duckdns.org/.well-known/acme-challenge/RueUCN4AxzXfmaGtePd8USMFAPu7GGTYvYcY0fW1ukg
      80. [80.137.94.192]: "<!DOCTYPE
      81. html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      82. error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      83. http-equiv=\"X-U"
      84. Domain: thegreatlxxxxx.duckdns.org
      85. Type: unauthorized
      86. Detail: Invalid response from
      87. http://thegreatxxxx.duckdns.org/.well-known/acme-challenge/dQC1NP6Z7ELEhTbvbVqM6dXfSa-WPQlmZ3vVCAZO0Zo
      88. [80.137.94.192]: "<!DOCTYPE
      89. html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      90. error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      91. http-equiv=\"X-U"
      92. To fix these errors, please make sure that your domain name was
      93. entered correctly and the DNS A/AAAA record(s) for that domain
      94. contain(s) the right IP address.
      95. - Your account credentials have been saved in your Certbot
      96. configuration directory at /etc/letsencrypt. You should make a
      97. secure backup of this folder now. This configuration directory will
      98. also contain certificates and private keys obtained by Certbot so
      99. making regular backups of this folder is ideal.
      100. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings a nd recreate the container
      Display All
    • Hello Again!
      Letsencrypt is working and i can reach my nextcloud docker from the internet with my the url xxx.duckdns.org:447
      So how do i get it to run without the Port 447 at the end? When i try to reach it without the Port i get only a timeout.
      I have setup mariadb, letsencrypt, nextcloud, duckdns, phpmyadmin everything is running.
      I know that i don`t need the "--network my-net" argument in letsencrypt docker.
      Now i have tryed with zwo different how to videos:
      Timecode 9:45
      and
      Timecode 1:04:53

      and both state that i have to add in the nextcloud extra args "--network my-net" see timecode.

      But when i do that, i get a container crash an it won't start so i have to setup nextcloud container from scratch.


      The difference between both videos is that Techno Dad is changing something in a nextcloud file "custom.cnf" at Timecode 8:35 i didn't do that.

      The Error shown after trying to set the "--network my-net" argument:

      Source Code

      1. Fehler #0:
      2. OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; docker run -d --restart=always -v /etc/localtime:/etc/localtime:ro --net=bridge -h "45e96b1dabf7" -e PS1="root@odroidxu4:/$ " -e HOME="/root" -e TERM="xterm" -e NEXTCLOUD_PATH="/config/www/nextcloud" -e PUID="1000" -e PGID="100" -e TZ="Europe/Berlin" -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -v "/sharedfolders/Daten/nextcloud":"/config":rw -v "/sharedfolders/NC-Daten":"/data":rw --name="nextcloud" --label omv_docker_extra_args="--network my-net" --network my-net "linuxserver/nextcloud:latest" 2>&1' with exit code '125': docker: conflicting options: cannot attach both user-defined and non-user-defined network-modes.
      3. See 'docker run --help'. in /usr/share/php/openmediavault/system/process.inc:182
      4. Stack trace:
      5. #0 /usr/share/openmediavault/engined/rpc/docker.inc(597): OMV\System\Process->execute()
      6. #1 /usr/share/openmediavault/engined/rpc/docker.inc(704): OMVRpcServiceDocker->runContainer(Array, Array)
      7. #2 [internal function]: OMVRpcServiceDocker->modifyContainer(Array, Array)
      8. #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
      9. #4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('modifyContainer', Array, Array)
      10. #5 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Docker', 'modifyContainer', Array, Array, 1)
      11. #6 {main}
      Display All
      @macom yep i should do that. With my previous ISP WillyTel i had a Fritzbox.
    • Morlan wrote:

      The guide is outdated. Remove the --network my-net. Then attach the container manually to the my-net network in the network tab of the docker gui

      JayKay wrote:

      etsencrypt is working and i can reach my nextcloud docker from the internet with my the url xxx.duckdns.org:447
      So how do i get it to run without the Port 447 at the end?
      What port does your nextcloud container expose? And why does your router lets port 447 trough did you open it?