Nextcloud letsencrypt, port-forwarding and SSL cert difficulties.

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Nextcloud letsencrypt, port-forwarding and SSL cert difficulties.

      Hi everybody!

      New to the OMV world, and I've been following TechnoDadLife's video series on getting OMV and Nextcloud running on a Raspberry pi 4.
      I had previously used a NextcloudPi setup, which worked straight away, but now I am getting some trouble with connecting remotely to my Nextcloud instance.

      I am able to get OMV 4 running on my Raspberry Pi 4, and it is set up just like in the TechnoDadLife video for now. I am also able to get MariaDB and Nextcloud working in Docker, with the lsioarmhf docker images. And using ip:444 I can log in and access my nextcloud in my local network just like I was able to previously.

      I run into trouble when I start configuring letsencrypt and duckDNS. Once I input "docker logs -f letsencrypt" in terminal, while "letsencrypt" is my running container's name, it first runs for a very long time (as the message in the prompt warns), but then it ends up spitting out an error message reading:

      "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"

      Following is the latest, complete error message with personal information redacted:

      Display Spoiler


      [cont-init.d] 10-adduser: exited 0.
      [cont-init.d] 20-config: executing...
      [cont-init.d] 20-config: exited 0.
      [cont-init.d] 30-keygen: executing...
      using keys found in /config/keys
      [cont-init.d] 30-keygen: exited 0.
      [cont-init.d] 50-config: executing...
      Variables set:
      PUID=1000
      PGID=100
      TZ=Europe/Helsinki
      URL=xxx.duckdns.org
      SUBDOMAINS=cloud
      EXTRA_DOMAINS=
      ONLY_SUBDOMAINS=false
      DHLEVEL=2048
      VALIDATION=http
      DNSPLUGIN=
      EMAIL=xxx@tuta.io
      STAGING=

      2048 bit DH parameters present
      SUBDOMAINS entered, processing
      SUBDOMAINS entered, processing
      Sub-domains processed are: -d cloud.xxx.duckdns.org
      E-mail address entered: xxx@tuta.io
      http validation is selected
      Generating new certificate
      Saving debug log to /var/log/letsencrypt/letsencrypt.log
      Plugins selected: Authenticator standalone, Installer None
      Obtaining a new certificate
      Performing the following challenges:
      http-01 challenge for cloud.xxx.duckdns.org
      http-01 challenge for xxx.duckdns.org
      Waiting for verification...
      Cleaning up challenges
      Failed authorization procedure. xxx.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from xxx.duckdns.org/.well-known/ac…xkOiP2Ge2NDEEX4CoO6DfSTHU [xx.xxx.xxx.xxx]: "<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404 error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta http-equiv=\"X-U", cloud.xxx.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from cloud.xxx.duckdns.org/.well-kn…tgGS4Vvu7Ae_C5aFFo64w7K9I [xx.xxx.xxx.xxx]: "<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404 error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta http-equiv=\"X-U"
      IMPORTANT NOTES:
      - The following errors were reported by the server:

      Domain: xxx.duckdns.org
      Type: unauthorized
      Detail: Invalid response from
      xxx.duckdns.org/.well-known/ac…xkOiP2Ge2NDEEX4CoO6DfSTHU
      [xx.xxx.xxx.xxx]: "<!DOCTYPE
      html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      http-equiv=\"X-U"

      Domain: cloud.xxx.duckdns.org
      Type: unauthorized
      Detail: Invalid response from
      cloud.xxx.duckdns.org/.well-kn…tgGS4Vvu7Ae_C5aFFo64w7K9I
      [xx.xxx.xxx.xxx]: "<!DOCTYPE
      html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      http-equiv=\"X-U"

      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.
      ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container



      Here are my duckdns and letsencrypt container configurations, as well as the port forwarding menu in my router.

      Link

      The only things I did differently versus the TDL videos are that I am running on OSX El Capitan, so I ssh in via terminal instead of shellinabox, that I use lsioarmhf images, and that instead of adding my-net into the "Extra arguments" section of the container config window, I connected the duckdns and letsencrypt containers to my-net in the configurations tab in docker window.

      I tried both the "Securely Login to Nextcloud Remotely on Openmediavault", and the "Free SSL Certificates with Letsencrypt on Openmediavault : Updated" videos instructions, which seemed to differ only as much as how the SUBDOMAINS environment variable is managed in the letsencrypt container. I now followed the more recent video, and simply used "cloud" as a subdomain for my "xxx.duckdns.org" domain that I have configured, as I figured it was pretty arbitrary, but I may be wrong.

      I used this tool and nmap in terminal to check my ports and set it to "Use Current IP", and found that port 80 is open, and port 443 is not. I am very new to any of this business with port forwarding or router configuration, so I am not sure if this is useful information or not. But I have gone through a multitude of threads here with similar issues and a common thread seems to be issues in port forwarding / port opening with the different routers people have at home, so I wonder if that's where my issue lies? If so, please advise on how to troubleshoot the issues.

      I have completely re-etched my OMV iso into the microsd on my Pi multiple times, and am now running a version in which the configuration steps are as 1:1 with the TDL videos as possible, with small variations pertaining to my Raspberry Pi and other (I think) simple differences.

      Sorry if it's a bit of a wall of text, but I wanted to try and provide as much info to be able to troubleshoot this issue concisely, and thanks in advance for the help, crawling through these forums has shown a really amazing community and amount of support to users starting out with their own NAS systems!
    • “I am also able to get MariaDB and Nextcloud working in Docker, with the lsioarmhf docker images.“

      1. Those images have been deprecated. If you pull the Linuxserver dockers the proper arm versions will automatically be selected.
      2. The technodadlife video you referenced is a bit outdated too.
      3. Take a look at this How-To. There might be a bit of a learning curve but there is a discussion thread linked to the How-To down at the bottom. [How-To] Nextcloud with Letsencrypt using OMV and docker-compose
      4. These links may also help:
      hub.docker.com/r/linuxserver/nextcloud
      hub.docker.com/r/linuxserver/mariadb
      hub.docker.com/r/linuxserver/letsencrypt
      hub.docker.com/r/linuxserver/duckdns
      blog.linuxserver.io/2019/04/25…rypt-nginx-starter-guide/
      OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.
    • Thanks for the link! Can't believe I missed that, looks just like what I need.

      I ran through the commands but was once again stumped by "docker logs -f letsencrypt" command, receiving the same Cert-related error message.
      I might just have to try flash OMV anew and try it without the possible previous adjustments still present and see if that helps..
    • Agricola wrote:

      “I am also able to get MariaDB and Nextcloud working in Docker, with the lsioarmhf docker images.“

      1. Those images have been deprecated. If you pull the Linuxserver dockers the proper arm versions will automatically be selected.
      2. The technodadlife video you referenced is a bit outdated too.
      3. Take a look at this How-To. There might be a bit of a learning curve but there is a discussion thread linked to the How-To down at the bottom. [How-To] Nextcloud with Letsencrypt using OMV and docker-compose
      4. These links may also help:
      hub.docker.com/r/linuxserver/nextcloud
      hub.docker.com/r/linuxserver/mariadb
      hub.docker.com/r/linuxserver/letsencrypt
      hub.docker.com/r/linuxserver/duckdns
      blog.linuxserver.io/2019/04/25…rypt-nginx-starter-guide/

      Thanks for the extensive set of links! Good to know that I've been running outdated images and tutorials, will definitely save me some headscratching there.
      I followed the how-to but ended up once again receiving the same Cert-related error message when I ran the command "docker logs -f letsencrypt". I'll probably try and flash OMV anew and run it again to see if there might be issues with something related to my previous tinkering..

      Will definitely go through the links and climb the learning curve as best as I can, cheers!
    • Morlan wrote:

      Unlikely that you messed up configs on omv. Thats the advantage of docker, when you delete the static data and the containers your system is back to the previous state.
      Most of the time the error of the letsencrypt container is due to faulty port forwardings or your isp (not public available ipv4 address)
      Okay! Good to know going forwards, and it seems your are correct. I already went and reflashed and configured my OMV, and after following the process detailed in the how-to you supplied I arrived at the same result.

      Display Spoiler


      DH parameters successfully created - 2048 bits
      SUBDOMAINS entered, processing
      SUBDOMAINS entered, processing
      Sub-domains processed are: -d xxx.duckdns.org
      E-mail address entered: xxx@tuta.io
      http validation is selected
      Generating new certificate
      /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if x is 0 or x is 1:
      /usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if x is 0 or x is 1:
      /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?
      elif y is 0 or y is 1:
      /usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?
      elif y is 0 or y is 1:
      /usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="?
      if original_result is 0:
      Saving debug log to /var/log/letsencrypt/letsencrypt.log
      Plugins selected: Authenticator standalone, Installer None
      Obtaining a new certificate
      Performing the following challenges:
      http-01 challenge for xxx.duckdns.org
      http-01 challenge for xxx.duckdns.org
      Waiting for verification...
      Challenge failed for domain xxx.duckdns.org
      Challenge failed for domain xxx.duckdns.org
      http-01 challenge for xxx.duckdns.org
      http-01 challenge for xxx.duckdns.org
      Cleaning up challenges
      Some challenges have failed.
      IMPORTANT NOTES:
      - The following errors were reported by the server:

      Domain: xxx.duckdns.org
      Type: unauthorized
      Detail: Invalid response from
      xxx.duckdns.org/.well-known/ac…Nbg7UKCf7A93KV_Sx72bml9mo
      [82.181.243.176]: "<!DOCTYPE
      html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      http-equiv=\"X-U"

      Domain: xxx.duckdns.org
      Type: unauthorized
      Detail: Invalid response from
      xxx.duckdns.org/.well-known/ac…oqgl1Ow6LGOpVM5IgELo3T7F0
      [82.181.243.176]: "<!DOCTYPE
      html>\n<html>\n\t<head>\n\t\t<title>openmediavault - HTTP 404
      error</title>\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
      http-equiv=\"X-U"

      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.
      - Your account credentials have been saved in your Certbot
      configuration directory at /etc/letsencrypt. You should make a
      secure backup of this folder now. This configuration directory will
      also contain certificates and private keys obtained by Certbot so
      making regular backups of this folder is ideal.
      ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container



      Are the python SyntaxWarnings something to be worried about?

      Also, if it has to do with port forwarding, does this look alright or have I missed something fundamental?

      Here are my router forwarding settings.

      Or what would be some tools to troubleshoot the availability of the different ports?

      Thanks a ton!