Instead fill in several sub domains, try one sub domain.
Ensure OMV is using port 80 too.
openmediavault-letsencrypt
-
- OMV 3.x
- fubz
-
-
So if i just use 1 sub domain such as "service.domain.co.uk" then try?
Can i then also create certificates for the other sub domains?
I thought the beauty of this plugin was you can add multiples to 1 certificate?
OMV is using port 80 internally, but its not accessible from external. Do i need to make it accessible to the outside world?
-
Let's Encrypt let you generate multiple certificates call SAN.
However, in your case, just try one sub domain see if it work.
Or you can uninstall the plug-in, and re-install it.
You don't need to make port 80 accessible to WAN, if you don't access it remotely. -
-
Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
complete output:
Code
Display More>>> *************** Error *************** Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email xxxxx@gmail.com -d raulfg3.zapto.org -d rnas.ddns.net 2>&1': Updating letsencrypt and virtual environment dependencies... . . . Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email raulfg3@gmail.com -d raulfg3.zapto.org -d rnas.ddns.net An unexpected error occurred: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net Please see the logfiles in /var/log/letsencrypt for more details. IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to raulfg3@gmail.com. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this
and this is letsencrypt.log if help:
Code
Display More2016-01-20 19:09:30,911:DEBUG:letsencrypt.cli:Root logging level set at 30 2016-01-20 19:09:30,911:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log RdU_nTi4HbVapIEWjBeebxCh1Zx9IzZ_OPlHLlhdY9WoHHdoFOuRDRvXzKQmzCd4OhCLKw8T9KGX5UhgWnrUga0yRT32lPWhUrkEuwA5aVQIvZ_wNfCjstaQs9_LeJ9xXgpOwsOQYLWXVX1t4KIp0FCCvdrTkfqWi0mZcb8Orr7J-Y767xKUaXv-yuWrlttE-DvCltr-UOr5DmpvT3i-EGIJ5SjwoK2TPlpslP9F_AwofmpYoFSVuTQmI8dJcdleWhJobemo4dx8psLfD2QLC2CfCYY0_CG5dhnDeNUUFrg"}'} 2016-01-20 19:10:40,731:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-01-20 19:10:41,534:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 429 150 2016-01-20 19:10:41,537:DEBUG:root:Received <Response [429]>. Headers: {'Content-Length': '150', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Wed, 20 Jan 2016 19:08:31 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'SCHSXNWFiErze2u6H6j73ctNs29YjUCWzrD5q-9ERbE'}. Content: '{"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net","status":429}' 2016-01-20 19:10:41,538:DEBUG:acme.client:Storing nonce: 'H!\xd2\\\xd5\x85\x88J\xf3{k\xba\x1f\xa8\xfb\xdd\xcbM\xb3oX\x8d@\x96\xce\xb0\xf9\xab\xefDE\xb1' 2016-01-20 19:10:41,538:DEBUG:acme.client:Received response <Response [429]> (headers: {'Content-Length': '150', 'Server': 'nginx', 'Connection': 'close', 'Date': 'Wed, 20 Jan 2016 19:08:31 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'SCHSXNWFiErze2u6H6j73ctNs29YjUCWzrD5q-9ERbE'}): '{"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net","status":429}' 2016-01-20 19:10:41,539:DEBUG:letsencrypt.cli:Exiting abnormally: Traceback (most recent call last): File "~/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1398, in main return args.func(args, config, plugins) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 600, in obtain_cert _auth_from_domains(le_client, config, domains) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 404, in _auth_from_domains lineage = le_client.obtain_and_enroll_certificate(domains) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate return self._obtain_certificate(domains, csr) + (key, csr) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 228, in _obtain_certificate authzr) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 310, in request_issuance headers={'Accept': content_type}) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 634, in post return self._check_response(response, content_type=content_type) File "/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 550, in _check_response raise messages.Error.from_json(jobj) Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
Perhaps I need to try other day to avoid diary limit?
-
only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.
Other plugin like failbam or bittorrent add his log if you want to revise code.
-
Still not working even after a re-install and using only 1 domain
Code
Display More>>> *************** Error *************** Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk 2>&1': Updating letsencrypt and virtual environment dependencies... . . . Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk Failed authorization procedure. transmission.domain.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 16 parts IMPORTANT NOTES: - The following errors were reported by the server: Domain: transmission.domain.co.uk Type: urn:acme:error:unauthorized Detail: Error parsing key authorization file: Invalid key authorization: 16 parts <<< *************************************
-
-
I think we are dealing with a question wether LE supports ssl certificate generation on subdomains where you don't actually own the main domain, ddns.org for example.
i am guessing the domain owner has to authorize subdomains, providing some records at DNS.i also important to mention that all certs for domains domains point in DNS to the actual omv wan ip.
-
I do own my domain, i just edited it out here.
Its registered through 1and1.co.uk and i created a frame redirect to my public IP along with the ports for my services running on OMV, this part works. Just the generating of the certs for subdomain.mydomain.co.uk
-
I do own my domain, i just edited it out here.
I know that, i am referring to ddns or noip that got mentioned before.
-
-
I can't access OMV webgui after I enabled Let's Encrypt for OMV.
I tried OMV-firstaid, and got this the error:CodeUpdating web administration settings. Please wait ... {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}} Failed to execute RPC (service=WebGui, method=setSettings)
-
It would be nice if someone made a Guide for this.
-
-
-
I would but I have done my share..
-
Anybody know how to fix my error?
I've tried with HTTPS and without HTTPS, but no luck. -
Hello, do not work for me: Error creating new cert :: Too many certificates already issued for: zapto.org, ddns.net
...Perhaps I need to try other day to avoid diary limit?
There is no way around this except to wait until Lets Encrypt allows you to request a cert again.only as sugest to improbe pluging, if possible try to add letsencrypt.log to OMV webGUI Log so I can see what happens if something goes wrong.
Other plugin like failbam or bittorrent add his log if you want to revise code.
I will work on thatStill not working even after a re-install and using only 1 domain
Code
Display More>>> *************** Error *************** Failed to execute command 'sh /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk 2>&1': Updating letsencrypt and virtual environment dependencies... . . . Requesting root privileges to run with virtualenv: ~/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/openmediavault/ --text --keep-until-expiring --agree-tos --expand --email michael.mcloughlin@email.com -d transmission.domain.co.uk Failed authorization procedure. transmission.domain.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 16 parts IMPORTANT NOTES: - The following errors were reported by the server: Domain: transmission.domain.co.uk Type: urn:acme:error:unauthorized Detail: Error parsing key authorization file: Invalid key authorization: 16 parts <<< *************************************
Your domain transmission.domain.co.uk points to your OMV installation? Port 80 is open?I can't access OMV webgui after I enabled Let's Encrypt for OMV.
I tried OMV-firstaid, and got this the error:CodeUpdating web administration settings. Please wait ... {"response":null,"error":{"code":7001,"message":"Failed to connect to socket: No such file or directory","trace":"exception 'OMVException' with message 'Failed to connect to socket: No such file or directory' in \/usr\/share\/php\/openmediavault\/rpc.inc:135\nStack trace:\n#0 \/usr\/sbin\/omv-rpc(107): OMVRpc::exec('WebGui', 'setSettings', Array, Array, 2)\n#1 {main}"}} Failed to execute RPC (service=WebGui, method=setSettings)
I really have no idea what this issue is. It certainly could be the plugin; however, my understanding of OMV inner workings is still limited. I would create a new thread to get more visibility to the issue.It would be nice if someone made a Guide for this.
What would you like to see added to what I have now? I will do my best to create one. -
-
Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.
The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.
-
It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt. -
My OMV webgui is back working after I turned the server off and turned it back on.
Not sure why Let's Encrypt cert caused it.
So far so good. -
-
Yes but not the OMV gui, it points to the transmission install that is running on OMV on port 9091. If i point my browser at transmission.domain.co.uk i get access to my transmission so i know DNS is resolving correctly.
The only thing i though was because transmission is protected by a password that letsencrypt wasnt getting the response it needed? I tested by turning off the authentication on transmission but still didn't work.
What are you serving on port 80? more specifically, if you were to traverse your file system to where your transmission.domain.co.uk/index.html loads, what is that path? Currently the plugin is putting your authentication file in /var/www/openmediavault/.well-known/acme-challenge/haskeyhere. Thus, if I go to transmission.domain.co.uk/.well-known/acme-challenge/haskeyhere I would be able to see that file that lets encrypt placed. If this is not the case you have a couple of solutions.
Use the SNI Proxy I posted to serve all your external content on the default ports 80 and 443. This way if you were to go to transmission.domain.co.uk in your browser, the SNI Proxy would forward the traffic from your transmission install. Also you can then point to your OMV installation on port 9091 through port 80 by specifying SNI Proxy to forward traffic from say for example omv.domain.co.uk.
Otherwise you will need to set a custom webroot, this is coming in the next release of plugin that is just waiting to be pushed to the repository. In this case you set your web root to /var/www/transmission-where-your-application-is/ This way when lets encrypt goes to your domain it will be able to find the files it placed in the root directory.
You can also try to read the documentation if my rambling does not make sense https://letsencrypt.org/howitworks/
Let me know what else I can clarify, I would be glad to help where I can.It should be an open website. Before the plugin I used plain LE to generate one with the sonarr webui and I had to turn authentication off while LE was doing verification.
i have to admit that is not easy, I went to bunch of switches in cli until finally got it working, but my impression is that the whole LE is not ready. Sometimes work sometimes doesnt.
If you use SNI Proxy you can avoid that whole headache. I route all Lets Encrypt validations for all my subdomains to the same directory. Check out the configuration I posted and let me know if I need to clarify anything. After spending so much time learning about LE and the proxy I take for granted the knowledge.My OMV webgui is back working after I turned the server off and turned it back on.
Not sure why Let's Encrypt cert caused it.
So far so good.
I'm glad it got fixed with a "simple" solutionSorry If I borked your system.
-
More info about: Too many certificates already issued
https://community.letsencrypt.…cates-already-issued/6481
Participate now!
Don’t have an account yet? Register yourself now and be a part of our community!