openmediavault-letsencrypt

See the attachments.
I just ran the cron job this morning.

`datetime timezone issue in service logs` is fixed
and will be released in next version (3.2)
as soon as @ryecoaaron upload binary

if you don't want to wait, just install manually 3.2 right now (see attachment)

thanks for reporting

Hi guys.. I created a SSL cert some month ago but now i want to use LE. How can i delete the "old" one?!

Don't need to delete old cert

Quote from luxflow

Don't need to delete old cert

The Problem is: I cant choose LE in nginx AS example

I cannot understand your problem
Please describe more detail what is your issue and what you did also what you want

You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration

enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate

Quote from luxflow

I cannot understand your problem
Please describe more detail what is your issue and what you did also what you want

You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration

enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate

Okay.. Then everything is like it should. Ty very much.. !!

1st post point 5 in this thread says the LE cert can be chosen in General SSL section. And this is my Problem. There is no LE cert to choose. I can only choose my self generated cert.

Scheduled Jobs -> select field command of which is `omv-letsencrypt` -> click Run
and post result to see why le cert is not generated

Quote from luxflow

`datetime timezone issue in service logs` is fixed
and will be released in next version (3.2)

if you don't want to wait, just install manually 3.2 right now (see attachment)

thanks for reporting

Thanks.

I generated a New certificate in LE but i get errors. Certificate is okay but if i choose it in the Main settings i got this error. Regenerating tells certificate is okay. hint: I use backports kernel...

#completely remove old letsencrypt
apt-get purge openmediavault-letsencrypt
#remove letsencrypt directory
rm -rf /etc/letsencrypt
#reinstall
apt-get install openmediavault-letsencrypt

@Ruschi
First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
After that try generate letsencrypt cert again

Quote from luxflow

Code

#completely remove old letsencrypt
apt-get purge openmediavault-letsencrypt
#remove letsencrypt directory
rm -rf /etc/letsencrypt
#reinstall
apt-get install openmediavault-letsencrypt

@Ruschi
First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
After that try generate letsencrypt cert again

"Because I'm happy"

this worked.
Now I can choose it. Great..

@ryecoaaron
I think it is quite stable if installed with fresh OMV 3.x
But I have no idea when upgrade from OMV 2.x Since I don't have any used OMV 2.x machine

Quote from luxflow

googling following keyword

tvserver nginx reverse proxy
couchpotato nginx reverse proxy
nextcloud nginx reverse proxy

give you application specific reverse proxy configuration

if you use same domain, only different thing is path (/tvserver /couchpotato /nextcloud)
you just get only one cert from LE for that domain

Display More

In which .conf do I now have to put in the proxy_pass configuration?
what about this folder /.well-known/acme-challange/

My proxy_pass looks like this.

#tvheadend
server {
listen [::]:80;
server_name nas.xxxxxx.com 192.168.178.20;
location /tvheadend {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9981;
}
}

• first install omv-nginx
• add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
• omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)

Quote from luxflow

• first install omv-nginx
• add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
• omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)

ty very much..

It works but I get an 404 error.. but i read that this is more a "problem" of Tvheadend. I have to read more.
I also did a SSL test yesterday .. looks good but the key exchange is weak. I should use the diffie-hellman params.

2 things relating to the plugin on OMV;

- Qualys TLS check rightfully rates the cert with a B ("This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.")
- The server Key is only 2048 bit, while I'd prefer RSA 4096 bits (e 65537), like, for example, on this test.

Sure, I can change nginx config manually, but it gets overwritten at every OMV update, so that's a bad idea.. hence the reason I mention this here.

Thanks in advance for improvements on this TLS implementation for OMV.