openmediavault-letsencrypt

  • `datetime timezone issue in service logs` is fixed
    and will be released in next version (3.2)
    as soon as @ryecoaaron upload binary


    if you don't want to wait, just install manually 3.2 right now (see attachment)


    thanks for reporting

    Files

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    Edited 2 times, last by luxflow ().

  • Hi guys.. I created a SSL cert some month ago but now i want to use LE. How can i delete the "old" one?!

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

  • I cannot understand your problem
    Please describe more detail what is your issue and what you did also what you want


    You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
    omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration


    enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

  • I cannot understand your problem
    Please describe more detail what is your issue and what you did also what you want


    You don't need choose LE in nginx manually (I'm not sure what you mean choose LE in nginx)
    omv-letsencrypt do all things automatically you don't need to manually edit nginx configuration


    enable `Schedule Refresh` -> put your domain in `Domain`, email in `Email`, '/var/www/openmediavault/' in `WebRoot` -> save & generate certificate


    Okay.. Then everything is like it should. Ty very much.. !!

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

  • 1st post point 5 in this thread says the LE cert can be chosen in General SSL section. And this is my Problem. There is no LE cert to choose. I can only choose my self generated cert.

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

  • Scheduled Jobs -> select field command of which is `omv-letsencrypt` -> click Run
    and post result to see why le cert is not generated

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

  • I generated a New certificate in LE but i get errors. Certificate is okay but if i choose it in the Main settings i got this error. Regenerating tells certificate is okay. hint: I use backports kernel...



    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

    Edited once, last by Ruschi ().

  • Code
    #completely remove old letsencrypt
    apt-get purge openmediavault-letsencrypt
    #remove letsencrypt directory
    rm -rf /etc/letsencrypt
    #reinstall
    apt-get install openmediavault-letsencrypt

    @Ruschi
    First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
    After that try generate letsencrypt cert again

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

  • and will be released in next version (3.2)
    as soon as @ryecoaaron upload binary

    Missed that note. 3.2 is in testing repo. Not sure if it should be in regular repo or not?

    omv 6.0.42-2 Shaitan | 64 bit | 5.19 proxmox kernel | plugins :: omvextrasorg 6.1.1 | kvm 6.1.23 | mergerfs 6.3.3 | zfs 6.0.11
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Code
    #completely remove old letsencrypt
    apt-get purge openmediavault-letsencrypt
    #remove letsencrypt directory
    rm -rf /etc/letsencrypt
    #reinstall
    apt-get install openmediavault-letsencrypt

    @Ruschi
    First remove le cronjob in OMV, and try this script to completely remove omv-letsencrypt and reinstall
    After that try generate letsencrypt cert again


    "Because I'm happy"


    this worked.
    Now I can choose it. Great..

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

  • @ryecoaaron
    I think it is quite stable if installed with fresh OMV 3.x
    But I have no idea when upgrade from OMV 2.x Since I don't have any used OMV 2.x machine

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

  • @ryecoaaron
    I think it is quite stable if installed with fresh OMV 3.x

    It is in the regular repo now.

    omv 6.0.42-2 Shaitan | 64 bit | 5.19 proxmox kernel | plugins :: omvextrasorg 6.1.1 | kvm 6.1.23 | mergerfs 6.3.3 | zfs 6.0.11
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

  • In which .conf do I now have to put in the proxy_pass configuration?
    what about this folder /.well-known/acme-challange/


    My proxy_pass looks like this.


    #tvheadend
    server {
    listen [::]:80;
    server_name nas.xxxxxx.com 192.168.178.20;
    location /tvheadend {
    proxy_set_header HOST $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:9981;
    }
    }

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

    • first install omv-nginx
    • add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
    • omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)
    • first install omv-nginx
    • add entry and see attachments (this is only for tvheadend and just example but it is similar to others but should always check application specific proxy pass configuration)
    • omv schdule job -> select letsencrypt jobs -> run (this step is not required if you don't use sub domain that is something like tv.yourdomain.com)

    ty very much..


    It works but I get an 404 error.. but i read that this is more a "problem" of Tvheadend. I have to read more.
    I also did a SSL test yesterday .. looks good but the key exchange is weak. I should use the diffie-hellman params.

    MSI B-250-DS3H-G4560 | some RAM | someTB WD red (snapraid) | OMV 5.x (latest) | DD Cine S2 V6.5

  • 2 things relating to the plugin on OMV;


    - Qualys TLS check rightfully rates the cert with a B ("This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.")
    - The server Key is only 2048 bit, while I'd prefer RSA 4096 bits (e 65537), like, for example, on this test.



    Sure, I can change nginx config manually, but it gets overwritten at every OMV update, so that's a bad idea.. hence the reason I mention this here.



    Thanks in advance for improvements on this TLS implementation for OMV.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!