openmediavault-letsencrypt

  • (although I think this is obsolete now, the output:

    Code
    $ apt-cache policy certbot
    certbot:
    Installed: (none)
    Candidate: 0.10.2-1~bpo8+1
    Package pin: 0.10.2-1~bpo8+1
    Version table:
    0.10.2-1~bpo8+1 500
    100 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages

    You must not have the backports repo enabled. What is the output of: grep backports /etc/apt/sources.list.d/*

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • You must not have the backports repo enabled.

    Exactly. I didn't know about the jessie-backports repo until yesterday.
    I did add a .list and therefore are now able to install backport packages.


    The thing is: If I want to install certbot, it tells me it depends on python-certbot. If I want to install that, it tells me it depends on python-acme, python-cryptography and python-openssl.....
    Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).


    I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)

  • Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).

    Nope, it isn't endless and this is why omv-extras pins the proper packages (see here). If you want letsencrypt, there is no way around it with jessie/OMV 3.x. Most of the time, installing python packages (not python itself) from backports is minimal risk. Make a backup before doing this though...



    I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)

    Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • I've got exactly he same issue. read above. Really wants a second certifite for my second domain. More people?

  • Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.

    I am not sure if it is... is adding the deb for the backports as a .list all I have to do to enable the repo?
    because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.

  • is adding the deb for the backports as a .list all I have to do to enable the repo?

    and then run apt-get update.


    because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.

    That file gets overwritten whenever you doing anything in omv-extras. Put it in its own file. I still don't understand why you don't have the backports file since OMV 3 started adding it.

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • You must have a conflict with another package already being installed then. What is the output of:


    Code
    apt-get update
    apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
    python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
    python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
    python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
    python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
    python-zope.event python-zope.interface

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • so, this is what I get:


    Is there anything you see in here that can help me?

  • I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports). What is the output of:


    apt-cache policy python-cffi python-cffi-backend python python-cryptography python-openssl


    If things don't look right in that output, you may have to wait until you can put omv 4.x on the system.

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports).

    Sorry, I should have clarified the armhf thing. The output of the policy check is:


    I hope I don't have to wait for OMV 4.x ... is there another way to get SSL working on an armhf system?

  • So.... I googled around a bit and found out that apparently some dependencies are not available as needed in jessie-backports.


    I found them in the stretch repo and installed them seperately from the rest:

    Code
    echo deb http://ftp.debian.org/debian stretch main > /etc/apt/sources.list.d/stretch.list
    apt-get update
    apt-get install -t stretch python-cffi-backend python-cryptography python-openssl


    after that I used that command you gave me (without those 3 packages I installed from stretch already):

    You must have a conflict with another package already being installed then. What is the output of:


    Code
    apt-get update
    apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
    python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
    python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
    python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
    python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
    python-zope.event python-zope.interface

    and after all that went quite well, I tried installing the plugin from the webGUI and that worked as well (although it gave out about a hundred errors in the end, after telling me the following:)


    Code
    Processing triggers for openmediavault (3.0.88) ...
    Updating locale files ...
    Updating file permissions ...
    Purging internal cache ...
    Restarting engine daemon ...
    Errors were encountered while processing:
    collectd-core

    And now the plugin is there and it seems to work, but I have to get up early tomorrow and will probably test all the functionality tomorrow afternoon (and see if it broke anything else on the way...)


    good night!

  • by the way, can enybody change the pluginconfiguration for a 4096 RSA key? :/
    here are a link for the issue on github:
    https://github.com/OpenMediaVa…ault-letsencrypt/issues/4

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • My letsencrypt-cert checks for monthly renewal, but the job says no
    renewal is needed, even 5 days before cert will expire. I receive Email
    from letsencrypt saying I have to check my cert.



    When I push a creation of a new cert manually, a new cert is created,
    but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
    (I use my cert with nginx for nextcloud)



    How can I resolve this issue?

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • My letsencrypt-cert checks for monthly renewal, but the job says no
    renewal is needed, even 5 days before cert will expire. I receive Email
    from letsencrypt saying I have to check my cert.

    To start, a lot has changed in this plugin and was tested (not by me since I don't use it). If the plugin is doing something wrong, someone needs to help me make changes.


    When I push a creation of a new cert manually, a new cert is created,
    but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.

    I think this is the proper way to do it. You shouldn't have to generate new certs very often, should you?



    How can I resolve this issue?

    Pull requests on github would be best.

    omv 5.5.22 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.4
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Do you have your OMV web UI configured to force all connections via SSL? I had this same problem with the plugin, but temporarily disabling the "force SSL" setting worked around this.

  • I'm having an issue with this plugin:


    Is the "home" suffix somehow not recognized/allowed? Why? Or is this a different issue?

  • Quote

    Do you have your OMV web UI configured to force all connections via SSL?

    No I don't, since I do not use the cert for my Weblogin but for Nextcloud. So does not bring me any further. Same setting within nginx: No ForceSSL


    Other suggestions?

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!