openmediavault-letsencrypt

  • I have upgraded from OMV 3.x to 4.x, and Let's Encrypt used to work, but now it doesn't.


    I have tried everything 5 times: Forwarding ports, reinstalling plugin, updating everything incl. OMV-Extras, running apt clean, checking DNS-settings, asking nicely, yelling at my monitor. Nothing helps. I just get this message every time:


    I'm not good at using Linux, I have SSH-access but mainly use OMV WebUI.
    Any suggestions? Thank you ;)

  • Hi,


    I am on OMV 4.x, I don't have the "Test Certificate" button enabled, certbot is running fine, BUT ...


    Certificate in Tab "SSL" does NOT get renewed - it also tells me an old date in the comment: "LetsEncrypt - home.stockinger.name (20180911)"


    when I directly look into corresponding directories I see that there are new certificates in the letsencrypt directory (dated 29th of Dec), but in the OMV cert and key directory they are still from 11th of Sept.


    I also cannot find anything in the logs:



    letsencrypt.log






    syslog (no trace for a call to Certifcate Management at that time):





    Here is the output for the generated key, which has a different UUID - so the old one was not replaced.
    omv-showkey letsencrypt


    Any ideas?


    Thx, Gerald

  • I have a question.


    I successfully got my certificate.


    In order to avoid errors I set the OMV Web port access to 80, and opened this port in my router.


    Now if I change this port to another of mi like when I have to renew the certificate wil I have problems?


    Best regards.

    • Official Post

    Now if I change this port to another of mi like when I have to renew the certificate wil I have problems?

    yes

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    I guess I need por 80 to be open to keep the certificate OK, right?

    No, you just need it open to renew the cert. If you manually open the port and renew it, you wouldn't need to keep it open all the time.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I have an issue with my letsencrypt, every renewal I have the problem, that the cert gets renewed, but the older one kept in use by nginx. I need to apply a self-signed one to nginx, manually delete the letsentcrypt-cert in cert organisation of OMV and then try to renew the letsencrypt cert. It says that the cert is already up to date and then lists the new letsencrypt cert in OMV so that I can use it in nginx.


    IS there a way to automaticly replace the cert in OMV & nginx with the new one when it gets renewed automaticly?

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

    • Official Post

    IS there a way to automaticly replace the cert in OMV & nginx with the new one when it gets renewed automaticly?

    The OMV 4.x version of the plugin is supposed to do this.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I would like to point out that I have the same problem like riff-raff and I am using OMV 4.0 as well for some time.


    I described my problem a few posts above - maybe my explanation had too much details and was therefore confusing ...


    Result is the same: Letsencrypt gets a new certifcate but OMV does not use it. Need to manually delete it in OMV Frontend and then renew.

  • i have the same problem too. When i see the certs are expired i go to the letsencrypt plugin and do a renew,
    but with the message "Cert not yet due for renewal".
    After the command was issued, i get the notice that the configuration has changed, and i need to confirm,
    like i have to do if i change any omv config. After i do that, the nginx config is reloaded with the right new cert.


    Maybe there is a problem with the automatic reload after cert renewal by the cronjob

    • Official Post

    I have read through this thread - all thirty-one pages and I still have a few questions. The look and functionality of this Letsencrypt plugin has changed since it first was introduced on page one. I have Nextcloud/Letsencrypt running per @TechnoDadLife video on an Odroid HC2. It's all great except when it comes time to renew my cert. Last night, after my certificate expired a couple days ago, I did a fresh install on the Letsencrypt container and received a new certification.


    In the Letsencrypt plugin GUI:

    • Under the Domains tab should I type only the one subdomain I use on this server, or all five (from DuckDNS)? I only have Nextcloud and Plex running on the server. I know this is going to generate tons of guffaws, but what do I do with the other four? What can I make? Edit: I might add, I included all five subdomains in the certificate generated last night.
    • Under the Domains tab Is /var/www/openmediavault the correct webroot for the Nextcloud/Letsencrypt install I described above?
    • Since I just received a new certificate by a fresh install of the letsencrypt container, when if ever should I generate or renew a certificate?
    • Under the Settings tab what should be typed in the "Certificate Name" field?
    • How does the System/Certificates/SSL section of OMV tie into the Letsencrypt plugin? Under the SSL tab I have the Letsencrypt certificate that just expired there and the delete button is greyed out. What do I do with that?

    If someone could please help me on these few points, I would greatly appreciate it. What would be really nice would be if someone would put together a simple "Letsencrypt Plugin Installation Guide." Thanks.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    • Official Post

    About renewing the certificate,for sure you do not need to do a fresh install of the container just pass
    docker logs -f letsencrypt

    Not to steal away the thread (after 31 pages!) but I got that impression after I did so. I deleted the Letsencrypt folder completely as well as the container before restarting, but when I got to the end where you modify the config.php file it was already customized - ready to go; which makes me wonder why even bother with the Letsencrypt plugin for renewals if you can just run docker logs -f letsencrypt a few weeks before expiration. Just set a reminder on your calendar and you're done. Thanks for the observation.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • i have the same problem too. When i see the certs are expired i go to the letsencrypt plugin and do a renew,
    but with the message "Cert not yet due for renewal".
    After the command was issued, i get the notice that the configuration has changed, and i need to confirm,
    like i have to do if i change any omv config. After i do that, the nginx config is reloaded with the right new cert.


    Maybe there is a problem with the automatic reload after cert renewal by the cronjob

    I can confirm this behaviour and this workaround. Few days ago again my certificate expired - needed to do a manual renew.
    Something is wrong here.

  • I can confirm this behaviour and this workaround. Few days ago again my certificate expired - needed to do a manual renew.Something is wrong here.

    Just adding that I have had the same problem for the last year or more. I've learned to just live with it every 3 months.

  • I have also observed this problem, but I have found that self-generating a new certificate, temporarily switching to it, and then switching back to the Let's Encrypt one gets things working again. I am not sure why or how, but that has been my workaround.

  • Hi,


    I think it is a stupid question, but I can't find the way on the web and on this forum to renew the certificate of letsEncrypt. Maybe I don't use the right keyword...


    I am using docker LetsEncrypt.


    Do you have a step-by-step procedure to do that ?


    Thanks!

  • Hi,
    I am using letsencrypt docker for fail2ban and nginx with self signed cert but below should assist you with checking logs and giving an idea. I would first try to restart the docker and check the logs.
    https://hub.docker.com/r/linuxserver/letsencrypt

    Code
    Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under /config/log/letsencrypt to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from letsencrypt in those circumstances.

    https://certbot.eff.org/docs/u…new#renewing-certificates


    Code
    certbot renew

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!