I'm running OMV 5 and I am running nextcloud using swag and self hosted bitwarden. I have received a notice that my letsencrypt certs are expiring. Not sure what to do. Research so far says to run certbot or just restart swag container. I have tried both of these unsuccessfully, but i'm not sure if I did it right.
I received notice from Letsencrypt that certificates are expiring
-
-
revise logs to see exact message and see if certificate is renew or not.
in my swag docker a restart is enought to renew.
-
Check that in your SWAG log, this is showing docker logs -f swag:
Code... Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. ....
To exit the log and get back to prompt, click Ctrl+C
If it doesn't show, something isn't right on your stack/YML
-
This may happen, if you reconfigured something and are not using these certs.
Go to your nextcloud https site and check if the cert really expires (click the lock, vie the cert, it has an expiery date).
If it is about to expire, do what the others told you.
-
I have forgotten a lot of my CLI skills and don't know how to view the SWAG logs. There have been no changes to my setup for the last nine months but I have not been able to get to my nextcloud website or the bitwarden site. Bitwarden is still working fine though. Can someone give me the basics of viewing the log?
-
From the cli see #3
How do you manage your stacks?
If you can not access the wed server (swag) letsencryp will probably not be able too, so it can not issue new certs.
What is the problem when accessing swag/nextcloud/bitwarden by the browser?
-
I had help from this forum and it was done with docker-compose. I looked in portainer also but the stacks are not visible in portainer. When I try to go to the website I get this site can't be reached.
-
-
I also get this error when I restart swag:
Error response from daemon: Cannot restart container swag: driver failed programming external connectivity on endpoint swag (20d9c828a0c7922e124a156d5a890126700951285d19f0903fa31f139ea5eb2c): Bind for 0.0.0.0:81 failed: port is already allocated
-
If you started it a docker-compose, you have to use docker-compose to manage it.
docker-compose -logs will give you the logs (executed in the correct directory)
-
Does anyone have any more thoughts on renewing certs?
-
If you do not give the logs, no one will be able to help. The reasons for this may be:
- swag is not trying to renew certs
- swag is not abe to renew certs
Both will be in the logs. post more than one line.
-
Here is the complete swag log:
Code
Alles anzeigen[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=America/New_York URL=duckdns.org SUBDOMAINS=mydomain1,mydomain2 EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http CERTPROVIDER= DNSPLUGIN=duckdns EMAIL=myemail@verizon.net STAGING= Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d mydomain1.duckdns.org -d mydomain2.duckdn s.org E-mail address entered: myemail@verizon.net http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Saving debug log to /var/log/letsencrypt/letsencrypt.log No match found for cert-path /config/etc/letsencrypt/live/mydomain1.duckdns.or g/fullchain.pem! Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Account registered. Requesting a certificate for mydomain1.duckdns.org and mydomain2.duckdns .org Performing the following challenges: http-01 challenge for mydomain1.duckdns.org http-01 challenge for mydomain2.duckdns.org Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mydomain1.duckdns.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mydomain1.duckdns.org/privkey.pem Your certificate will expire on 2021-06-12. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le New certificate generated; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready run-parts: /etc/periodic/weekly/libmaxminddb: exit status 1 No MaxMind license key found; exiting. Please enter your license key into /etc/c onf.d/libmaxminddb
-
Are you sure, your swag container is running? This should not be one of the last messages:
Your certificate will expire on 2021-06-12. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again.The log contains your reals email and domain names,
Both domains do not have https enabled and end up at the nginx proxy manager. Maybe you should check the logs of this container.
-
When I try docker logs -f nginx I get no such container found. I've tried running certbot in several different directories and I always get "certbot not found".
-
Post the yml or stack you used for swag.
Hide sensible data.
-
When I try docker logs -f nginx I get no such container found. I've tried running certbot in several different directories and I always get "certbot not found".
To run certbot, you have to bash into your swag container
When the prompt changes, run the certbot command.
-
Can you please check, which containers are running? I think, you do not have swag running:
docker ps -a
-
Here is the yml:
Code
Alles anzeigenversion: "2" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud environment: - PUID=1000 - PGID=100 - TZ=America/New_York volumes: - /srv/dev-disk-by-uuid-1c0dc0b4-d37c-4a43-b9ed-597a8dd4f64f/Docker-Config/nextcloud/:/config - /srv/dev-disk-by-uuid-1c0dc0b4-d37c-4a43-b9ed-597a8dd4f64f/Primary/AppData/Nextcloud/:/data depends_on: - nextclouddb ports: - 450:443 restart: unless-stopped nextclouddb: image: ghcr.io/linuxserver/mariadb:latest container_name: nextclouddb environment: - PUID=1000 - PGID=100 - MYSQL_ROOT_PASSWORD=dbpassword volumes: - /srv/dev-disk-by-uuid-1c0dc0b4-d37c-4a43-b9ed-597a8dd4f64f/Docker-Config/nextclouddb/:/config restart: unless-stopped swag: image: linuxserver/swag container_name: swag cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=100 - TZ=America/New_York - DNSPLUGIN=duckdns - URL=duckdns.org - DUCKDNSTOKEN=Mytoken - SUBDOMAINS=Mydomain - ONLY_SUBDOMAINS=true - VALIDATION=http - EMAIL=myemail@verizon.net volumes: - /srv/dev-disk-by-uuid-1c0dc0b4-d37c-4a43-b9ed-597a8dd4f64f/Docker-Config/swag/:/config ports: - 444:443 - 81:80 restart: unless-stopped
Results of docker ps -a:
CodeCONTAINER ID IMAGE COMMAND C REATED STATUS PORTS NAMES 674cf633316b linuxserver/swag "/init" 1 1 months ago Exited (255) 47 hours ago swag 8fd4e954b281 bitwardenrs/server:latest "/usr/bin/dumb-init …" 1 1 months ago Up 46 hours (healthy) 3012/tcp, 0.0.0.0:8005->80/tcp, :::80 05->80/tcp bitwarden b2f8fb6ddfe3 bitwardenrs/server:latest "/usr/bin/dumb-init …" 1 1 months ago Up 46 hours (healthy) 3012/tcp, 0.0.0.0:8080->80/tcp, :::80 80->80/tcp Bitwarden 1991c701edab portainer/portainer-ce "/portainer" 1 1 months ago Up 46 hours 0.0.0.0:8000->8000/tcp, :::8000->8000 /tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp portainer ca5f9bc13f7e e7a6cbc60efd "/init" 1 1 months ago Up 46 hours (healthy) 0.0.0.0:80-81->80-81/tcp, :::80-81->8 0-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx_app_1 8460e386215a ea85f6595b0b "/scripts/run.sh" 1 1 months ago Up 46 hours 3306/tcp nginx_db_1 fd6baf483d4a ghcr.io/linuxserver/nextcloud:latest "/init" 1 1 months ago Up 46 hours 80/tcp, 0.0.0.0:450->443/tcp, :::450- >443/tcp nextcloud 93aef735fb6d ghcr.io/linuxserver/mariadb:latest "/init" 1 1 months ago Up 46 hours 3306/tcp nextclouddb
-
It does appear that swag is not running. I jus tried to start it but got the following error:
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!