Posts by MarkTwo

Quote from cubemin

Well, first of all, don't use sudo if you're already root.

Second, do you have your OMV GUI on port 80? If so, change it - otherwise certbot is unable to spin up its own web server on the same port for authentication. Or use webroot instead of standalone.

Other than that, I don't have any ideas... unless your router is interfering with port 80 forwarding for some reason. (You don't need 81 and 443, btw.)

I gave that a try. I will tell you what happened....

I set my OMV port to 81 in "General Settings". Then I opened up PuTTy and SSH'd into my server, logged in, and ran the following command:

$ sudo certbot certonly --standalone

I was prompted to put in my domain name so I put in my DuckDNS domain name for my server (IPv4 address and everything all correct).

I got this error.

So when I do port 81, the challenges fail.

I tried setting it to port 80 and running it again. The challenge seems to work, BUT then it gives me this error: "Problem binding to port 80: Could not bind to IPv4 or IPv6."

I looked online and basically what people say for this error is that something is already using port 80, and so it cannot do it.

But I ran netstat -ano on my home desktop to find anything using port 80 in my home network, and there isn't anything. There is the option possibly bypassing this error and removing the --standalone from the command so that it looks like:

$ sudo certbot certonly

Which will then prompt you to choose from a few options like 1) Use the Nginx webserver plugin 2) Spin up a temporary webserver 3) Place files in webroot directory.

Anyways I don't want to use those, I want to figure out what is going on with the "Problem binding to port 80: Could not bind to IPv4 or IPv6." error.

So are there any reasons why it can't bind to port 80?

Quote from cubemin

Instead of "Web Hosting Product," select "None of the above." Then just follow the instructions. Provided that you have the OMV GUI set to be accessed through a port other than 80, use the certbot standalone command, otherwise go with the webroot one.

And yes, you do need that DuckDNS URL... certificates work with hostnames, not IP addresses (as far as I can tell), at least those tied to a proper CA like LetsEncrypt.

I don't know the answer to your question re: email... or why TLS won't work for you. But something tells me the problem isn't with the certificates you're generating. Regardless, maybe the certbot route will give us some clues.

Sorry for the long delay I have been busy with life.

I installed snapd and certbot, so those are both done.

I am now running into an issue when I try to perform a certificate validation. I have taken a screen capture of the issue below, and I scratched out my domain name. Basically when I put in my DuckDNS url, it failed to generate a certificate. I checked and my DucKDNS url does have my public IP address assigned. My ports 80, 81 and 443 are forwarded (TCP and UDP) in my router to my server. It says the challenge has failed.

Any thoughts? I don't see how networking could be an issue, it is a pretty simple setup, the server is directly connected to the router via ethernet. What else could cause a failure to set up certificates?

Quote from cubemin

Have you looked at this?

Alright so I looked at that guide and let me do a brief recap here:

It says that LetsEncrypt is essentially a Certificate Authority (CA).

Okay... TLS/SSL works by using a CA, like LetsEncrypt. And TLS/SSL is not working on my OMV5 which is the problem of this thread.

My TLS/SSL wasn't working before I installed LetsEncrypt, and still doesn't work after I tried to install it using the guide I posted in my first post, which was this. It only partially installs, minus the TLS/SSL secure connection.

It fails to install, I suspect, because there was something wrong with my TLS/SSL in OMV5 in the first place. Which is why I made this thread. But what? Well I guess that brings us to the certificate itself.... I tried re-generating the certificate in OMV5 several times.... but TLS/SSL still doesn't work.

Then you suggested using CertBot instead. I have not done that yet, because I am stuck on one thing, I need to know what to input on this page take a look). I am searching for the correct installation instructions. I am putting down: "My HTTP website is running "Web Hosting Product" on "Debian 10 (buster)."" Because OMV5 is Debian based.

Okay... once I get that solved, I will try to install Certbot. I should also mention a few things too:

-I use DuckDNS to resolve a URL for my "website" but just to keep this simple I will install CertBot using my public IP. I don't need a URL yet.

-When generating my certificate in OMV5, I just used my personal Gmail email to fill out that field that asks you for an email. My personal email has nothing to do with my server, and I don't know the purpose of there being an email in the certificate. Why do we need an email? Is there a technical reason?

So if I get CertBot installed then maybe LetsEncrypt will have a "good" certificate to now use, and therefore my TLS/SSL will work?

I am bumping this thread again because I truly need assistance.

Bumping thread in hopes of getting a solution.

Quote from cubemin

I don't know. I assumed you were trying to generate/use a LetsEncrypt certificate to use with your server's public hostname. You're trying to use a self-signed certificate which is fine of course, but will always trigger a browser warning the first time you try to connect to the server via https (since it's self-signed.)

I don't know all the steps you've taken since generating your cert, so it's difficult to say where the problem lies.

Well firstly I generated the cert in "certificates" months ago, before I even knew about LetsEncrypt. I was following TechnoDadLife's tutorial for setting up OMV5 for the first time.

But months later when I am trying to get remote access set up, I follow the tutorial mentioned in my other thread here:

Locked out of OMV5 after setting connection to Port 81, and ongoing SSL/TLS connection issue

And when following the tutorial - I proceeded use that same cert.

Now I was troubleshooting last night, and I created another self-signed cert. (And deleted my old one). However I am getting the same error as before:

Its not the first time I try to connect, it is every time.... "The connection is not secure." I can't get TLS/SSL to work.

First and foremost I don't understand the difference between signed and self signed certs, and how that could be affecting this issue. If you want to enlighten me that would be appreciated.

Now I could try Certbot to generate a cert but I would need some guidance on how to add that to my OMV5 so it can be selected. Then I could try to connect again to see if HTTPS is working properly and/or if TLS/SSL is working properly.

Quote from cubemin

Are you using certbot (the tool recommended by LetsEncrypt)? If so, what certbot command did you run to register your certificate?

I did not use Certbot.

I simply generated a certificate using my OMV5 control panel > "certificates."

Do you think my certificate is not being accepted, and that is why TLS/SSL will not work?

Quote from dsm1212

Make sure your browser has not cached a bad certificate. Probably not it but that can be a really pernicious problem. I wanted to suggest another option is using the swag docker image. For me it was much easier and is a more complete solution. Especially if you are already using duckdns. It has a config file for each of about a 100 apps you can enable. I'm running some apps in a secure vpn network so I had to tweak a few of the files, but it wasn't hard. So I moved the omv5 port to some odd number and then used swag for everything. Certs work, it takes care of letsencrypt, all apps are securely at appname.yyyy.duckdns.org, and browsers are happy.

But I don't see how this solves my fundamental problem. SWAG is going to ask for a secure TLS/SSL connection just like letsencrypt, and letsencrypt failed when I tried to set it up. My OMV5 server does not seem to be able to use TLS/SSL.

I know this, because if a select "force SSL connection" and my browser attempts to connect using a bad certificate (which I don't think is the case because I have always used the same cert since setting up the server) then it shouldn't be able to connect.

But it still connects - just using only HTTP!

So I need to understand what is going wrong with my OMV5 server and why TLS is having issues.

I've been working on this issue for months and it is very frustrating. I need assistance.

Quote from cubemin

You state that https://<your local IP>:443 works, then you say it doesn't and kicks you back to http. Did you mean to say that https://<your public hostname>:443 doesn't work?

I'm assuming you have a hostname registered via a dynamic DNS service. Are you on a typical home LAN behind a router?

Side note: I recommend not forcing secure connections only. It's generally safe, and easier, to use plain HTTP on the local network, and the http port won't be exposed to the Internet.

Sir, I meant my local IP. Yes - I have a DuckDNS set up for my Public IP (for remote access) but I intend to use that later. If I were to connect outside my LAN using my Public IP, with port forwarding, the connection still shows as insecure, just like inside my LAN.

My issue still stands: I can't get TLS/SSL working in OMV5.

I need to know what I have to configure to get it to work. Please assist.

I am following up to my previous thread here:

Locked out of OMV5 after setting connection to Port 81, and ongoing SSL/TLS connection issue

I cannot solve that thread, until I solve a fundamental issue with my server:

I cannot use TLS/SSL in my server.

I have set HTTP to 81 and HTTPS to 443. My server will only connect to the OMV5 Control Panel if I type 192.168.1.103 or specify http://192.168.1.103:81/ or https://192.168.1.103:443.

But when I attempt a connection with HTTPS via 443, it will show an insecure connection only (of HTTP). I have checked both the "Enable secure connection" and "Force secure connection only" options, and I have rebuilt my certificate, but nothing is working.

Something is wrong with my configuration. Without TLS/SSL working properly I will never be able to have a secure connection using tools like LetsEncrypt (to access my server remotely) or anything. I have searched online and cannot find any information on how to fix this.

Please assist if you can.

Quote from geaves

Another option is to run omv-firstaid from the cli and select option 2

I used omv-firstaid and did option 2.

So I did this:

I set HTTP to Port 81

I set HTTPS to Port 443

I am back in and both https://192.168.1.103:81/ and https://192.168.1.103:443/ successfully connect - However it removes the https:// when I connect.

I am using Google Chrome, but I think it is again the server not letting me use TLS/SSL, which is also why I can't fully install and use NextCloud-LetsEncrypt. This is the fundamental issue here.

Any thoughts why it is doing this?

Quote from geaves

docker compose up -d is not custom code he's simply deploying the .yaml file he created from the file he created using nano from the command line

Thanks for the info.

Anyways I am still locked out of my OMV5 instance. I need to fix that first before I can fix my NextCloud install problem. Help would be appreciated.

Bumping. Any feedback would be helpful.

Alright so my OMV5 NAS does not connect via HTTPS. It only connected via HTTP, even if I try to force a TLS/SSL connection. I can access the Control Panel, and even network shares where I store my files (via Windows 10 network shares)

My inability to connect via HTTPS (TLS/SSL) only became a problem when I was trying to install "NextCloud". Its an application that allows you to access files remotely on the internet. This video shows you how to do it as a container in Docker, managed by the application Portainer:

Skip to 8:00 to 9:00, and he will talk about running some custom code that he made which will basically set up your NextCloud containers.

However - when you run this guy's code it also requires an encrypted connection, because it sets up something called "NextCloud-LetsEncrypt". This obviously requires that TLS/SSL is enabled on the server for it to work. If you don't have that turned on, then running the code will install the NextCloud application, but not the LetsEncrypt container, and that's a problem

After some troubleshooting - I figured out how to get it working. I turned off SSL/TLS in OMV5 General Settings, but kept TLS/SSL on in the TLS tab. Then I ran the code on more time, and it worked! All the containers were installed.

But... I was having trouble with setting up a "fresh" install of NextCloud - so I decided to start from scratch, reinstall everything etc. make it so I could configure NextCloud properly...

Following his instructions, in General Settings I made my server connect to a different port than HTTP. I set it to Port 81. Then I turned back on TLS/SSL in General Settings....

Now I try to connect using my internal IP, so it looks like this (including the port number):

192.168.1.103:81

Now here is the problem:

1) Using https://192.168.1.103:81

I can't connect to the OMV5 control panel using HTTPS, because it says it "refused to connect". As if it is forcing a TLS/SSL connection...

2) Using http://192.168.1.103:81

I can't connect using HTTP either - it gives the same error.

Did I mess it up? I feel like doing either HTTPS or HTTP at Port 81 wont work.

Furthermore even if I get this working and I get back in - how DO I enable a TLS/SSL connection?

I ultimately want to be able to complete this guy's video and do a proper NextCloud install. Thanks.

I have successfully connected to my OMV5 server with OpenVPN over the internet (outside of my home network) with my Laptop running Windows 10.

My home router has port forwarding to my OMV5 server with port 1194 on (used by OpenVPN). My OMV5 server configuration also has NFS enabled, and I have added to it the shared folder that I want to be able to access (which is the same one I access when I am connected to my home network).

I had expected to see my NAS server pop up in the "Network and Sharing" center in Windows 10, just like it does when I am connected from my home network. Unfortunately however, it does not appear, and I cannot access my Network Shares from across the internet.

I have tried solutions such as running:

net use x: \\vpn.ip.address\share-name

from the command prompt in the Windows 10 client laptop. However that just gives "System error 53 has occurred. The network path was not found."

I am at a loss for solutions? Any idea what I am doing wrong?

I found the solution.

I was putting 0.0.0.0 as my source/external address in the port forwarding menu. In my router this would not work. Instead that field simply had to be left blank.

Now both my 1) duckdns.org url and 2) entering the Public IP address into the browser both work and allow a connection to my OMV server. This is resolved.

No matter what I try, my public IP address (e.g. from whatismyipaddress.com) is not connecting to my OMV server. I have tried connection by both entering the public IP address into my browser, and by using a DuckDNS url.

Note: This issue first happened after my router was reset. Beforehand, it was connecting when I used the public IP address.

I have already done the following:

-Added port forwarding in my router to go my OMV server for ports 443 and 80. (Had it that way before router was reset).

-Added my OMV server LAN IP address as a Static IP address in my router.

-Updated /etc/resolv.conf file in my OMV server to have my new router IP address (before reset it was 198.162.2.1 now it is 198.162.1.1)

-Re-added all SSH and SSL certificates.-Added SSL to "General Settings > Secure Connections"-Tried connecting with "Enable SSL/TLS" and "Force SSL/TLS" disabled or any combination of those two options.

-Added 8.8.8.8 to "Network > Interfaces > DNS Servers" (Note: In this menu the IPv4 connection method is set to "DHCP" and the IPv6 connection method is set to "Disabled").

-Successfully pinged 8.8.8.8 and Google.com and received responses.

-Successfully ran "apt-get update" and "apt-get upgrade" (selecting no configuration changes for most options)

-Restarted my OMV server several times.

I am at a loss. It should be connecting simply by typing http://publicipaddress. Is it a configuration issue with OMV or my router? What else am I missing?