openmediavault-letsencrypt

I now have also this error when I want to renew with an additional domain:

>>> *************** Error ***************
The configuration object is in use
<<< *************************************

Any ideas?

Regards lulu

How do you add more hostnames to it?

separate by ", "

but test "; " must work too.

see first post: openmediavault-letsencrypt

I know the ',' is add more host name, but I plan to add another hostname from a different directory.
Not the same one that I currently use, is SNI Proxy the only way?

Zitat von lulu99

I now have also this error when I want to renew with an additional domain:

>>> *************** Error ***************
The configuration object is in use
<<< *************************************

Any ideas?

Regards lulu

Alles anzeigen

The reason for this is that you have the certificate in use in OMV (I know, this is the reason why you use the plugin in the first place ) I faced the same issue and the way I resolved it is to switch OMV to use a self-signed certificate then (re-)create the LE certificate. Unfortunately, even though I succeeded with the re-creation of the certificate and I do find a new one in /etc/letsencrypt/live, it did not make it into OMV's config file and I will have to edit the file manually so I have the new certificate available for OMV. I do have the strange feeling the plugin does not (always) work as expected.
I might write a script to do that if I find the time as I'm using the certificate for two OMV systems and create the cert on one of them so the "problem" to add the cert into OMV's config is the same

Regards,
SlashOpt

Ok thanks for the info. Perfect. So also if you renew it via cronjob this problem occurs?

Regards lulu

Zitat von SlashOpt

The reason for this is that you have the certificate in use in OMV (I know, this is the reason why you use the plugin in the first place ) I faced the same issue and the way I resolved it is to switch OMV to use a self-signed certificate then (re-)create the LE certificate. Unfortunately, even though I succeeded with the re-creation of the certificate and I do find a new one in /etc/letsencrypt/live, it did not make it into OMV's config file and I will have to edit the file manually so I have the new certificate available for OMV. I do have the strange feeling the plugin does not (always) work as expected.
I might write a script to do that if I find the time as I'm using the certificate for two OMV systems and create the cert on one of them so the "problem" to add the cert into OMV's config is the same

Regards,
SlashOpt

I'm using a self-cert for OMV, and LE for my webservers, but I'm still having this error.
I've to deleted the files in CSR and keys folders, and un-install the plugin to generate new certs.

Thanks!

I was hoping to come across something like this! I'm currently using a free StartSSL certificate on my OMV server, and for whatever reason, my phone always shows the red "https" with a strike through it and complains about the certificate being self-signed.

Setup new omv instance and installed lots of plugins, but the letsencrypt one does not open, just stays on the page for the previous plugin, even though the let encrypt one is selected.

I have reinstalled and rebooted several times but no improvement?

The plugin works fine on my other machine.

Zitat von arm1e

Setup new omv instance and installed lots of plugins, but the letsencrypt one does not open, just stays on the page for the previous plugin, even though the let encrypt one is selected.

I have reinstalled and rebooted several times but no improvement?

The plugin works fine on my other machine.

Hi,

I once faced the same issue (I think I also posted about it earlier in this thread). The plugin worked perfectly on my virtual system I use to test things but on my main system it showed the same behaviour as you describe. I tried to debug this and found that at the time you click on the 'let's encrypt' entry in the menu a variable in Javascript is set to an empty string and so the call failed. When I entered the correct value (can't remember what it was atm (openmediavault-letsencrypt?)) it worked. I found out all this as Firefox showed an Javascript exception and I installed the Firebug addon for further investigations. Unfortunately I could not find any bug in the plugin's code which would have fixed the issue
The way I fixed this at the time I faced the problem: I wanted to re-install my system since some time anyway so I just did that and the problem was gone. I know that this will not really help you with the issue but at least you know that someone else faced the same issue and there's (up to now) not a real solution for it.

SlashOpt

Edit: just had a look. It was end of February (page 5 of this thread) when we discussed this issue

Maybe your pop-up blocker interfered it?
If Java is the issue, clear your browser history/cookies, and try on a different browser such as FireFox, Edge...

The plugin fails on the latest OMV3.*, just so others know, when they would consider installing it on the beta: Don't do it, yet.
Is OMV3 (Erasmus) still in beta or is it considered stable?

For my day-job I've been installing security and certificates for years, and ever since Snowden stuff has changed. LetsEncrypt is great, but I can recommend using https://github.com/Neilpang/acme.sh instead of the certbot python monstrosity and dependency hell.

By the way, pity we're still at nginx -v 1.6.* on OMV3. I would love to use http2 and be able to use this config:
https://gist.githubusercontent…cb67d85e1454b10997566/TLS
We only get a B- at qualys ssllabs test.

ACME tool looks like an interesting tool to use.

Hello,

do you intend to support IPv6 in the plugin? Letsencrypt now fully supports IPv6.

I adapt omv-letsencrypt to OMV 3.0.26
I made a pull requests
before accepted, anyone who interested can test my omv-letsencrpyt which is adapted to 3.0.26

https://github.com/luxflow/openmediavault-letsencrypt

How to use?
Enable `OMV-extras testing repo`
install openmediavault-letsencrypt 3.X
enjoy

#HOW CAN I USES MULTIPLE SUBDOMAINS?
change example domain according your domain (*.example.org)
1. add OMV_NGINX_SITE_WEBGUI_SERVERNAME,
this will be your omv admin domain

vim /etc/default/openmediavault
OMV_NGINX_SITE_WEBGUI_SERVERNAME="omv.example.org"

2. add file to /etc/nginx and /etc/nginx/site-enabled
below is example file for subdomain irc

/etc/nginx/http

listen [::]:80;
location /.well-known/ {
    root        /var/www/openmediavault;
}
location  / {
return 301 https://$server_name$request_uri;
}

/etc/nginx/https

listen [::]:443 ssl;


ssl_certificate  /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/example.org/privkey.pem;
#ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;


client_max_body_size 0;


location /.well-known/ {
        root /var/www/openmediavault;
}

/etc/nginx/site-enabled/irc

server {
        server_name irc.example.org;
        include /etc/nginx/http;
}
server {
        server_name irc.example.org;
        include /etc/nginx/https;
        index index.html index.htm index.php;
        location ~ / {
            proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_pass http://127.0.0.1:9000;
        }
}

Zitat von luxflow

I adapt omv-letsencrypt to OMV 3.0.26
I made a pull requests
before accepted, anyone who interested can test my omv-letsencrpyt which is adapted to 3.0.26

https://github.com/luxflow/openmediavault-letsencrypt

How to use?
apt-get install debhelper
git clone https://github.com/luxflow/openmediavault-letsencrypt
cd openmediavault-letsencrypt
debian/rules binary
dpkg -i ../openmediavault-letsencrypt_2.4_all.deb
apt-get install -f

Alles anzeigen

Correct me if I'm Wong but it is compatible with the latest version of omv as well.

Sent from my iPhone using Tapatalk

yes I'm on 3.0.29 and tested it works also
for master branch?, I didn't test it
IMHO, it will also works in master branch since there are no big difference in commit log

Zitat von luxflow

yes I'm on 3.0.29 and tested it works also
for master branch?, I didn't test it
IMHO, it will also works in master branch since there are no big difference in commit log

Why don't you propose a patch with your mods on the original maste branch? In this way it will directly be integrated in omv extras

Sent from my iPhone using Tapatalk