Question Let's Encrypt wildcard certificate

Currently reading
Question Let's Encrypt wildcard certificate

32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Last edited:
Following this guide:

I have installed linuxserver/letsencrypt docker container:

I have used the following configuration while creating the container via SSH:
docker create --name=letsencrypt --cap-add=NET_ADMIN -e PUID=1026 -e PGID=101 -e TZ=Europe/Athens -e URL=XXX.net -e SUBDOMAINS=wildcard -e VALIDATION=dns -e DNSPLUGIN=cloudflare -e [email protected] -e DHLEVEL=2048 -v
(Where XXXX, my domain and email, redacted for privacy)

Although the container runs perfectly well with no errors in the docker package log
the container does not output the wildcard certificate in /volume1/docker/letsencryptdata/etc/letsencrypt/
furthermore there is no folder named: live or archive as the guide describes

I want also to note that i followed the guide all the way
I have a valid cloudflare account with the TXT entry in its DNS record described in the guide
I have entered the cloudflare API Token and my email (cloudflare login) into cloudflare.ini ini in /volume1/docker/letsencryptdata/dns-conf/
I also tried with the firewall in DSM on and off

Running out of options any help would be highly appreciated!
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Could you share your output log? Anonymize it beforehand ofc.
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Could you share your output log? Anonymize it beforehand ofc.
where do i find the output log?
all the folders in /docker/letsencryptdata/log are empty... (strange)
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You can find the log in the log tab inside Docker UI for LE container.
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
all seems good in the log...

Annotation 2020-04-11 104306.png
 
349
91
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Not sure if that’s similar problem, but when I try to get new certificates I need to stop the container, rename the letsencrypt folder in etc to something like _oldletsencypt, then start the container. It creates the folder again with new certificates. Maybe you can try it too to solve your problem.
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Not sure if that’s similar problem, but when I try to get new certificates I need to stop the container, rename the letsencrypt folder in etc to something like _oldletsencypt, then start the container. It creates the folder again with new certificates. Maybe you can try it too to solve your problem.

Done it... new letsencrypt folder created
Annotation 2020-04-11 112015.png


where are the certificated supposed to be in?
the folder structure exist but all the folders are empty.
Annotation 2020-04-11 112419.png
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
/etc/letsencrypt/archive or /etc/letsencrypt/live not in accounts
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Can we see the log from the LE container? Not the docker log that you send before.
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Can we see the log from the LE container? Not the docker log that you send before.
the folder /docker/letsencryptdata/log/letsencrypt is empty... can i find it somewhere else?

Annotation 2020-04-11 151619.png
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Open the container details page and switch to the log tab
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Last edited:
Open the container details page and switch to the log tab
Here is my log
My credentials in /config/dns-conf/cloudflare.ini are 100% correct
P.S.: Thank you in advance, your help is greatly apprecited!

Code:
2020-04-11 21:01:53    stdout    ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
2020-04-11 21:01:53    stdout    Please see the logfiles in /var/log/letsencrypt for more details.
2020-04-11 21:01:53    stdout    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again'))
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again'))
2020-04-11 21:01:53    stdout        raise MaxRetryError(_pool, url, error or ResponseError(cause))
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 436, in increment
2020-04-11 21:01:53    stdout        retries = retries.increment(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 719, in urlopen
2020-04-11 21:01:53    stdout        resp = conn.urlopen(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again
2020-04-11 21:01:53    stdout        raise NewConnectionError(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 168, in _new_conn
2020-04-11 21:01:53    stdout        conn = self._new_conn()
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 300, in connect
2020-04-11 21:01:53    stdout        conn.connect()
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
2020-04-11 21:01:53    stdout        self._validate_conn(conn)
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 376, in _make_request
2020-04-11 21:01:53    stdout        httplib_response = self._make_request(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 665, in urlopen
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    socket.gaierror: [Errno -3] Try again
2020-04-11 21:01:53    stdout        for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
2020-04-11 21:01:53    stdout        for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
2020-04-11 21:01:53    stdout        conn = connection.create_connection(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 156, in _new_conn
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout    [31mAn unexpected error occurred:[0m
2020-04-11 21:01:47    stdout    Plugins selected: Authenticator dns-cloudflare, Installer None
2020-04-11 21:01:47    stdout    Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-04-11 21:01:31    stdout    Generating new certificate
2020-04-11 21:01:31    stdout    dns validation via cloudflare plugin is selected
2020-04-11 21:01:31    stdout    E-mail address entered: [email protected]
2020-04-11 21:01:31    stdout    Wildcard cert for XXXX.net will be requested
2020-04-11 21:01:31    stdout    SUBDOMAINS entered, processing
2020-04-11 21:01:31    stdout    2048 bit DH parameters present
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    STAGING=
2020-04-11 21:01:31    stdout    [email protected]
2020-04-11 21:01:31    stdout    DNSPLUGIN=cloudflare
2020-04-11 21:01:31    stdout    VALIDATION=dns
2020-04-11 21:01:31    stdout    DHLEVEL=2048
2020-04-11 21:01:31    stdout    ONLY_SUBDOMAINS=false
2020-04-11 21:01:31    stdout    EXTRA_DOMAINS=
2020-04-11 21:01:31    stdout    SUBDOMAINS=wildcard
2020-04-11 21:01:31    stdout    URL=XXXX.net
2020-04-11 21:01:31    stdout    TZ=Europe/Athens
2020-04-11 21:01:31    stdout    PGID=101
2020-04-11 21:01:31    stdout    PUID=1026
2020-04-11 21:01:31    stdout    Variables set:
2020-04-11 21:01:31    stdout    [cont-init.d] 50-config: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 30-keygen: exited 0.
2020-04-11 21:01:31    stdout    using keys found in /config/keys
2020-04-11 21:01:31    stdout    [cont-init.d] 30-keygen: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 20-config: exited 0.
2020-04-11 21:01:31    stdout    [cont-init.d] 20-config: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 10-adduser: exited 0.
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    User gid:    101
2020-04-11 21:01:31    stdout    User uid:    1026
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    GID/UID
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    https://www.linuxserver.io/donate/
2020-04-11 21:01:31    stdout    To support LSIO projects visit:
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    Let's Encrypt: https://letsencrypt.org/donate/
2020-04-11 21:01:31    stdout    To support the app dev(s) visit:
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    Brought to you by linuxserver.io
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout             |_| |___/ |_|  \__/
2020-04-11 21:01:31    stdout             | | \__ \ | | | () |
2020-04-11 21:01:31    stdout             | | / __| | |  /  \
2020-04-11 21:01:31    stdout             | |  ___   _    __
2020-04-11 21:01:31    stdout              _         ()
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:29    stdout    [cont-init.d] 10-adduser: executing...
2020-04-11 21:01:29    stdout    [cont-init.d] 01-envfile: exited 0.
2020-04-11 21:01:29    stdout    [cont-init.d] 01-envfile: executing...
2020-04-11 21:01:29    stdout    [cont-init.d] executing container initialization scripts...
2020-04-11 21:01:29    stdout    [fix-attrs.d] done.
2020-04-11 21:01:29    stdout    [fix-attrs.d] applying ownership & permissions fixes...
2020-04-11 21:01:29    stdout    [s6-init] ensuring user provided files have correct perms...exited 0.
2020-04-11 21:01:29    stdout    [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Well if the container is registering problem with ink files then that’s the problem. You did enter the API right? not user name and pass from CF account?

If this is correct, then you might have problems with dsm permission for that file or folder.
 
32
7
NAS
DS218+
Router
  1. RT2600ac
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
If this is correct, then you might have problems with dsm permission for that file or folder.

When a container is created and running the user who created it should be the owner and have all permisions... correct? I created it and I am an administrator, examining all the permisions by the first look all seems to be ok.

I think I will give up and simply wait for DSM7 hoping that it will support wildcart certs, LOL!
 

Rusty

Moderator
NAS Support
2,393
709
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
That is true regarding permissions. The problem with your case might be this 3rd line Failed to establish a new connection: [Errno -3]. Looking at the log it might not be an error in ini file after all but it’s odd for me to have that in the log. Another possible thing is that your container has no connection to the internet so it can’t talk to LE side and that throws an error.

You are using an API and password and INI parameters?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top