Question Let's Encrypt wildcard certificate

Currently reading
Question Let's Encrypt wildcard certificate

44
16
NAS
DS218+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
Last edited:
Following this guide:

I have installed linuxserver/letsencrypt docker container:

I have used the following configuration while creating the container via SSH:
docker create --name=letsencrypt --cap-add=NET_ADMIN -e PUID=1026 -e PGID=101 -e TZ=Europe/Athens -e URL=XXX.net -e SUBDOMAINS=wildcard -e VALIDATION=dns -e DNSPLUGIN=cloudflare -e [email protected] -e DHLEVEL=2048 -v
(Where XXXX, my domain and email, redacted for privacy)

Although the container runs perfectly well with no errors in the docker package log
the container does not output the wildcard certificate in /volume1/docker/letsencryptdata/etc/letsencrypt/
furthermore there is no folder named: live or archive as the guide describes

I want also to note that i followed the guide all the way
I have a valid cloudflare account with the TXT entry in its DNS record described in the guide
I have entered the cloudflare API Token and my email (cloudflare login) into cloudflare.ini ini in /volume1/docker/letsencryptdata/dns-conf/
I also tried with the firewall in DSM on and off

Running out of options any help would be highly appreciated!
 
all seems good in the log...

Annotation 2020-04-11 104306.png
 
Not sure if that’s similar problem, but when I try to get new certificates I need to stop the container, rename the letsencrypt folder in etc to something like _oldletsencypt, then start the container. It creates the folder again with new certificates. Maybe you can try it too to solve your problem.
 
Not sure if that’s similar problem, but when I try to get new certificates I need to stop the container, rename the letsencrypt folder in etc to something like _oldletsencypt, then start the container. It creates the folder again with new certificates. Maybe you can try it too to solve your problem.

Done it... new letsencrypt folder created
Annotation 2020-04-11 112015.png


where are the certificated supposed to be in?
the folder structure exist but all the folders are empty.
Annotation 2020-04-11 112419.png
 
Last edited:
Open the container details page and switch to the log tab
Here is my log
My credentials in /config/dns-conf/cloudflare.ini are 100% correct
P.S.: Thank you in advance, your help is greatly apprecited!

Code:
2020-04-11 21:01:53    stdout    ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
2020-04-11 21:01:53    stdout    Please see the logfiles in /var/log/letsencrypt for more details.
2020-04-11 21:01:53    stdout    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again'))
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again'))
2020-04-11 21:01:53    stdout        raise MaxRetryError(_pool, url, error or ResponseError(cause))
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 436, in increment
2020-04-11 21:01:53    stdout        retries = retries.increment(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 719, in urlopen
2020-04-11 21:01:53    stdout        resp = conn.urlopen(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7ff52c514340>: Failed to establish a new connection: [Errno -3] Try again
2020-04-11 21:01:53    stdout        raise NewConnectionError(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 168, in _new_conn
2020-04-11 21:01:53    stdout        conn = self._new_conn()
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 300, in connect
2020-04-11 21:01:53    stdout        conn.connect()
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
2020-04-11 21:01:53    stdout        self._validate_conn(conn)
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 376, in _make_request
2020-04-11 21:01:53    stdout        httplib_response = self._make_request(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 665, in urlopen
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    During handling of the above exception, another exception occurred:
2020-04-11 21:01:53    stdout  
2020-04-11 21:01:53    stdout    socket.gaierror: [Errno -3] Try again
2020-04-11 21:01:53    stdout        for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
2020-04-11 21:01:53    stdout        for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
2020-04-11 21:01:53    stdout        conn = connection.create_connection(
2020-04-11 21:01:53    stdout      File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 156, in _new_conn
2020-04-11 21:01:53    stdout    Traceback (most recent call last):
2020-04-11 21:01:53    stdout    [31mAn unexpected error occurred:[0m
2020-04-11 21:01:47    stdout    Plugins selected: Authenticator dns-cloudflare, Installer None
2020-04-11 21:01:47    stdout    Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-04-11 21:01:31    stdout    Generating new certificate
2020-04-11 21:01:31    stdout    dns validation via cloudflare plugin is selected
2020-04-11 21:01:31    stdout    E-mail address entered: [email protected]
2020-04-11 21:01:31    stdout    Wildcard cert for XXXX.net will be requested
2020-04-11 21:01:31    stdout    SUBDOMAINS entered, processing
2020-04-11 21:01:31    stdout    2048 bit DH parameters present
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    STAGING=
2020-04-11 21:01:31    stdout    [email protected]
2020-04-11 21:01:31    stdout    DNSPLUGIN=cloudflare
2020-04-11 21:01:31    stdout    VALIDATION=dns
2020-04-11 21:01:31    stdout    DHLEVEL=2048
2020-04-11 21:01:31    stdout    ONLY_SUBDOMAINS=false
2020-04-11 21:01:31    stdout    EXTRA_DOMAINS=
2020-04-11 21:01:31    stdout    SUBDOMAINS=wildcard
2020-04-11 21:01:31    stdout    URL=XXXX.net
2020-04-11 21:01:31    stdout    TZ=Europe/Athens
2020-04-11 21:01:31    stdout    PGID=101
2020-04-11 21:01:31    stdout    PUID=1026
2020-04-11 21:01:31    stdout    Variables set:
2020-04-11 21:01:31    stdout    [cont-init.d] 50-config: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 30-keygen: exited 0.
2020-04-11 21:01:31    stdout    using keys found in /config/keys
2020-04-11 21:01:31    stdout    [cont-init.d] 30-keygen: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 20-config: exited 0.
2020-04-11 21:01:31    stdout    [cont-init.d] 20-config: executing...
2020-04-11 21:01:31    stdout    [cont-init.d] 10-adduser: exited 0.
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    User gid:    101
2020-04-11 21:01:31    stdout    User uid:    1026
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    GID/UID
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    https://www.linuxserver.io/donate/
2020-04-11 21:01:31    stdout    To support LSIO projects visit:
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    Let's Encrypt: https://letsencrypt.org/donate/
2020-04-11 21:01:31    stdout    To support the app dev(s) visit:
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout    Brought to you by linuxserver.io
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:31    stdout             |_| |___/ |_|  \__/
2020-04-11 21:01:31    stdout             | | \__ \ | | | () |
2020-04-11 21:01:31    stdout             | | / __| | |  /  \
2020-04-11 21:01:31    stdout             | |  ___   _    __
2020-04-11 21:01:31    stdout              _         ()
2020-04-11 21:01:31    stdout    -------------------------------------
2020-04-11 21:01:31    stdout  
2020-04-11 21:01:29    stdout    [cont-init.d] 10-adduser: executing...
2020-04-11 21:01:29    stdout    [cont-init.d] 01-envfile: exited 0.
2020-04-11 21:01:29    stdout    [cont-init.d] 01-envfile: executing...
2020-04-11 21:01:29    stdout    [cont-init.d] executing container initialization scripts...
2020-04-11 21:01:29    stdout    [fix-attrs.d] done.
2020-04-11 21:01:29    stdout    [fix-attrs.d] applying ownership & permissions fixes...
2020-04-11 21:01:29    stdout    [s6-init] ensuring user provided files have correct perms...exited 0.
2020-04-11 21:01:29    stdout    [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
 
If this is correct, then you might have problems with dsm permission for that file or folder.

When a container is created and running the user who created it should be the owner and have all permisions... correct? I created it and I am an administrator, examining all the permisions by the first look all seems to be ok.

I think I will give up and simply wait for DSM7 hoping that it will support wildcart certs, LOL!
 
That is true regarding permissions. The problem with your case might be this 3rd line Failed to establish a new connection: [Errno -3]. Looking at the log it might not be an error in ini file after all but it’s odd for me to have that in the log. Another possible thing is that your container has no connection to the internet so it can’t talk to LE side and that throws an error.

You are using an API and password and INI parameters?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top