OMV5 Lets Encrypt error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ecutechnextcloud.duckdns.org

I ran this command:create a letsencrypt docker

It produced this output:

An unexpected error occurred:SUBDOMAINS entered, processing
Wildcard cert for ecutechnextcloud.duckdns.org will be requested
duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
nerating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<urllib3.connection.HTTPSConnection object at 0x7f5db7f5c6a0>: Failed to establish a new connection: [Errno -3] Try again’))
Please see the logfiles in /var/log/letsencrypt for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct.

My web server is (include version):

The operating system my web server runs on is omv5

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Have your also opened a ticket in the OMV forum?
https://forum.openmediavault.org/

Hi. Not yet no. I find replys to be non existent on there.

Well, I’m not familiar with OMV.
But from the error msg, maybe your device name is “too long”.
It should only be “one field” larger than duckdns.org.
I see you wrote:

Which is only “one field” bigger.
But the err msg seems to indicate that it is confused about the name (length or number of names) and is trying to issue a wildcard cert to cover it/them.

Again, I’m not familiar with OMV.

Can you show the file?:

Can you try with a similar, but shorter, name?

Strange thing is there are no log files stored in that folder. I had all of this working last week. We had a power outage and lets encrypt wont work now. I have checked and all ports are forwarded ok. All other containers seem to work ok. I have re installed letsencrypt but always get the same error.

Have you checked the disk?
The power failure could have corrupted files, or sectors, on the disk.

Was that with the same FQDN?
[if so, we can rule out name length and such]

Hi @chrislawton

read your error:

Your server can’t connect Letsencrypt. May be your network configuration is buggy.

curl https://community.letsencrypt.org/

from that machine.

2 Likes

Yes disk checks ok. All other containers are fine apart from lets encrypt. No matter how many times i uninstall and install, i always get the same error.

Adding to @JuergenAuer request:
Does your system have all the right networking info (as before the power outage)?
IP / mask / gateway / DNS

I believe so yes. I run AdGuard. I can connect to other apps like emby/plex from outside my network. Im thinking the letsencrypt container has no internet access? is this possible?

root@3189ba709f03:/# curl https://community.letsencrypt.org/
curl: (6) Could not resolve host: community.letsencrypt.org

That seems to be a DNS issue.
(or a missing gateway entry perhaps)

I’m not familiar with OMV, but that sounds reasonable.
Reprocess all the steps required to create it and you might fix the problem that way.

I agree, but no idea how to change it on docker. This is the network settings for the letsencrypt docker
nextcloud_default 172.26.0.3 172.26.0.1 02:42:ac:1a:00:03

(192.168.0.218 is this server)

If you had to destroy it and rebuild it, could you?
[the LE docker]

Yes. I have done it several times already. Outcome is always the same.

Right, then you must be missing an entry (or an entire step).

Can you ping 8.8.8.8 from that container?
Can you do a traceroute to 8.8.8.8 from that container?

Can you ping 8.8.8.8 from OUTSIDE that container?
Can you resolve any FQDN from OUTSIDE that container?

can you give me the command please?

ping 8.8.8.8
traceroute -I 8.8.8.8
nslookup facebook.com