Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
*.martijnnas.duckdns.org
I ran this command:
It produced this output:
Lets Encrypt certificates imported directly to openmediavault SSL. From this point everything went wrong
My web server is (include version):
Openmediavault
The operating system my web server runs on is (include version):
Linux 5.10.0-0.bpo.9-amd64
My hosting provider, if applicable, is:
duckdns.org
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Portainer
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0
Hello Everyone,
I'm pretty new to this, but i got a problem with my Openmediavault + swag docker (portainer) + duckdns docker + any other containers (Nextcloud, radarr, sonarr etc). I want to access with wildcard on my domain. (mostly followed this guide for letsencrypt/swag Nextcloud Docker Stack With A Reverse Proxy Including SSL and DuckDNS - YouTube)
When I'm trying to access my wildcard domains like radarr.martijnnas.duckdns.org the immediately redirect to my openmediavault GUI.. Every subdomain i tried. I tried everything from reading forums, faq, reinstall, wipe, renew, other domain, port changings etc...
*! Thing to mention is that I was playing with the duckdns subdomain names etc It was even working. Later on, I discovered that you can use wildcards with duckdns. So I want to go further with martijnnas.duckdns.org. As you can see I have lots of certificates on that domain now (https://crt.sh/?q=martijnnas.duckdns.org). Don't know if that is the issue (don't know how to remove publish certificates)? !
I'm doing my best to explain what i did and how i installed swag/lets Encrypt:
- Installed Swag docker [linuxserver/swag:latest] in Portainer (OMV-extra). ENV:
DUCKDNSTOKEN: 71849a27-3386-4294-XXXXXXXXXXX
EMAIL: XXXX@gmail.com|
ONLY_SUBDOMAINS: true
PGID: 100
PUID: 998
STAGING: false
SUBDOMAINS: wildcard
TZ: Europe/Amsterdam
URL: martijnnas.duckdns.org
VALIDATION: duckdns
(NET_ADMIN is added)
Port TCP: 80:80 & 444:443 (somehow port 443:443 was already used in portainer..):
-
Created user defined network with Swag and the containers i want to access trough reverse proxy:
Non of my containers has duplicate ports -
Forwarded the following ports on my router:
192.168.178.220 is my server IP.
Local <> External
192.168.178.220 - 80 80
192.168.178.220 - 443 443
192.168.178.220 - 943 943
192.168.178.220 - 51820 51820
192.168.178.220 - 88 88 (Is my OMV GUI with port)
192.168.178.220 - 444 444 -
Installed and started the duckdns container:
PGID: 100
PUID: 998
SUBDOMAINS: martijnnas
TOKEN: 71849a27-3386-4294-XXXXXXXXXXX
TZ: Europe/Amsterdam
It automatically set my server ip adress: 217.123.81.168 for my 'martijnnas' domain in the duckdns website.
When i visit that ip it is also rederect to OMV-GUI.
- Started Swag (and all other containers) with the following log:
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 998
User gid: 100
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=998
PGID=100
TZ=Europe/Amsterdam
URL=martijnnas.duckdns.org
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=duckdns
CERTPROVIDER=
DNSPLUGIN=
EMAIL=xxxxxxxx@gmail.com
STAGING=false
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of martijnnas.duckdns.org will be requested
E-mail address entered: xxxxxxxxx@gmail.com
duckdns validation is selected
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 70-templates: executing...
[cont-init.d] 70-templates: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready
-
removed the .sample (nginx/proxy-confs/) of the used containers (radarr, sonarr, qbittorrent, nextcloud and Jackett and maybe more). Didn't change anything else.
-
(MAYBE WRONG DECISION) I added the /etc/letsencrypt/live/<mydomain.com>/ privkey.pem and cert.pem in the OMV SSL and enabled it at the secure connection.
-
Rebooted the Swag container
-
Finally trying to test the subdomains wildcard.
https://radarr.martijnnas.duckdns.org/, https://sonarr.martijnnas.duckdns.org/, https://nextcloud.martijnnas.duckdns.org/ etc.. every site it opens my OMV-GUI -
Here is what i found out:
After I added the letsencrypt privkey.pem and cert.pem in the OMV SSL all my subdomain url where redirected to the OMV-GUI:
When I deleted or disable the Secure connection on the OMV-GUI, the (sub)domains cant be reached:
This site can’t be reached radarr.martijnnas.duckdns.org refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Funny thing when I user generate an SSL on OMV. It is using that certificate when i open radarr.martijnnas.duckdns.org. But with webbrowser error Your connection is not private. CA Root certificate is not trusted. My page didn't load (only the error)
-
Let's debug testdata (http-01) is:
With letsencrypt SSL in OMV settings = All OK!
Without letsencrypt SSL in OMV settings = IPv4 not working -
Also empty nginx error.log.
I'm lost now. How can I go back to working solution? Is this maybe OMV related?
Hope the amount of data/text doesn't scare you 
. Hope someone can help and guide me.
Lots of thanks!
Martijn