-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
judicatorz
Cadet
- Joined
- Dec 2, 2018
- Messages
- 1
@danb35 Hey Dan, thanks for the script.
I'm having exact same issues and error logs as @Ashima
Running FreeNAS-11.1-U6
Was watching the script execution and noticed some errors related to Ports Collection support. Tried a manual installation and bypassed it with
ALLOW_UNSUPPORTED_SYSTEM=1 in make.conf
I'm now thinking of upgrading to 11.2-RC2
I'm having exact same issues and error logs as @Ashima
Running FreeNAS-11.1-U6
Was watching the script execution and noticed some errors related to Ports Collection support. Tried a manual installation and bypassed it with
ALLOW_UNSUPPORTED_SYSTEM=1 in make.conf
I'm now thinking of upgrading to 11.2-RC2
Hey Thanks, got it working ! just one question now. Since i ran it with TEST_CERT="--test", i get warning when i visit the site from my phone (over the web not on my LAN) how do i reconfigure this ? or do i just run it again using TEST_CERT="" so i can get a proper certificate. Im so amzed it working i dont wanna run it again and muck things up :)
Hmmm im not sure :) i tried some earlier posts back in 11.1 but had that BSD / MSQL version problem or whatever. upgraded to 11.2 today and started out clean. added the data sets, made sure dynamic dns was working with no-ip, port forwarded both of my routers, and carefully went through the edited the script you posted on github and ran it, and it all seems to work
oh sorry i see what your asking. i followed this part :
You must own (or at least control) this domain, because Let's Encrypt will test that control. STANDALONE_CERT and DNS_CERT control which validation method Let's Encrypt will use to do this. If HOST_NAME is accessible to the outside world--that is, you have ports 80 and 443 (at least) forwarded to your jail, so that if an outside user browses to http://HOST_NAME/, he'll reach your jail--set STANDALONE_CERT to 1, and DNS_CERT to 0
You must own (or at least control) this domain, because Let's Encrypt will test that control. STANDALONE_CERT and DNS_CERT control which validation method Let's Encrypt will use to do this. If HOST_NAME is accessible to the outside world--that is, you have ports 80 and 443 (at least) forwarded to your jail, so that if an outside user browses to http://HOST_NAME/, he'll reach your jail--set STANDALONE_CERT to 1, and DNS_CERT to 0
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
So you set STANDALONE_CERT to 1? In that case, you should be able to issue a new cert by doing:
...replacing ${HOST_NAME} with your actual FQDN. If it doesn't actually issue the cert (because there's an existing cert with more than 30 days' validity), add
Code:
iocage console nextcloud
acme.sh --issue -w /usr/local/www/apache24/data -d ${HOST_NAME} -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
...replacing ${HOST_NAME} with your actual FQDN. If it doesn't actually issue the cert (because there's an existing cert with more than 30 days' validity), add
--force to the acme.sh command line.After switching to 11.2-Release this script work for me.
With 11.2 RC2 APCu and redis didn't work and i had to disable these in config.php in nextcloud.
But: is it only for me, that it is slow?
My netword is 1000mbit but i only transfer approx 54mbit to nextcloud.
Any advice?
With 11.2 RC2 APCu and redis didn't work and i had to disable these in config.php in nextcloud.
But: is it only for me, that it is slow?
My netword is 1000mbit but i only transfer approx 54mbit to nextcloud.
Any advice?
I think I have the same problem.Script works fine but after installation, I lost all access to SMB resources
. How do I fix it and get my SMB resources back for my previous Nextcloud in warden jail from 11.1-U6?
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
Added support for PostgreSQL for those who are interested.
On my system PostgreSQL performed faster after testing with my database converted from MariaDB. I do not recommend to convert your database however if you have no clue how MariaDB and/or PostgreSQL works, they're very similar but DON'T work the same.
Link to Pull request
On my system PostgreSQL performed faster after testing with my database converted from MariaDB. I do not recommend to convert your database however if you have no clue how MariaDB and/or PostgreSQL works, they're very similar but DON'T work the same.
Link to Pull request
Hello, and thank you for the work put in! I was just wondering, is there any issue with where the files are hosted? I have had the script running for two or three hours now, and am still stuck here:
Is something broken? I looked through the .sh file, but was unable to find where the files were pulled from.
Best regards.
Code:
% sudo ./nextcloud-jail.sh ls: /mnt/root-storage/db: No such file or directory Creating root-storage/iocage Creating root-storage/iocage/download Creating root-storage/iocage/images Creating root-storage/iocage/jails Creating root-storage/iocage/log Creating root-storage/iocage/releases Creating root-storage/iocage/templates Fetching: 11.1-RELEASE Downloading : MANIFEST [####################] 100% Downloading : base.txz [--------------------] 2% 0.0MB/s Downloading : base.txz [#-------------------] 6% 0.0MB/s Downloading : base.txz [#-------------------] 7% 0.0MB/s Downloading : doc.txz [####################] 100% 0.0MB/s Downloading : src.txz [####################] 100% base.txz failed verification, will redownload! lib32.txz failed verification, will redownload! Downloading : base.txz [##------------------] 10% 0.0MB/s Downloading : base.txz [###-----------------] 13% 0.0MB/s
Is something broken? I looked through the .sh file, but was unable to find where the files were pulled from.
Best regards.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
This problem is not related to the script really, iocage (jail helper) is trying to fetch the FreeBSD 11.1-RELEASE base image but something is failing. This can be your internet connection or the FreeBSD repo.
Try to manually fetch the release using
iocage fetch and choose 11.1Ps: FreeNAS 11.2 is out, you might wanna update FreeNAS first...
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
...and really, you should. There have been some recent changes to the script that should help folks still using 11.1, but FreeBSD 11.1 has been EOL for a few months now and there are compatibility issues.
Thanks to the both of you, first things first I guess. I'll get started on the update right away, hopefully I'll have no issues moving forward.
danb35, I love you.
I've finally given up though, and require assistance :(
I am having a hell of a time with Let's Encrypt. I have my domain name, and my firewall rules permit the traffic, even telent mydomain.com 80 responds, however I always get this error:
If I run debug, I see:
I'm not sure what comes first here, but apache24 will not start because the SSL configuration is invalid without the cert. So I remove the HTTPS config and started apache and re-ran the script:
I'm lost what to do here :(
I've finally given up though, and require assistance :(
I am having a hell of a time with Let's Encrypt. I have my domain name, and my firewall rules permit the traffic, even telent mydomain.com 80 responds, however I always get this error:
Code:
[Thu Dec 13 14:43:06 PST 2018] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/klpG0U5w6wgryX6VFORSDNCJ-k6DZT-Bu_vLacO6q1o: [Thu Dec 13 14:43:06 PST 2018] Please add '--debug' or '--log' to check more details. [Thu Dec 13 14:43:06 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
If I run debug, I see:
Code:
[root@nextcloud ~]# acme.sh --issue -d mydomain.com --force -w /usr/local/www/apache24/data -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
[Thu Dec 13 14:45:59 PST 2018] Registering account
[Thu Dec 13 14:46:00 PST 2018] Registered
[Thu Dec 13 14:46:00 PST 2018] ACCOUNT_THUMBPRINT='gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:00 PST 2018] Single domain='mydomain.com'
[Thu Dec 13 14:46:00 PST 2018] Getting domain auth token for each domain
[Thu Dec 13 14:46:00 PST 2018] Getting webroot for domain='mydomain.com'
[Thu Dec 13 14:46:00 PST 2018] Getting new-authz for domain='mydomain.com'
[Thu Dec 13 14:46:01 PST 2018] The new-authz request is ok.
[Thu Dec 13 14:46:01 PST 2018] Verifying:mydomain.com
[Thu Dec 13 14:46:04 PST 2018] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/iBLc17MyCs2CfhMncdAWah0MP5OmhJ-NGp5LjGz-9pQ:
[Thu Dec 13 14:46:04 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 13 14:46:04 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[root@nextcloud ~]# acme.sh --issue -d mydomain.com --force -w /usr/local/www/apache24/data -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload" --debug
[Thu Dec 13 14:46:12 PST 2018] Lets find script dir.
[Thu Dec 13 14:46:12 PST 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Dec 13 14:46:12 PST 2018] _script='/root/.acme.sh/acme.sh'
[Thu Dec 13 14:46:12 PST 2018] _script_home='/root/.acme.sh'
[Thu Dec 13 14:46:12 PST 2018] Using config home:/root/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.0
[Thu Dec 13 14:46:12 PST 2018] _main_domain='mydomain.com'
[Thu Dec 13 14:46:12 PST 2018] _alt_domains='no'
[Thu Dec 13 14:46:12 PST 2018] Using config home:/root/.acme.sh
[Thu Dec 13 14:46:12 PST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:12 PST 2018] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
[Thu Dec 13 14:46:12 PST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:12 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:12 PST 2018] GET
[Thu Dec 13 14:46:12 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:12 PST 2018] timeout=
[Thu Dec 13 14:46:12 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:12 PST 2018] ret='0'
[Thu Dec 13 14:46:12 PST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Dec 13 14:46:12 PST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Dec 13 14:46:12 PST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_NONCE
[Thu Dec 13 14:46:12 PST 2018] ACME_VERSION
[Thu Dec 13 14:46:13 PST 2018] Le_NextRenewTime
[Thu Dec 13 14:46:13 PST 2018] _on_before_issue
[Thu Dec 13 14:46:13 PST 2018] _chk_main_domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _chk_alt_domains
[Thu Dec 13 14:46:13 PST 2018] Le_LocalAddress
[Thu Dec 13 14:46:13 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Check for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] d
[Thu Dec 13 14:46:13 PST 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Dec 13 14:46:13 PST 2018] Read key length:4096
[Thu Dec 13 14:46:13 PST 2018] _createcsr
[Thu Dec 13 14:46:13 PST 2018] Single domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Getting domain auth token for each domain
[Thu Dec 13 14:46:13 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Getting webroot for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _w='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] Getting new-authz for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:13 PST 2018] Try new-authz for the 0 time.
[Thu Dec 13 14:46:13 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:13 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "mydomain.com"}}'
[Thu Dec 13 14:46:13 PST 2018] RSA key
[Thu Dec 13 14:46:13 PST 2018] GET
[Thu Dec 13 14:46:13 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:13 PST 2018] timeout=
[Thu Dec 13 14:46:13 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:13 PST 2018] ret='0'
[Thu Dec 13 14:46:13 PST 2018] POST
[Thu Dec 13 14:46:13 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:13 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:14 PST 2018] _ret='0'
[Thu Dec 13 14:46:14 PST 2018] code='201'
[Thu Dec 13 14:46:14 PST 2018] The new-authz request is ok.
[Thu Dec 13 14:46:14 PST 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182","token":"98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0"'
[Thu Dec 13 14:46:14 PST 2018] token='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0'
[Thu Dec 13 14:46:14 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] keyauthorization='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:14 PST 2018] dvlist='mydomain.com#98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182#http-01#/usr/local/www/apache24/data'
[Thu Dec 13 14:46:14 PST 2018] d
[Thu Dec 13 14:46:14 PST 2018] vlist='mydomain.com#98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182#http-01#/usr/local/www/apache24/data,'
[Thu Dec 13 14:46:14 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:14 PST 2018] ok, let's start to verify
[Thu Dec 13 14:46:14 PST 2018] Verifying:mydomain.com
[Thu Dec 13 14:46:14 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:14 PST 2018] keyauthorization='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:14 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:14 PST 2018] wellknown_path='/usr/local/www/apache24/data/.well-known/acme-challenge'
[Thu Dec 13 14:46:14 PST 2018] writing token:98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0 to /usr/local/www/apache24/data/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0
[Thu Dec 13 14:46:14 PST 2018] Changing owner/group of .well-known to root:wheel
[Thu Dec 13 14:46:14 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:46:14 PST 2018] POST
[Thu Dec 13 14:46:14 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:14 PST 2018] _ret='0'
[Thu Dec 13 14:46:14 PST 2018] code='202'
[Thu Dec 13 14:46:14 PST 2018] sleep 2 secs to verify
[Thu Dec 13 14:46:16 PST 2018] checking
[Thu Dec 13 14:46:16 PST 2018] GET
[Thu Dec 13 14:46:16 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:16 PST 2018] timeout=
[Thu Dec 13 14:46:16 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:17 PST 2018] ret='0'
[Thu Dec 13 14:46:17 PST 2018] mydomain.com:Verify error:Fetching http://mydomain.com/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0: Connection refused
[Thu Dec 13 14:46:17 PST 2018] Debug: get token url.
[Thu Dec 13 14:46:17 PST 2018] GET
[Thu Dec 13 14:46:17 PST 2018] url='http://mydomain.com/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0'
[Thu Dec 13 14:46:17 PST 2018] timeout=1
[Thu Dec 13 14:46:17 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g --connect-timeout 1'
[Thu Dec 13 14:46:17 PST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Thu Dec 13 14:46:17 PST 2018] ret='7'
[Thu Dec 13 14:46:17 PST 2018] Debugging, skip removing: /usr/local/www/apache24/data/.well-known
[Thu Dec 13 14:46:17 PST 2018] pid
[Thu Dec 13 14:46:17 PST 2018] No need to restore nginx, skip.
[Thu Dec 13 14:46:17 PST 2018] _clearupdns
[Thu Dec 13 14:46:17 PST 2018] skip dns.
[Thu Dec 13 14:46:17 PST 2018] _on_issue_err
[Thu Dec 13 14:46:17 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 13 14:46:17 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Dec 13 14:46:17 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:17 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:46:17 PST 2018] POST
[Thu Dec 13 14:46:17 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:17 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:17 PST 2018] _ret='0'
[Thu Dec 13 14:46:17 PST 2018] code='400'
[Thu Dec 13 14:46:17 PST 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2o-freebsd 27 Mar 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
I'm not sure what comes first here, but apache24 will not start because the SSL configuration is invalid without the cert. So I remove the HTTPS config and started apache and re-ran the script:
Code:
[Thu Dec 13 14:53:39 PST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Dec 13 14:53:39 PST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:53:39 PST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Dec 13 14:53:39 PST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Dec 13 14:53:39 PST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Dec 13 14:53:39 PST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Dec 13 14:53:39 PST 2018] ACME_NEW_NONCE
[Thu Dec 13 14:53:39 PST 2018] ACME_VERSION
[Thu Dec 13 14:53:39 PST 2018] Le_NextRenewTime
[Thu Dec 13 14:53:39 PST 2018] _on_before_issue
[Thu Dec 13 14:53:39 PST 2018] _chk_main_domain='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] _chk_alt_domains
[Thu Dec 13 14:53:39 PST 2018] Le_LocalAddress
[Thu Dec 13 14:53:39 PST 2018] d='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] Check for domain='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:53:39 PST 2018] d
[Thu Dec 13 14:53:39 PST 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Dec 13 14:53:39 PST 2018] Read key length:4096
[Thu Dec 13 14:53:39 PST 2018] _createcsr
[Thu Dec 13 14:53:39 PST 2018] Single domain='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] Getting domain auth token for each domain
[Thu Dec 13 14:53:39 PST 2018] d='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] Getting webroot for domain='mydomain.com'
[Thu Dec 13 14:53:39 PST 2018] _w='/usr/local/www/apache24/data'
[Thu Dec 13 14:53:39 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:53:39 PST 2018] Getting new-authz for domain='mydomain.com '
[Thu Dec 13 14:53:39 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:53:39 PST 2018] Try new-authz for the 0 time.
[Thu Dec 13 14:53:39 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:53:39 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "mydomain.com "}}'
[Thu Dec 13 14:53:39 PST 2018] RSA key
[Thu Dec 13 14:53:39 PST 2018] GET
[Thu Dec 13 14:53:39 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:53:39 PST 2018] timeout=
[Thu Dec 13 14:53:39 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:53:39 PST 2018] ret='0'
[Thu Dec 13 14:53:39 PST 2018] POST
[Thu Dec 13 14:53:39 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:53:39 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:53:40 PST 2018] _ret='0'
[Thu Dec 13 14:53:40 PST 2018] code='201'
[Thu Dec 13 14:53:40 PST 2018] The new-authz request is ok.
[Thu Dec 13 14:53:40 PST 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540","token":"kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M"'
[Thu Dec 13 14:53:40 PST 2018] token='kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M'
[Thu Dec 13 14:53:40 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:40 PST 2018] keyauthorization='kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:53:40 PST 2018] dvlist='mydomain.com #kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540#http-01#/usr/local/www/apache24/data'
[Thu Dec 13 14:53:40 PST 2018] d
[Thu Dec 13 14:53:40 PST 2018] vlist='mydomain.com #kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540#http-01#/usr/local/www/apache24/data,'
[Thu Dec 13 14:53:40 PST 2018] d='mydomain.com '
[Thu Dec 13 14:53:40 PST 2018] ok, let's start to verify
[Thu Dec 13 14:53:40 PST 2018] Verifying:mydomain.com
[Thu Dec 13 14:53:40 PST 2018] d='mydomain.com '
[Thu Dec 13 14:53:40 PST 2018] keyauthorization='kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:53:40 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:40 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:53:40 PST 2018] wellknown_path='/usr/local/www/apache24/data/.well-known/acme-challenge'
[Thu Dec 13 14:53:40 PST 2018] writing token:kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M to /usr/local/www/apache24/data/.well-known/acme-challenge/kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M
[Thu Dec 13 14:53:40 PST 2018] Changing owner/group of .well-known to root:wheel
[Thu Dec 13 14:53:40 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:40 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:53:40 PST 2018] POST
[Thu Dec 13 14:53:40 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:40 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:53:41 PST 2018] _ret='0'
[Thu Dec 13 14:53:41 PST 2018] code='202'
[Thu Dec 13 14:53:41 PST 2018] sleep 2 secs to verify
[Thu Dec 13 14:53:43 PST 2018] checking
[Thu Dec 13 14:53:43 PST 2018] GET
[Thu Dec 13 14:53:43 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:43 PST 2018] timeout=
[Thu Dec 13 14:53:43 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:53:43 PST 2018] ret='0'
[Thu Dec 13 14:53:43 PST 2018] mydomain.com :Verify error:Invalid response from http://mydomain.com /.well-known/acme-challenge/kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M:
[Thu Dec 13 14:53:43 PST 2018] Debug: get token url.
[Thu Dec 13 14:53:43 PST 2018] GET
[Thu Dec 13 14:53:43 PST 2018] url='http://mydomain.com /.well-known/acme-challenge/kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M'
[Thu Dec 13 14:53:43 PST 2018] timeout=1
[Thu Dec 13 14:53:43 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g --connect-timeout 1'
kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ[Thu Dec 13 14:53:43 PST 2018] ret='0'
[Thu Dec 13 14:53:43 PST 2018] Debugging, skip removing: /usr/local/www/apache24/data/.well-known/acme-challenge/kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M
[Thu Dec 13 14:53:43 PST 2018] pid
[Thu Dec 13 14:53:43 PST 2018] No need to restore nginx, skip.
[Thu Dec 13 14:53:43 PST 2018] _clearupdns
[Thu Dec 13 14:53:43 PST 2018] skip dns.
[Thu Dec 13 14:53:43 PST 2018] _on_issue_err
[Thu Dec 13 14:53:43 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 13 14:53:43 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Dec 13 14:53:43 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:43 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "kfhXfzBSM8sau3xp-cS7w6YW99U1JRb1DEjDIeiLl5M.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:53:43 PST 2018] POST
[Thu Dec 13 14:53:43 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/RDpdoZGnj-rLQy67wbv6O93IGX6UnhA-FyPRVG8UQwM/10300125540'
[Thu Dec 13 14:53:43 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:53:44 PST 2018] _ret='0'
[Thu Dec 13 14:53:44 PST 2018] code='400'
[Thu Dec 13 14:53:44 PST 2018] Diagnosis versions:
I'm lost what to do here :(
Last edited:
After 4+ tries, I got this script to work. Thanks for putting it together. Now I need either install a smbclient (pecl is fine too) or is there some way for the script to do it? If not in the script has anyone figured out how to get the smbclient working on the jail this script creates?
Thanks.
Edit: Figured it out. The script made pkg work well to install the pecl-smbclient for php versions 5.6, 7.0, 7.1, 7.2. Since the script uses php 7.2, I installed it with:
pkg install php72-pecl-smbclient
Thanks.
Edit: Figured it out. The script made pkg work well to install the pecl-smbclient for php versions 5.6, 7.0, 7.1, 7.2. Since the script uses php 7.2, I installed it with:
pkg install php72-pecl-smbclient
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
For anyone feeling adventurous, I've created a nextcloud-15 branch to install Nextcloud 15 rather than 14. So far, the only change I've made is to download NC15 rather than 14, and it seems to be working. Further testing would be welcome, of course.
I now have two boxes set up with your script which are working very well. Still trying to resolve WEBdav for one. I did find this link and was able to resolve DNS locally to the machine that is on a dynamic network:
https://www.ceos3c.com/pfsense/pfsense-domain-overrides-explained/
I think at least one other person on this thread was also needing this.
https://www.ceos3c.com/pfsense/pfsense-domain-overrides-explained/
I think at least one other person on this thread was also needing this.
