[ LEgo ] [ 4.12.1.0 ] Let's Encrypt client and ACME library.5.2

This is the best place for community developers to publish their genius work. Your Apps enrich the QNAP Turbo NAS.
marrek
New here
Posts: 4
Joined: Mon Feb 24, 2020 5:21 am

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by marrek »

Hello all :)

Sorry for trivial question :) I generate certificates, and where/how I should move them to force work with multiple domains?
Is the certificate is only for main domain?

Generally I use qnap embeeded webserver with multiple sites...

mydomain1.com (located share/Web/website1)
mydomain2.com (located share/Web/website2)
etc

cert works only for one domain, when I replace it [/etc/stunnel] # mv website1.pem stunnel.pem
for another doesn't :(

generally I'm unable to create multiple domain cerfificate when sites are in folders
how to solve this problem with standard qnap web server?
Turbo_112
Starting out
Posts: 22
Joined: Wed May 07, 2014 2:26 am
Location: The Netherlands

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by Turbo_112 »

If you use the virtual host in the Qnap webserver then you can use LEgo for multiple domains.

Example:
lego --email="yourname@mail.com" --domains="mydomain1.com" --domains="www.mydomain1.com" --domains="mydomain2.com" --domains="www.mydomain2.com" --http --key-type=rsa2048 run

You got (one)cert and (one)priv.key for the multiple domains.
marrek
New here
Posts: 4
Joined: Mon Feb 24, 2020 5:21 am

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by marrek »

Thank you! It works. I didn't see the bundle before because I generated it a lot of times and have a little mess :)

Currently the certificate looks like this:

Certificate Name: website1.com
Domains: website1.com, website2.com, www.website1.com, www.website2.com
Expiry Date: 2020-09-08 19:05:22 +0000 UTC
Certificate Path: /share/Web/letsencrypt/.lego/certificates/website1.com.crt

then I generated the pem and located it into /etc/stunnel/stunnel.pem
Great:
Each site use website1.com certificate, which has entries for DNS names. Generally looks good.

And my question is. Is there a way to generate separate cerficate for each, or even for qnap domain? Generally now I have problem with standard Qnap domain
website.myqnapcloud.com

I can't add it to boundle with my personal domain (error)... when I generate cert standard way (gui qnap) it works.

Code: Select all

[website.myqnapcloud.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://website.myqnapcloud.com/.well-known/acme-challenge/cjMwThBl2HgIfZ2KVErSxr8Zd_VfTKXoSef4eu1Hfwo [MY PUBLIC IP]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", url:
-------------------
I create small workaround. Create folder for Web Management named as multiwebsite website.myqnapcloud.com and pointed it to standard virtual server, port and now it works.
MacUsers
New here
Posts: 8
Joined: Thu Feb 26, 2015 10:03 pm

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by MacUsers »

Hi there,

Can anyone confirm if this actually works with Constellix? I'm doing DNS-01 and it's actually adding TXT record nicely and the just after it's failing with the error below:
2020/06/13 09:03:39 [INFO] [dsm15.xxxx.net] acme: Cleaning DNS-01 challenge
2020/06/13 09:03:42 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/ac ... 5208690466
2020/06/13 09:03:42 Could not obtain certificates:
error: one or more domains had a problem:
[dsm15.xxxx.net] time limit exceeded: last error: NS ns21.constellix.com. returned REFUSED for _acme-challenge.dsm15.xxxx.net.
Eventhough it's saying that Cleaning DNS-01 challenge, it actually doesn't but that's probably because of the error just after that. I'm getting the very similar error for every single host I try but works absolutely fine using acme.sh on a LXC container.

Any idea what I might be missing? This is the command I'm using:

Code: Select all

CONSTELLIX_API_KEY_FILE=Constellix_Api CONSTELLIX_SECRET_KEY_FILE=Constellix_Secret \
lego -a --dns constellix -d 'dsm15.xxxx.net' -m admin@xxxx.co.uk --path '/share/CACHEDEV1_DATA/.qpkg/LEgo/.lego/' run
Really love to see this working. Any help/pointer would be greatly appreciated!!

-S
flyingjackal456
New here
Posts: 3
Joined: Sat Oct 23, 2010 4:45 am

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by flyingjackal456 »

I recently bought, and am currently working on migrating from a TS-659 Pro II, to a new QNAP TVS-672N. I am able to generate and implement a certificate on the old NAS, but when I moved all of my scripts over I am getting the error below. Is it possible that the the ACME challenge is happening too fast, and the web server is responding that the challenge file isn't found? I have confirmed via ftp that that challenge file isn't getting written into my "<Webroot>/.well-known/acme-challenge/" folder, but the error being returned from ACME seems to say it wasn't served the file.

Has anyone had this problem, or does anyone have any ideas that I can try in order to fix this?

Code: Select all

2020/12/09 20:08:43 [INFO] [PUBLIC.IP] acme: Obtaining bundled SAN certificate
2020/12/09 20:08:44 [INFO] [PUBLIC.IP] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/169990056
2020/12/09 20:08:44 [INFO] [PUBLIC.IP] acme: Could not find solver for: tls-alpn-01
2020/12/09 20:08:44 [INFO] [PUBLIC.IP] acme: use http-01 solver
2020/12/09 20:08:44 [INFO] [PUBLIC.IP] acme: Trying to solve HTTP-01
2020/12/09 20:08:50 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/169990056
2020/12/09 20:08:50 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/169990056
2020/12/09 20:08:50 Could not obtain certificates:
	error: one or more domains had a problem:
[PUBLIC.IP] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://PUBLIC.IP/.well-known/acme-challenge/z9xFNI7MZW5Z35BAzJ1RXpYasVlnvd9Edon4UBYEmFE [PUBLIC.IP]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", url: 


UPDATE: Nevermind. I took a break and came back to have another round at it... discovered that UPnP was overriding my manual port forwards on my router, and was sending my web traffic to the wrong NAS. After disabling UPnP discovery on the older NAS, and clearing all of the UPnP port forwards and now I am back in business! 8)
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 4.1.3 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

updated
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.1.3 ] Let's Encrypt client and ACME library

Post by Toxic17 »

Stephane, could we possibly get an upgrade to 4.2.0 released?

TIA

Code: Select all

[v4.2.0] - 2021-01-24
Added:
[dnsprovider] Add DNS provider for Loopia
[dnsprovider] Add DNS provider for Ionos.

Changed:
[dnsprovider] acme-dns: update cpu/goacmedns to v0.1.1.
[dnsprovider] inwx: Increase propagation timeout to 360s to improve robustness
[dnsprovider] vultr: Update to govultr v2 API
[dnsprovider] pdns: get exact zone instead of all zones

Fixed:
[dnsprovider] vult, dnspod: fix default HTTP timeout.
[dnsprovider] pdns: URL request creation.
[lib] errors: Fix instance not being printed
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.2.0 ] Let's Encrypt client and ACME library

Post by Toxic17 »

Could LEgo be updated? Thank you.

Code: Select all

Changelog
[v4.3.1] - 2021-03-12
Fixed:
[dnsprovider] exoscale: fix dependency version.
[v4.3.0] - 2021-03-10
Added:
[dnsprovider] Add DNS provider for Njalla
[dnsprovider] Add DNS provider for Domeneshop
[dnsprovider] Add DNS provider for Hurricane Electric
[dnsprovider] designate: support for Openstack Application Credentials
[dnsprovider] edgedns: support for .edgerc file
Changed:
[dnsprovider] infomaniak: Make error message more meaningful
[dnsprovider] cloudns: Improve reliability
[dnsprovider] rfc2163: Removed support for MD5 algorithm. The default algorithm is now SHA1.
Fixed:
[dnsprovider] desec: fix error with default TTL
[dnsprovider] mythicbeasts: implement ProviderTimeout
[dnsprovider] dnspod: improve search accuracy when a domain have more than 100 records
[lib] Increase HTTP client timeouts
[lib] preferred chain only match root name
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 4.3.1 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

update to 4.3.1
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.3.1 ] Let's Encrypt client and ACME library

Post by Toxic17 »

Any chance to get LEgo updated to [v4.5.2] - 2021-09-01 ?
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 4.5.2 ] Let's Encrypt client and ACME library.5.2

Post by QNAP_Stephane »

updated
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.5.2 ] Let's Encrypt client and ACME library.5.2

Post by Toxic17 »

Thanks!
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.5.3 ] Let's Encrypt client and ACME library.5.2

Post by Toxic17 »

updated to 4.5.3

Code: Select all

[v4.5.3] 
Fixed:
[lib,cli] fix: missing preferred chain param for renew request
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
smssoleimani
Starting out
Posts: 10
Joined: Thu Jan 06, 2022 10:30 am

Re: [ LEgo ] [ 4.5.3 ] Let's Encrypt client and ACME library.5.2

Post by smssoleimani »

Hi folks, new to QNAP, familiar with Synology. I am trying to get Let's Encrypt configured on my QNAP via control panel > security > ssl certificate. Running into issues with port 80, claims it isn't open when it is. Tried all sorts of stuff like the below:

viewtopic.php?f=313&t=144434&sid=2f9314 ... 15#p793335
viewtopic.php?t=132479#p614157

Still running into issues and came across LEgo. When attempting to use it though, I am running into this issue now, any ideas:

Code: Select all

$ lego --http --http.webroot "/share/homes/user" --email="email@email.com" --domains="domain.com" run                   
2022/01/05 21:16:16 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": x509: certificate signed by unknown authority
$ lego --version
lego version 4.5.3 linux/amd64
Thanks in advance for the help!
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 4.5.3 ] Let's Encrypt client and ACME library.5.2

Post by Toxic17 »

Stephane, fyi v4.6.0 has been released

Code: Select all

[v4.6.0] - 2022-01-18
Added
[dnsprovider] Add DNS provider for UKFast SafeDNS
[dnsprovider] Add DNS Provider for Tencent Cloud
[dnsprovider] azure: add support for Azure Private Zone DNS
[dnsprovider] exec: add sequence interval
[cli] Add a --pfx, and --pfx.pass option to generate a PKCS#12 (.pfx) file.
[lib] Extended support of cert pool (LEGO_CA_CERTIFICATES and LEGO_CA_SYSTEM_CERT_POOL)
[lib,httpprovider] added uds capability to http challenge server
Changed
[lib] Extend validity of TLS-ALPN-01 certificates to 365 days
[lib,cli] Allows defining the reason for the certificate revocation
Fixed
[dnsprovider] mythicbeasts: fix token expiration
[dnsprovider] rackspace: change zone ID to string
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Post Reply

Return to “Community Apps”