renew_certificate.sh
:[/share/homes/monutilisateur/letsencrypt/qnap-letsencrypt] # ./renew_certificate.sh
Checking whether to renew certificate on Mon, 25 Sep 2023 09:34:40 +0200
Renewing certificate...
qnap-letsencrypt version: f08d947
Using python path: python3
Stopping Qthttpd hogging port 80..
Shutting down Qthttpd services:/etc/config/php.d/php_ext.ini not found
OK.
Started python HTTP server with pid 22718
Parsing account key...
Parsing CSR...
Found domains: pass.mondomaine.com
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/xxx1136256
Creating new order...
Order created!
Verifying pass.mondomaine.com...
Traceback (most recent call last):
File "/share/ZFS1_DATA/homes/monutilisateur/letsencrypt/qnap-letsencrypt/acme-tiny/acme_tiny.py", line 145, in get_crt
assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/share/ZFS1_DATA/homes/monutilisateur/letsencrypt/qnap-letsencrypt/acme-tiny/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error:
Url: http://pass.mondomaine.com/.well-known/acme-challenge/xadzJUGsn8eYjoNDOq5oRHZkTz5ee_3GeXrcKeVuFD8
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/share/ZFS1_DATA/homes/monutilsiateur/letsencrypt/qnap-letsencrypt/acme-tiny/acme_tiny.py", line 199, in <module>
main(sys.argv[1:])
File "/share/ZFS1_DATA/homes/monutilsiateur/letsencrypt/qnap-letsencrypt/acme-tiny/acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/share/ZFS1_DATA/homes/monutilsiateur/letsencrypt/qnap-letsencrypt/acme-tiny/acme_tiny.py", line 147, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to tmp-webroot/.well-known/acme-challenge/xadzJUGsn8eYjoNDOq5oRHZkTz5ee_3GeXrcKeVuFD8, but couldn't download http://pass.mondomaine.com/.well-known/acme-challenge/xadzJUGsn8eYjoNDOq5oRHZkTz5ee_3GeXrcKeVuFD8: Error:
Url: http://pass.mondomaine.com/.well-known/acme-challenge/xadzJUGsn8eYjoNDOq5oRHZkTz5ee_3GeXrcKeVuFD8
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
An error occured. Restoring system state.
Start apache proxy: OK
Starting Qthttpd services:[/share/homes/monutilisateur/letsencrypt/qnap-letsencrypt] #
Qnap utilise par défaut le port 443 pour QTS . Tu peux modifier le port dans : Panneau de configuration / Parametres généraux / administration du système.Qu'est ce qui n'est pas bon dans ce cas-là
2023/09/28 09:10:35.272 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2023/09/28 09:10:35.277 WARN Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies {"adapter": "caddyfile", "file": "/etc/caddy/Caddyfile", "line": 3}
2023/09/28 09:10:35.305 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/09/28 09:10:35.306 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0000b7e00"}
2023/09/28 09:10:35.306 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/09/28 09:10:35.306 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2023/09/28 09:10:35.307 INFO http enabling HTTP/3 listener {"addr": ":443"}
2023/09/28 09:10:35.307 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/09/28 09:10:35.308 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/09/28 09:10:35.308 INFO http enabling automatic TLS certificate management {"domains": ["pass.mondomaine.com"]}
2023/09/28 09:10:35.310 INFO tls cleaning storage unit {"description": "FileStorage:/data/caddy"}
2023/09/28 09:10:35.310 INFO autosaved config (load with --resume flag) {"file": "/config/caddy/autosave.json"}
2023/09/28 09:10:35.310 INFO serving initial configuration
2023/09/28 09:10:35.310 INFO tls finished cleaning storage units
2023/09/28 09:10:35.311 INFO tls.obtain acquiring lock {"identifier": "pass.mondomaine.com"}
2023/09/28 09:10:35.326 INFO tls.obtain lock acquired {"identifier": "pass.mondomaine.com"}
2023/09/28 09:10:35.326 INFO tls.obtain obtaining certificate {"identifier": "pass.mondomaine.com"}
2023/09/28 09:10:36.342 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["pass.mondomaine.com"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": ""}
2023/09/28 09:10:36.342 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["pass.mondomaine.com"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": ""}
2023/09/28 09:10:36.715 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "pass.mondomaine.com", "challenge_type": "http-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2023/09/28 09:10:47.705 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "pass.mondomaine.com", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "185.195.251.5: Fetching http://pass.mondomaine.com/.well-known/acme-challenge/NEvBkBtuiHL4hDVWwPniqNL43b97PNgbr2hYwLp9Tzk: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": []}}
2023/09/28 09:10:47.705 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "pass.mondomaine.com", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "185.195.251.5: Fetching http://pass.mondomaine.com/.well-known/acme-challenge/NEvBkBtuiHL4hDVWwPniqNL43b97PNgbr2hYwLp9Tzk: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": []}, "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/120025264/11228795314", "attempt": 1, "max_attempts": 3}
2023/09/28 09:10:49.072 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "pass.mondomaine.com", "challenge_type": "tls-alpn-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
https://pass.mondomaine.fr:16896 {
tls {
dns gandi MA-CLE-API-DE-GANDI-CLOUDFLARE
}
respond “Hello world”
reverse_proxy http://192.168.0.228:443
}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'reverse_proxy': /etc/caddy/Caddyfile:6 - Error during parsing: upstream address has conflicting scheme (http://) and port (:443, the HTTPS port), import chain: ['']
2023/09/29 09:42:13.736 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
M'en parle pas, c'est une guerre de tous les joursVivement que qnap propose la gestion des sous-domaines avec myqnapcloud.com. Je dis ca je dis rien
Vaultwarden en docker n'a pas besoin de https en local et cela ne fonctionnera pas avec une IP_locale en https.vaultwarden même avec l'IP locale en https