Error at line 198
Closed this issue · 11 comments
Platform/Firmware Information
Model = TS-X53D
Internal Model = TS-X53B
Version = 4.5.1
Build Number = 20210107
Rsync Model = QNAP
Build Date = 2021-01-07
Is this the latest firmware for your device?
Yes
Issue Summary (provide relevant error messages and log output):
[/share/Internal/qnap-letsencrypt] # ./renew_certificate.sh
Checking whether to renew certificate on Mon, 25 Jan 2021 12:04:50 +0100
Renewing certificate...
qnap-letsencrypt version: 79e6e4e
Using python path: /share/CACHEDEV1_DATA/.qpkg/Python3/python3/bin/python3
Stopping Qthttpd hogging port 80..
Shutting down Qthttpd services: OK.
Started python HTTP server with pid 20753
Parsing account key...
Parsing CSR...
Found domains: TheCatCloud.de
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying thecatcloud.de...
::ffff:46.223.83.191 - - [25/Jan/2021 12:05:10] "GET /.well-known/acme-challenge/zHKsipy8C0RDHD_IfGukzWYI39Uf_3lWHxV-RaDT50Y HTTP/1.1" 200 -
Traceback (most recent call last):
File "acme-tiny/acme_tiny.py", line 198, in
main(sys.argv[1:])
File "acme-tiny/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "acme-tiny/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for thecatcloud.de: {'expires': '2021-02-01T11:05:08Z', 'identifier': {'value': 'thecatcloud.de', 'type': 'dns'}, 'status': 'invalid', 'challenges': [{'status': 'invalid', 'type': 'http-01', 'token': 'zHKsipy8C0RDHD_IfGukzWYI39Uf_3lWHxV-RaDT50Y', 'error': {'detail': 'Fetching http://thecatcloud.de/.well-known/acme-challenge/zHKsipy8C0RDHD_IfGukzWYI39Uf_3lWHxV-RaDT50Y: Timeout during connect (likely firewall problem)', 'status': 400, 'type': 'urn:ietf:params:acme:error:connection'}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/10343607134/oLrzBg', 'validationRecord': [{'port': '80', 'addressesResolved': ['46.223.83.191'], 'url': 'http://thecatcloud.de/.well-known/acme-challenge/zHKsipy8C0RDHD_IfGukzWYI39Uf_3lWHxV-RaDT50Y', 'addressUsed': '46.223.83.191', 'hostname': 'thecatcloud.de'}]}]}
An error occured. Restoring system state.
./renew_certificate.sh: line 11: 20753 Killed "$PYTHON" ../HTTPServer.py (wd: /share/CACHEDEV1_DATA/Internal/qnap-letsencrypt/tmp-webroot)
Start apache proxy: OK
Recover apache confiugre
Starting Qthttpd services: OK
[/share/Internal/qnap-letsencrypt] #
Hi @KatzeMau Check your firewall settings. Port 80 is required by the acme challenge protocol.
Read here
Make sure your NAS is reachable from the public internet under the domain you want to get a certificate for on port 80.
Yes, port 80 is open.
Do i have to change a port in the qnap nas ?
I now Changed the port system (HTTP) port from 8080 to 80
Okay im fucked up xD
I cant access the nas anymore please help :/
-
Assign static IP address to your NAS in your network
-
On your NAS go to Control Panel, general settings, system administration and set as follow:
-
On your router configure the port forwarding 8080, 80 and 443
The port 80 must be open on your router and forwareded to the NAS, but need to be empty, the renew_certificate script create a listener on the port, if you publish your NAS web page on that port the renew will fail.
The ports are all open, but it does not work!
But now i have a bigger problem, i changed the system port from 8080 to 80 and cant reach the nas surface anymore
That is because you force the connection under HTTPS, try to access the NAS with your local ip.
Suppose you NAS IP is 192.168.1.5, so try to access it like this https://192.168.1.5 or 192.168.1.5:443
It says connection refused "The Website is not available
You need to SSH into you NAS and manually update the HTTP port from 80 to 8080
Connect to your NAS with SSH, login as admin with your admin password and run this to disable the option that force only the HTTPS connections /sbin/setcfg SYSTEM "Force SSL" 0 after that you have to restart the httpd service like this /etc/init.d/thttpd.sh restart
Thank you, i fixed the port now BUT the sadly SSL does not work :/
I got still errors, in the command like
[/share/Internal/qnap-letsencrypt/letsencrypt] # mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig
mv: can't rename '/etc/stunnel/stunnel.pem': No such file or directory
And When i run it, i get this error
Order created!
Verifying thecatcloud.de...
::ffff:46.223.83.191 - - [27/Jan/2021 22:33:47] "GET /.well-known/acme-challenge/COei0fovfN5mqg1XGVD6X4pJPqEXl4U6dqKhomPq14w HTTP/1.1" 200 -
Traceback (most recent call last):
File "acme-tiny/acme_tiny.py", line 198, in
main(sys.argv[1:])
File "acme-tiny/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "acme-tiny/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for thecatcloud.de: {'challenges': [{'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/10406352351/IY0V5Q', 'error': {'status': 400, 'detail': 'Fetching http://thecatcloud.de/.well-known/acme-challenge/COei0fovfN5mqg1XGVD6X4pJPqEXl4U6dqKhomPq14w: Timeout during connect (likely firewall problem)', 'type': 'urn:ietf:params:acme:error:connection'}, 'validationRecord': [{'hostname': 'thecatcloud.de', 'url': 'http://thecatcloud.de/.well-known/acme-challenge/COei0fovfN5mqg1XGVD6X4pJPqEXl4U6dqKhomPq14w', 'addressesResolved': ['46.223.83.191'], 'port': '80', 'addressUsed': '46.223.83.191'}], 'status': 'invalid', 'type': 'http-01', 'token': 'COei0fovfN5mqg1XGVD6X4pJPqEXl4U6dqKhomPq14w'}], 'identifier': {'value': 'thecatcloud.de', 'type': 'dns'}, 'expires': '2021-02-03T21:33:45Z', 'status': 'invalid'}
An error occured. Restoring system state.
./renew_certificate.sh: line 11: 26667 Killed "$PYTHON" ../HTTPServer.py (wd: /share/CACHEDEV1_DATA/Internal/qnap-letsencrypt/tmp-webroot)