Hi
I have issues with getting TLS working. I have tried run a clean install of the docker image:
Expected Behavior:
I could go to my duckdns subdomian and open my webpage that i have setup through this docker image.
Current Behavior:
I get a ERR_SSL_PROTOCOL_ERROR error message when i navigate to my duckdns subdomain
Steps to Reproduce:
install letsencrypt image in docker
navigate to you duckdns subdomain
Environment:
Operating System: Arch Linux
Kernel: Linux 5.6.13-arch1-1
Architecture: x86-64
Command used to create docker container:
sudo docker run -itd --cap-add=NET_ADMIN -p 443:443 -p 80:80 --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v ~/letsencrypt/config:/config -e TZ=Europe/Copenhagen -e PGID=33 -e PUID=33 -e VALIDATION=duckdns -e URL=(mysubdomain).duckdns.org -e SUBDOMAINS=wildcard -e EMAIL=(myemail) -e DHLEVEL=1024 -e ONLY_SUBDOMAINS=true -e DUCKDNSTOKEN=(myduckdnstoken) --name “letsencrypt” linuxserver/letsencrypt
PGID=33 and PUID=33 is http user and group
Docker logs:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
To support the app dev(s) visit:
Let's Encrypt: https://letsencrypt.org/donate/
To support LSIO projects visit:
https://www.linuxserver.io/donate/
GID/UID
User uid: 33
User gid: 33
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=33
PGID=33
TZ=Europe/Copenhagen
URL=(mysubdomain).duckdns.org
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=1024
VALIDATION=duckdns
DNSPLUGIN=
EMAIL=(myemail)
STAGING=
1024 bit DH parameters present
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of (mysubdomain).duckdns.org will be requested
E-mail address entered: (myemail)
duckdns validation is selected
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
crond[376]: crond (busybox 1.31.1) started, log level 5
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
[16-May-2020 11:37:55] NOTICE: fpm is running, pid 375
[16-May-2020 11:37:55] NOTICE: ready to handle connections
Server ready
nginx access.log:
192.168.1.1 - - [16/May/2020:11:01:48 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x9Bd\x0B\xAE\xB6\xEB\x0Fx\xEA\xC7v\xE7\xED\x03\xB7\x05\xA8K\x81\x8D\xFE\x9D\x1F\xC2z\x8En\x98\x8C\xE7\xC8 \xA6\xF0" 400 157 "-" "-" 192.168.1.1 - - [16/May/2020:11:01:48 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xB5\xF7\xC3\x87!\xEB\xCA\xCD42\x04\xDF\x00\x91^\x96o\x00\xDF\xC71\xE2;/=\x1B\x89\x1FI@\x9Dv \x15\xA1\xFA2\xF5T\x80\xAFZ\xB9\xA5\x1F,\xE8%\xEB\xE4)\xBE\xA8\x9C#\x90\xE0$\x1B6\xD7\x12\x19\xFAm\x00\x22\xAA\xAA\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 157 "-" "-" 192.168.1.1 - - [16/May/2020:11:01:49 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x14\xCE\xCE^\x02\xBE!\x8FoA\xD2_\x85\xEB\xC3\x14\x8B\x81\x81\x9A\xBB\xB08@\xB7\xE1))DO\xCE( \xB0\x9D\x13\x15\x22\xC9\xC9b\xBA\xB7\xC8Qr\xFD\xC0\x92 R\x03\xB7Zx\xCE\xC9\xBB\xBD\xA0{\xFF\x0BI\x00\x22ZZ\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:55 +0200] "\x80.\x01\x00\x02\x00\x15\x00\x00\x00\x10\x01\x00\x80\x02\x00\x80\x03\x00\x80\x04\x00\x80\x05\x00\x80\x06\x00@\x07\x00\xC0\x00\x01\x02\x03\x04\x05\x06\x07\x00\x01\x02\x03\x04\x05\x06\x07" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:56 +0200] "\x16\x03\x00\x00\x7F\x01\x00\x00{\x03\x00^\xBF\xAB\xF0\xE1\x8E\x5C!:\xEB\x91\xE9<\xE0\xAD\xE6\xBB9\xF8\x82\x9F\xBD\xADU\x1A\xE7C\x17\xDB\x11\xE9n\x00\x00T\x00\x04\x00\x05\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:57 +0200] "\x16\x03\x01\x00\x7F\x01\x00\x00{\x03\x01^\xBF\xAB\xF1\x9C\xDCN\xF7\xBF\x87?\xDD\xE3cY\x05{\x9C\xA9\xB9\xE2u\xE1e?\x97\xC9(\xFE\xC9\xAE\xD5\x00\x00T\x00\x04\x00\x05\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:58 +0200] "\x16\x03\x01\x00\xDE\x01\x00\x00\xDA\x03\x01^\xBF\xAB\xF2q8<\xAE\x8C\xE3 \x9C\x1E5\x07\xD1\x915\xA9\x1B:\xC8\xE0A\xA3-\xED7\x5C\xA4\x85\xFF\x00\x00T\x00\x04\x00\x05\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:59 +0200] "\x16\x03\x02\x00\xDE\x01\x00\x00\xDA\x03\x02^\xBF\xAB\xF2Gb\x81\x01l\x1D+\x17\x95\xCD, \xDE\xCA\xE8\xEB\x5C:-\xAA\xAF\xE8\xDD5\xCF\xA2\x1D\x04\x00\x00T\x00\x04\x00\x05\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:01:59 +0200] "\x16\x03\x03\x00\xB2\x01\x00\x00\xAE\x03\x03^\xBF\xAB\xF3\xA0,\x8EA%\x9F\xF7\x02\xB7\xA6Z\xB0\x99\x8B5s\xC6\xEDMC\xA0\xCB\x16\xD7\x1D3\xC1y\x00\x00D\x00\x04\x00\x05\x00" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:02:00 +0200] "\x16\x03\x03\x00\xEE\x01\x00\x00\xEA\x03\x03^\xBF\xAB\xF42\xCE'\x85\xD6\x0Ch\xC6M\x18\x95\x9D\x94\x89\xF9B\xDF\x93V\xC4\x9E\x9F\xED\x9B\xB1N\xB1\xA3\x00\x00@\x00\x88\x00\x96\x00\x9C\x00\x9D\x00\x9E\x00\x9F\x00\xFF\xC0\x02\xC0\x03\xC0\x04\xC0\x05\xC0\x07\xC0\x08\xC0\x09\xC0" 400 157 "-" "-"
64.41.200.104 - - [16/May/2020:11:02:01 +0200] "\x16\x03\x01\x04\xDE\x01\x00\x04\xDA\x03\x03^\xBF\xAB\xF5\xC5\x86\xF0\x1B\xD4\x95\x91*\xDE\xB8\xC0\x06\xB7o!A\x1F\xA7\xD0\xC8\x98N\xD2\xFEB\xDD\xCE\xC3\x00\x00\x0C\x13\x01\x13\x02\x13\x04\x13\x05\x13\x03\x00\xFF\x01\x00\x04\xA5\x00\x00\x00\x19\x00\x17\x00\x00\x14(mysubdomain).duckdns.org\x00" 400 157 "-" "-"
when i go to ssllabs.com and test my duckdns url i keep getting:
Assessment failed: No secure protocols supported
keep in mind that it a clean install af the image. i have not made any changes!
am I doing something wrong in the docker execution?
Kind regards
c_bb