I run two servers at seperate locations. One of them just ran certbot to refresh the letsencrypt. Now, all of the sudden, Chrome is telling me the cert is not trusted (looks the same as the cert I run on a different domain) and I can’t proxy Plex through Cloudflare as I am getting a proxy mismatch error. What’s up? Had some email from letsencrypt a few weeks ago about some root expiring.
You will need to provide us with logs of your container and also your conpose otherwise it’s going to be hard to work this out.
docker logs swag:
To support the app dev(s) visit:
Certbot: Support EFF's Work on Certbot | Electronic Frontier Foundation
To support LSIO projects visit:
https://www.linuxserver.io/donate/
GID/UID
User uid: 1000
User gid: 1000
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing…
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing…
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing…
Variables set:
PUID=1000
PGID=1000
TZ=America/Chicago
URL=.com
SUBDOMAINS=forney.vpn,forney.plex,forney,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=
STAGING=false
Using Let’s Encrypt as the cert provider
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d forney.vpn..com -d forney.plex..com -d forney..com
No e-mail address entered or address invalid
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing…
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 70-templates: executing…
[cont-init.d] 70-templates: exited 0.
[cont-init.d] 99-custom-files: executing…
[custom-init] no custom files found exiting…
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “r3.o.lencr.org” in the certificate "/config/keys/letsencrypt/fullch
docker create
–name=swag
–cap-add=NET_ADMIN
-e PUID=1000
-e PGID=1000
-e TZ=America/Chicago
-e URL=.com
-e SUBDOMAINS=forney.vpn,forney.plex,forney,
-e VALIDATION=dns
-e DNSPLUGIN=cloudflare
-e ONLY_SUBDOMAINS=true
-e STAGING=false
-e MAXMINDDB_LICENSE_KEY=
-p 443:443
-v /docker/encrypted/swag/:/config
–restart unless-stopped
I just wanted to make mention that my issue was with Cloudflare and subdomains. Cloudflare proxy doesn’t work beyond a single subdomain.
I was using:
city.plex.domain.com
And I had to shorten it to
cityplex.domain.com
By removing the second level subdomain, Cloudflare now properly handshakes and proxies.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.