I have downloaded Pydio Cells 2.1.3 for Windows. I ran the installer from within Powershell (both as Admin user and local user) and having issues with the LetsEncrypt auto-generation of certificates. Of each occasion, I receive the following error:
2020-08-05T20:40:08.994+0800 ←[34mINFO←[0m ←[36mpydio.gateway.rest←[0m started 2020-08-05T20:40:09.227+0800 ←[34mINFO←[0m Registering /install/events for Polling 2020-08-05T20:40:09.252+0800 ←[34mINFO←[0m ←[32mpydio.rest.install←[0m started Activating privacy features… Could not start with fast restart: [########.ddns.net] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://########.ddns.net/.well-known/acme-challenge/p_uzJh6HxQEiFD917Agsag0rMIQcRcYYB8UNkLswiYc: Error getting validation data
I have also tried the option of pointing the installer to pre-generated LetsEncrypt certificate and key files (namely fullchain.pem and privkey.pem) and while the installer does complete, the website is not secure and eventually errors.
My internal IP is of the form ########.ddns.net:443 and the external IP is https://########.ddns.net. I have tried other variations without success.
I cannot see where I have gone wrong and although I can use reverse-proxy rules in IIS to overcome this, I’d rather install Pydio in the way it was intended to. Can anybody help?
Actually, a stupid error. Port 80 and 443 were directed to the wrong machine. Now that has been remedied, installation does complete but the site is still reported as being Not Secure. I still cannot figure out the issue!
Gave up in the end. Even reverse proxy didn’t work as the site hung on the loading screen with the grey background. Really don’t have the patience anymore!
Apologies for the lack of reply, as of summer many employees were on vacation (we are less than 10).
Do you still encounter the issue?
From what I can see, yes lets encrypt needs to use port 80 and 443 to retrieve a valid certificate, it also requires a valid domain name, if you are using an internal domain name, you either need to use your own certificate or generate a self-signed with Cells.
If you are using a reverse proxy also make sure that your reverse proxy has a valid certificate configuration.
After ensuring correct settings for ports 80 and 443, the Lets Encrypt generation appeared to have been successful but when the web GUI is launched, it is not being reported as secure. I believe that the Lets Encrypt generation method you are using only works for pre-determined domains. For this reason. I have pre-generated Lets Encrypt certs that were generated via Certbot. Pydio did not like them when I tried to install again but using the option to specify my own LetsEncrypt SSL certs. Those self generated certs from Certbot are fine with various self hosted sites that I use.
Having abandoned the LetsEncrypt method (whether auto generated by Pydio installer of Cerbot self generation), I attempted reverse proxy via IIS. It appeared promising until the Pydio UI hung on the loading screen that has the gray background. I am aware that IIS doesn’t handle JSON strings very well and I suspect this might be the problem. I can try again with reverse proxies using nginx.
I would like to know why the Pydio auto generation of LetsEncrypt certs appeared successful but the GUI I am accessing is reported as unsafe (on all the modern browsers). Also, I specifying location to my Certbot manually generated certificates also failed.