Let's encrypt still not working on 0.13.3

[dk90103]

Hi,

Since 0.13.0 (where it worked fine) Lets encrypt certificates no longer works on this build (as of 0.13.1).
Error message is: "Error: Let's Encrypt can only be used for fully qualified domain names. Please check setting/UNMS and the nginx*.log file for error messages. "

My domain name is FQDN. It works for other docker packages.

Port forwarding is working correctly and I can connect to port 80 from the internet.
UNMS developers stated that there was a script fix in release 0.13.3 that you could leverage on, that could fix the problem.

[DeliciousJaffa]

The cause of this issue is the refresh-certificate.sh is not the same as the upstream UNMS repo, manually modifying the file to match upstream on these 3 lines resolved the issue for me
https://github.com/Ubiquiti-App/UNMS/blob/master/src/nginx/refresh-certificate.sh#L143-L145

[dk90103]

Thx - I have tried to locate that refresh-certificate.sh file on my Synology DSM but it's nowhere to be found. Any ideas what I am doing wrong?

[DeliciousJaffa]

Root of the container

[nhatquang88]

How can I go to the root of the container in the synology?
I open the folder Docker/UNMS but can't find the thing u said.
Please help

[dk90103]

Hi nhatquang88,
I have the same problem. I run my containers on docker for DSM as bridge. This means I can't SSH to the root of my container since it runs under a 172 network IP. In other words I can't make the above change, and I am hoping somebody will implement the change in an upcoming release. Until then I run my UNMS using a private signed certificate instead of Lets encrypt. It's a pity because it worked in 0.13.0

[nhatquang88]

so maybe it is UNMS firmware issue not the oznu...
I wish someome here will help us how to do that. 👍

[dk90103]

I think the UNMS team does not consider this a bug, since it works on their supported platforms (Synology not being one of them).
I would have hoped that oznu could implement this "feature" for us by implementing the change above documented by DeliousJaffa on the refresh-certificate.sh file and then publishing for us Synology UNMS users, but I could also be wrong. I am not sure how many changes onzu add's to the code he downloads from the UNMS team.

[BrewCityGeek]

You can use:
sudo find / -name refresh-certificate.sh
from root to find the locations of the files. That being said, I updated the lines in question on my Raspberry Pi installation and it didn't seem to help. IDK

[dk90103]

One of the challenges on the Synology DSM platform is that you don't have SSH access to the container because it run connected to the network as a bridge in the docker for DSM. It runs under a 172. IP address and there is no way to SSH to it.
If you SSH to the DSM itself you wont find the refresh-certificate.sh file, since the containers only exist an encrypted/embedded files. No flat file access.
To get this problem solved we are dependent that either the UNMS team (most unlikely) does the changes to the refresh-certificate.sh file or that oznu does the change on refresh-certificate.sh before publishing the next release.