I also needed to comment out these two lines by adding # to force https.
umbrel@umbrel:~ $ sudo nano /etc/nginx/sites-available/btcpay
#listen 15080;
#listen [::]:15080;
then restart server.
umbrel@umbrel:~ $ sudo systemctl reload nginx.service
2 Likes
Thank you for this, I used the corrected command and then made this change: https://github.com/getumbrel/umbrel/issues/1428#issuecomment-1184603006
Didn’t need to comment out the HTTP port listens per your second post.
1 Like
Did you figure out a solution to this, I have the exact problem and when doing that command get the same warning.
Thank you!
Thanks @jorijn for the excellent guide, I went through all the steps but now I can not get to connect over https, http works fine but as you know I can not login.
Any ideas, also I noticed that on the last part where we have to force https, if I use the listen 15080 it does not even work on http I have to use 15443.
Anybody has any ideas what could be wrong.
I also applied the fix for version 0.5 an above so the config file is there.
Thanks!
Hi, how did you get the redirection to work?
Hello,
I followed your guide, and got everything working so far, but one thing concerns me.
I have a static IP address. Now when I type in my IP (or the Domain name I pointed to that IP) in the browser, im on the login page of the btcpay server.
So that means everybody can reach that page. I can also click on forgot password, and it offers to send an email for a password reset. I tried it with my mail, and never got an email. Still, I dont think its right to have the login page for the btcpay server accessible to everybody.
Did I do something wrong with the setup, (maybe port-forwarding isnt right) or is it expected to be this way?
thanks for any help or advice!
Hi @jorijn
So far your SSL certificate installation has worked wonderfully. Unfortunately, I recently had to re-flash the SD card and then also set up the SSL again. Unfortunately I keep getting stuck at point 6 Certificate from letsencrypt. The error message is as follows:
umbrel@umbrel:~ $ sudo certbot --nginx -d btcpay.xxxxx.xx -m myemail@xxxx.xx --agree-tos --tls-sni-01-port 15443 --http-01-port 15080
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2793, in load_entry_point
return ep.load()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2411, in load
return self.resolve()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2417, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 10, in
import josepy as jose
File “/usr/lib/python3/dist-packages/josepy/init.py”, line 44, in
from josepy.interfaces import JSONDeSerializable
File “/usr/lib/python3/dist-packages/josepy/interfaces.py”, line 8, in
from josepy import errors, util
File “/usr/lib/python3/dist-packages/josepy/util.py”, line 4, in
import OpenSSL
File “/usr/lib/python3/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 1553, in
class X509StoreFlags(object):
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 1573, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module ‘lib’ has no attribute ‘X509_V_FLAG_CB_ISSUER_CHECK’
umbrel@umbrel:~ $
What am I doing wrong?
best regards, jurgi
This is a great guide, its been very helpful. I’m a super noob and have fumbled my way through this thanks to all the great info available.
Q: I have two umbrel nodes and want to use one for a family member’s business (BTCPay server and lightning node) and one for personal business. How do I set up the ports so btcpay.mybusiness.com goes to my umbrel and btcpay.familymembersbusiness.com goes to ‘theirs’? I presume I just pick a different set of ports like 90 &15090 and 453&15453?
Appreciate the help
Did anyone try the last guide of BTCPay to expose on the clearnet using cloudflare?
This is the guide: Cloudflare tunnel support | BTCPay Server
Same question, been trying to get this to work with no luck.
How to set up BTCpay Sever using Cloudflare Tunnels:
Excellent post by @x11r0n 
Hi @jorijn the overall make up of your guide is super!
Is there any chance you could do an update of this with the newer UmbrelOS (>v1.0)?
I think I could figure out how to port most of the stuff over, but especially the nginx configuration I am very unsure if I could carry over everything correct/completely from your code snippets to the graphical user interface.
Willing to pay you some sats for this (contact me e.g. via discord for details).
I would like to make this work with nginx (in contrast to e.g. cloudflare) to not create even more accounts. Or is by now the route via nginx obsolete?
Currently I can resolve my “btcpay.mydomain.com” in the browser and the browser shows the connection is secure (so I suppose the SSL certificate generation worked).
But I do get a “502 Bad Gateway” screen.
What I am unsure of:
I forward ports 80->40080 and 443->40443 in my router (as also described in the screen for nginx in the umbrel app store), but as far as I understand BTCPayserver uses port 3003.
Currently I configured one proxy host redirecting (as far as I understand) “btcpay.mydomain.com” to my-umbrels-local-ip-adress:3003 with enforced SSL (certificate requested from “Let’s encrypt” via nginx GUI) in nginx.
Do I have to forward also port 3003 in my router? Do I have to configure further/other things in nginx? Anything else that could be wrong?
I FINALLY got this running. All the configuration I did was actually correct, there was just one ingredient missing (for me at last. It was in the community already):
So the overall way to get your own btcpayserver running on your umbrel is:
- Follow @jorijn 's super guide in the first post (but replace the ports 15080/15443 with 40443/40080, and understand that most things can now be done with GUIs instead of command line interface)
- Follow the instructions in BTCPayServer on Umbrel w/ Cloudflare Tunnels to make your btcpayserver proxy work correctly with/for HTTPS
For BTCPayserver you need to forward to port 3003 not 80.
You also need to setup SSL in the SSL tab of the proxy host (requires you to get a certificate).
@jorijn thank you very much for this guide. I’m having a problem at Step 6 though…
When I run:
sudo certbot --nginx -d btcpay.jorijn.com -m jorijn@jorijn.com --agree-tos --no-eff-email --tls-sni-01-port 40443 --http-01-port 40080
I get:
certbot: error: unrecognized arguments: --tls-sni-01-port 40443
It appears Certbot no longer recognizes the --tls-sni-01-port option for “security” concerns.
What might be a solution?