Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal server error on certificate renewal #1269

Closed
chaptergy opened this issue Jul 28, 2021 · 3 comments
Closed

Internal server error on certificate renewal #1269

chaptergy opened this issue Jul 28, 2021 · 3 comments

Comments

@chaptergy
Copy link
Collaborator

I'm facing the same error with myself, I can't renew any certificate. My server has been running for a long time, before I was able to renew, now not anymore.

Captura de tela de 2021-07-28 12-51-42

Originally posted by @talesam in #1208 (comment)
@chaptergy
Copy link
Collaborator Author

@talesam More information is required to see what this could be about. Are you using the DNS challenge for this certificate or not? If not, is port 80 forwarded in your router? Do the logs of NPM show any useful information?

@chaptergy
Copy link
Collaborator Author

Closed in favor of #1270

@talesam
Copy link

talesam commented Jul 28, 2021 

Attaching to nginxproxymanager_app_1, nginxproxymanager_db_1
db_1   | [i] pre-init.d - processing /scripts/pre-init.d/01_secret-init.sh
db_1   | [i] mysqld not found, creating....
db_1   | [i] MySQL directory already present, skipping creation
db_1   | 2021-07-28 16:06:22 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 1 ...
db_1   | 2021-07-28 16:06:22 0 [Note] Plugin 'InnoDB' is disabled.
db_1   | 2021-07-28 16:06:22 0 [Note] Plugin 'FEEDBACK' is disabled.
db_1   | 2021-07-28 16:06:22 0 [Note] Server socket created on IP: '::'.
db_1   | 2021-07-28 16:06:22 0 [Warning] 'user' entry '@5e0f82917f27' ignored in --skip-name-resolve mode.
db_1   | 2021-07-28 16:06:22 0 [Warning] 'proxies_priv' entry '@% root@5e0f82917f27' ignored in --skip-name-resolve mode.
db_1   | 2021-07-28 16:06:22 0 [Note] Reading of all Master_info entries succeeded
db_1   | 2021-07-28 16:06:22 0 [Note] Added new Master_info '' to hash table
db_1   | 2021-07-28 16:06:22 0 [Note] /usr/bin/mysqld: ready for connections.
db_1   | Version: '10.4.15-MariaDB'  socket: '/run/mysqld/mysqld.sock'  port: 3306  MariaDB Server
app_1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
app_1  | [s6-init] ensuring user provided files have correct perms...exited 0.
app_1  | [fix-attrs.d] applying ownership & permissions fixes...
app_1  | [fix-attrs.d] done.
app_1  | [cont-init.d] executing container initialization scripts...
app_1  | [cont-init.d] 01_perms.sh: executing... 
app_1  | Changing ownership of /data/logs to 0:0
app_1  | [cont-init.d] 01_perms.sh: exited 0.
app_1  | [cont-init.d] 01_s6-secret-init.sh: executing... 
app_1  | [cont-init.d] 01_s6-secret-init.sh: exited 0.
app_1  | [cont-init.d] done.
app_1  | [services.d] starting services
app_1  | [services.d] done.
app_1  | ❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
app_1  |   ❯ /etc/nginx/conf.d/include/block-exploits.conf
app_1  |   ❯ /etc/nginx/conf.d/include/ip_ranges.conf
app_1  |   ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
app_1  |   ❯ /etc/nginx/conf.d/include/force-ssl.conf
app_1  |   ❯ /etc/nginx/conf.d/include/assets.conf
app_1  |   ❯ /etc/nginx/conf.d/include/proxy.conf
app_1  |   ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
app_1  |   ❯ /etc/nginx/conf.d/include/resolvers.conf
app_1  |   ❯ /etc/nginx/conf.d/default.conf
app_1  |   ❯ /etc/nginx/conf.d/production.conf
app_1  | ❯ Enabling IPV6 in hosts: /data/nginx
app_1  |   ❯ /data/nginx/proxy_host/14.conf
app_1  |   ❯ /data/nginx/proxy_host/27.conf
app_1  |   ❯ /data/nginx/proxy_host/26.conf
app_1  |   ❯ /data/nginx/proxy_host/19.conf
app_1  |   ❯ /data/nginx/proxy_host/17.conf
app_1  |   ❯ /data/nginx/proxy_host/25.conf
app_1  |   ❯ /data/nginx/proxy_host/15.conf
app_1  |   ❯ /data/nginx/proxy_host/20.conf
app_1  | [7/28/2021] [4:06:23 PM] [Global   ] › ℹ  info      Generating MySQL db configuration from environment variables
app_1  | [7/28/2021] [4:06:23 PM] [Global   ] › ℹ  info      Wrote db configuration to config file: ./config/production.json
app_1  | [7/28/2021] [4:06:23 PM] [Migrate  ] › ℹ  info      Current database version: 20210210154703
app_1  | [7/28/2021] [4:06:24 PM] [Setup    ] › ℹ  info      Creating a new JWT key pair...
app_1  | [7/28/2021] [4:06:26 PM] [Setup    ] › ℹ  info      Wrote JWT key pair to config file: /app/config/production.json
app_1  | [7/28/2021] [4:06:26 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
app_1  | [7/28/2021] [4:06:26 PM] [Setup    ] › ℹ  info      Logrotate completed.
app_1  | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
app_1  | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
app_1  | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
app_1  | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
app_1  | [7/28/2021] [4:06:27 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
app_1  | [7/28/2021] [4:06:27 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
app_1  | [7/28/2021] [4:06:27 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
app_1  | [7/28/2021] [4:06:27 PM] [Global   ] › ℹ  info      Backend PID 229 listening on port 3000 ...
app_1  | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
app_1  | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
app_1  | QueryBuilder#omit is deprecated. This method will be removed in version 3.0
app_1  | [7/28/2021] [4:06:50 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | [7/28/2021] [4:07:03 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
app_1  | [7/28/2021] [4:07:46 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | [7/28/2021] [4:08:05 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | [7/28/2021] [4:09:25 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
app_1  | Failed to renew certificate npm-11 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-18 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-37 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-38 with error: Some challenges have failed.
app_1  | All renewals failed. The following certificates could not be renewed:
app_1  |   /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-18/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-37/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-38/fullchain.pem (failure)
app_1  | 4 renew failure(s), 0 parse failure(s)
app_1  | 
app_1  |     at ChildProcess.exithandler (node:child_process:326:12)
app_1  |     at ChildProcess.emit (node:events:369:20)
app_1  |     at maybeClose (node:internal/child_process:1067:16)
app_1  |     at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
app_1  | [7/28/2021] [4:10:49 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | [7/28/2021] [4:10:49 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #45: cloud.t4l35.host
app_1  | [7/28/2021] [4:10:49 PM] [SSL      ] › ℹ  info      Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-45" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "cloud.t4l35.host" 
app_1  | [7/28/2021] [4:10:53 PM] [SSL      ] › ✔  success   Requesting a certificate for cloud.t4l35.host
app_1  | 
app_1  | Successfully received certificate.
app_1  | Certificate is saved at: /etc/letsencrypt/live/npm-45/fullchain.pem
app_1  | Key is saved at:         /etc/letsencrypt/live/npm-45/privkey.pem
app_1  | This certificate expires on 2021-10-26.
app_1  | These files will be updated when the certificate renews.
app_1  | 
app_1  | NEXT STEPS:
app_1  | - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
app_1  | 
app_1  | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
app_1  | If you like Certbot, please consider supporting our work by:
app_1  |  * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
app_1  |  * Donating to EFF:                    https://eff.org/donate-le
app_1  | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
app_1  | [7/28/2021] [4:10:53 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | [7/28/2021] [4:10:53 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app_1  | [7/28/2021] [4:11:02 PM] [Nginx    ] › ℹ  info      Reloading Nginx

@NginxProxyManager NginxProxyManager locked and limited conversation to collaborators Jul 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@talesam @chaptergy