You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi I'm using current docker image: jc21/nginx-proxy-manager:latest
Version v2.7.2 is reported on the npm login page (after I worked around the problem)
I initially obtained my LE certs in Jan 2021, however they never automatically renewed. I couldn't reach the npm web interface b/c of the hsts error when trying to reach the npm website b/c the certs had expired.
The npm docker container kept running however I kept receiving errors in the docker logs like the following:
[9/9/2021] [1:08:06 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[9/9/2021] [1:11:54 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Challenge failed for domain npm.domain.com
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping.
Basically the logs were littered with these types of errors.
For background I'm using dns challenge authentication through cloudflare with API (not Global) key.
I've worked with certbot before and manually logged into the container and simply ran:
certbot renew
and just typing this alone -- all the certificates were renewed -- which is super strange since it proves at least my authentication credentials were valid.
I'm not using a webroot challenge so I'm not sure why this is included in the ini file.
Further more the /data partition is an external mounted volume specified in my docker-compose.yml file:
Lastly addressing the other error: Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping.
The contents of npm-1.conf are the following:
# renew_before_expiry = 30 days
version = 1.4.0
archive_dir = /etc/letsencrypt/archive/npm-1
cert = /etc/letsencrypt/live/npm-1/cert.pem
privkey = /etc/letsencrypt/live/npm-1/privkey.pem
chain = /etc/letsencrypt/live/npm-1/chain.pem
fullchain = /etc/letsencrypt/live/npm-1/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = <REDACTED>
authenticator = dns-cloudflare
dns_cloudflare_credentials = /etc/letsencrypt/credentials/credentials-1
server = https://acme-v02.api.letsencrypt.org/directory
npm run as docker container within a Virtualized Ubuntu 20.04 host within FreeNAS bhyve hypervisor.
Ideally I'd like certs to be renewed automatically without any manual intervention.
The text was updated successfully, but these errors were encountered:
The certbot config is generic, so it is always the same independent of whether you only use http challenges, only use dns challenges, both or neither.
Unfortunately the certbot console output is very limited, to find out what the actual problem is, we would need the letsencrypt log. See Unable to create or renew certificate on how to access it.
Hi I'm using current docker image: jc21/nginx-proxy-manager:latest
Version v2.7.2 is reported on the npm login page (after I worked around the problem)
I initially obtained my LE certs in Jan 2021, however they never automatically renewed. I couldn't reach the npm web interface b/c of the hsts error when trying to reach the npm website b/c the certs had expired.
The npm docker container kept running however I kept receiving errors in the docker logs like the following:
Basically the logs were littered with these types of errors.
For background I'm using dns challenge authentication through cloudflare with API (not Global) key.
I've worked with certbot before and manually logged into the container and simply ran:
and just typing this alone -- all the certificates were renewed -- which is super strange since it proves at least my authentication credentials were valid.
So investigating further the command:
/etc/letsencrypt.ini contains the following:
I'm not using a webroot challenge so I'm not sure why this is included in the ini file.
Further more the /data partition is an external mounted volume specified in my docker-compose.yml file:
Further more
--preferred-challenges "dns,http"
Why is http listed as preferred-challenge?
Lastly addressing the other error:
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping.
The contents of npm-1.conf are the following:
npm run as docker container within a Virtualized Ubuntu 20.04 host within FreeNAS bhyve hypervisor.
Ideally I'd like certs to be renewed automatically without any manual intervention.
The text was updated successfully, but these errors were encountered: