-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Renew now on SSL Certificates page gives internal error #1816
Comments
Here ist my Log about the Error:
|
Hi, I have been solving this too. I don't know why, but some of my certificates cannot be renewed as it outputs "Connection refused" for acme-challenge as shown on the picture. If this happens, than after each restart of NPM there is stuck processes as shown on the next image, that results in "Another instance of Certbot is already running." If you kill these processes, than you can create new certificate for these domains and it will work as it should (renew will not work). Then go to your host and assign the new certificate to it. Than you can delete the old one. After these changes is done, you can try to restart your NPM and see if there is still that processes. If not, than you are OK and you can ensure yourself by issuing renew. Hope this helps and I am looking forward for this to be fixed. I don't know what cause this, but it happends on all of my 4 NPM installs for only some domains. |
where can i find those logs? in npm/data/logs i find but they don't show me any errors like in your posts |
I have found this log here: /var/log/letsencrypt/letsencrypt.log |
Hi, Just go to your
Make it exectuable:
And run it:
At the end of the script you will be asked if you want to delete the old files which are no longer needed. After running the script restart your nginxproxymanager instance. #!/usr/bin/env bash
DELETE_ME=()
for i in $(find . -name "npm-*" -type d); do
pushd "${i}" &>/dev/null
RELATIVE_PATH=$(echo "${i}" | sed 's/\.\///g')
# find all regular (non symbolic link) files
for t in $(find . -name "*.pem" -type f); do
# remove ./ path prefix
FILE_TO_LINK=$(echo "${t}" | sed 's/\.\///g')
NEW_FILE_NAME=$(echo "${FILE_TO_LINK}" | sed 's/\./1\./g')
echo "${RELATIVE_PATH}/${FILE_TO_LINK} needs to be linked"
echo "Moving ${RELATIVE_PATH}/${FILE_TO_LINK} to ${RELATIVE_PATH}/${FILE_TO_LINK}.bak"
mv "${FILE_TO_LINK}" "${FILE_TO_LINK}".bak
DELETE_ME+=("${RELATIVE_PATH}/${FILE_TO_LINK}.bak")
echo "linking ../../archive/${RELATIVE_PATH}/${NEW_FILE_NAME} to ${RELATIVE_PATH}/${FILE_TO_LINK}"
ln -s ../../archive/"${RELATIVE_PATH}"/"${NEW_FILE_NAME}" "${FILE_TO_LINK}"
if [[ "$?" == 0 ]]; then
echo "success"
else
echo "failure"
fi
done
popd &>/dev/null
done
if [[ -n ${DELETE_ME} ]]; then
echo -e "\nOld *.pem files:\n"
echo "${DELETE_ME[*]}"
echo "Do you want to delete the old *.pem files? (y/n) "
read delete
if [[ "${delete}" == "y" || "${delete}" == "yes" ]]; then
for y in "${DELETE_ME[@]}"; do
rm "${y}"
done
fi
else
echo "Nothing to be done."
fi |
For anyone experiencing this issue, I was able to fix my setup using the following steps:
After doing the above steps for each of my Proxy Hosts, they can be renewed from the GUI. I'm not sure if Auto-renew will work but I guess I'll find out in a couple months. I don't know what caused the problem or if it will come back but at least for now it appears to be working. |
This just create an "Internal error", no new cert. |
The same on my side. |
I had the same issue and solved it by adding a DNS CAA record for the HOST.MYDOMAIN.TLD and setting letsencrypt.org as an authorized certificate provider (I use EasyDNS). |
npm 2.10.1. Out of nowhere expired certs + symlink error on npm startup. Internal error in GUI. Godaddy DNS challenge cert |
Issue is now considered stale. If you want to keep it open, please comment 👍 |
For me the issue is still there:
|
I just get internal error in NPM gui when trying to renew wildcard cert (*.domain.ltd) |
I encountered the same issue when trying to renew certificates using the NPM GUI. Removing the certificate that failed to renew and requesting new ones resolved the problem for me. |
Same issue for me but following these steps seemed to work. Be nice to see this fixed though so we don't have to do things manually. |
I'm seeing this issue still. I need to pull the logs... which I will do shortly. The suggested fix still produced an 'internal error'. In fact, trying to renew the cert and following these instructions above has made it where I'm not longer able to connect to the site due to 'SSL_ERROR_UNRECOGNIZED_NAME_ALERT' I had to go back and manually assign the old cert to get it up again. I deleted the working cert and attempted to manually create a new one. Received the following error in the gui. Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "xxxxxxxxxxx" --preferred-challenges "dns,http" --domains "xxxxxxxxx"
|
Every 2-3 month the same procedure for all hosts. It just does not work automatically. I'am really evaluating to give zoraxy a try because this is really annoying. |
Interestingly enough this started working, but I can't tell you why. I was running certbot -v renew commands in CLI from the docker container and it was throwing errors like....: "Certbot failed to authenticate some domains " "Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet." So i verified the DNS records again, my port forwarding, etc. Everything seemed good. I basically kept fiddling with nginx until suddenly the renew button from the site settings itself just worked all of a sudden. A previous reboot hadn't helped either. Its a mystery |
This Fixed it! Thanks! |
Be careful when running this script! It made my NGINX proxy manager container crash upon restart! It did not work for me in the first place and because most of my |
Experienced this last year and just yesterday. I was able to renew OTHER certificates, and request for new certificates (without challenge). But three particular ones kept giving "Internal Error". I figure to look inside the docker container and didn't see anything out of the ordinary... The problem is resolved by deleting the old certificate and requesting a new one. No changes were made to the docker instance, the DNS of the domain or changes to my network configuration. Just happens out of nowhere, lol. |
I'm on v2.9.15 and have a problem with "renew now" on SSL Certificates tab. I get internal error. Tried with different certs for different proxy hosts. Need more info, then please tell me where to find the needed logs.
The text was updated successfully, but these errors were encountered: