starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #141] New Proxy Host + SSL #126

New issue
Closed
opened 2026-02-26 06:30:26 +03:00 by kerem · 14 comments
kerem commented 2026-02-26 06:30:26 +03:00
Owner
Copy link

Originally created by @nunofmds on GitHub (May 10, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/141

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    Yes
  • Are you sure you're not using someone else's docker image?
    Yes
  • If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?
    Yes

Describe the bug

  • A clear and concise description of what the bug is.
    When add a New Proxy Host with Request New SSL Certificate option there is a Timeout and after refresh the New Proxy Host appears and Certificate as well but it's unusable since there is nothing at the directory of certificates.
    As workaround I created the Proxy Host first, went to SSL Main Tab to generate the certificate, went back to Proxy Host and associate it.

  • What version of Nginx Proxy Manager is reported on the login page?
    v2.0.13

To Reproduce
Steps to reproduce the behavior:

  1. Go to New Proxy Host
  2. Click on Add Proxy Host
  3. Fill everything necessary
  4. Request New SSL Certificate
  5. Save
  6. Timeout message will appear

Expected behavior
First time I used this manager everything worked like a charm. This start happening after I tried to renew the certificates since they expired...Maybe it's related to the fact that certificates was generated before. I reinstalled the full manager with the cleanup of data directories, downloaded the latest docker image and behavior was the same even if I used the new renew option.

Screenshots
If applicable, add screenshots to help explain your problem.
2019-05-09 22_40_00-
2019-05-10 20_59_03-Window

Operating System

  • Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error.

Additional context
Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little.

Errors
Command failed: /usr/bin/certbot renew -n --force-renewal --disable-hook-validation --cert-name "npm-2" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
No certificate found with name npm-2 (expected /etc/letsencrypt/renewal/npm-2.conf).,

Originally created by @nunofmds on GitHub (May 10, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/141 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? **Yes** - Are you sure you're not using someone else's docker image? **Yes** - If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? **Yes** **Describe the bug** - A clear and concise description of what the bug is. When add a New Proxy Host with Request New SSL Certificate option there is a Timeout and after refresh the New Proxy Host appears and Certificate as well but it's unusable since there is nothing at the directory of certificates. As workaround I created the Proxy Host first, went to SSL Main Tab to generate the certificate, went back to Proxy Host and associate it. - What version of Nginx Proxy Manager is reported on the login page? **v2.0.13** **To Reproduce** Steps to reproduce the behavior: 1. Go to New Proxy Host 2. Click on Add Proxy Host 3. Fill everything necessary 4. Request New SSL Certificate 5. Save 6. Timeout message will appear **Expected behavior** First time I used this manager everything worked like a charm. This start happening after I tried to renew the certificates since they expired...Maybe it's related to the fact that certificates was generated before. I reinstalled the full manager with the cleanup of data directories, downloaded the latest docker image and behavior was the same even if I used the new renew option. **Screenshots** If applicable, add screenshots to help explain your problem. ![2019-05-09 22_40_00-](https://user-images.githubusercontent.com/8095169/57555591-a2698f80-736c-11e9-915f-b016b59d12cf.png) ![2019-05-10 20_59_03-Window](https://user-images.githubusercontent.com/8095169/57555592-a3022600-736c-11e9-9a0b-ec6bc5a31da5.png) **Operating System** - Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. **Additional context** Add any other context about the problem here, docker version, browser version if applicable to the problem. Too much info is better than too little. **Errors** Command failed: /usr/bin/certbot renew -n --force-renewal --disable-hook-validation --cert-name "npm-2" , Saving debug log to /var/log/letsencrypt/letsencrypt.log, No certificate found with name npm-2 (expected /etc/letsencrypt/renewal/npm-2.conf).,
kerem 2026-02-26 06:30:26 +03:00
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@OhHeyAlan commented on GitHub (May 10, 2019):

@xNuno This is not a bug, you can't request TLS certs for your localhost 192.168.1.10 from a CA. CA's will only issue certs for a TLD example.com you have control of.

You can try creating a self-signed cert to be used on your localhost but you'll get insecure browser warnings.

<!-- gh-comment-id:491429864 --> @OhHeyAlan commented on GitHub (May 10, 2019): @xNuno This is not a bug, you can't request TLS certs for your localhost `192.168.1.10` from a CA. CA's will only issue certs for a TLD `example.com` you have control of. You can try creating a self-signed cert to be used on your localhost but you'll get insecure browser warnings.
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@nunofmds commented on GitHub (May 10, 2019):

@OhHeyAlan, I didn't request certificate for my localhost...I just used my lan ip to reach Proxy Manager... I request it for a duckdns domain... Of course it works for my domain because if I do 1 step at time like I explained it works...

<!-- gh-comment-id:491430555 --> @nunofmds commented on GitHub (May 10, 2019): @OhHeyAlan, I didn't request certificate for my localhost...I just used my lan ip to reach Proxy Manager... I request it for a duckdns domain... Of course it works for my domain because if I do 1 step at time like I explained it works...
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@OhHeyAlan commented on GitHub (May 10, 2019):

@xNuno Have you checked the folder for /etc/letsencrypt/renewal/npm-2.conf to see if it exist?

Try removing the certs from letsencrypt/live/npm- and just creating new ones. That'll get you back up and running.

<!-- gh-comment-id:491444481 --> @OhHeyAlan commented on GitHub (May 10, 2019): @xNuno Have you checked the folder for `/etc/letsencrypt/renewal/npm-2.conf` to see if it exist? Try removing the certs from `letsencrypt/live/npm-` and just creating new ones. That'll get you back up and running.
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@nunofmds commented on GitHub (May 10, 2019):

@OhHeyAlan, tried that before... Did you try to reproduce the steps I refer? Maybe it's only me with this...

<!-- gh-comment-id:491445126 --> @nunofmds commented on GitHub (May 10, 2019): @OhHeyAlan, tried that before... Did you try to reproduce the steps I refer? Maybe it's only me with this...
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@OhHeyAlan commented on GitHub (May 11, 2019):

I personally use a wildcard cert from certbot. I've set it up via a volume in docker-compose so its automatically applied to all domains by default...

<!-- gh-comment-id:491467823 --> @OhHeyAlan commented on GitHub (May 11, 2019): I personally use a wildcard cert from certbot. I've set it up via a volume in docker-compose so its automatically applied to all domains by default...
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (May 12, 2019):

Whenever you see "Internal Error" in the UI, then some shit is broken.. What does the docker logs say for that error?

In the latest release I increased the XHR timeout to 30 seconds so requesting a LE cert shouldn't cause problems, but it looks like you're renewing and for some reason, the certificate you're renewing isn't fully configured on disk anymore.

Everything is working fine on my production with the latest version. If you don't have much to setup, it might be worth starting fresh?

<!-- gh-comment-id:491635554 --> @jc21 commented on GitHub (May 12, 2019): Whenever you see "Internal Error" in the UI, then some shit is broken.. What does the `docker logs` say for that error? In the latest release I increased the XHR timeout to 30 seconds so requesting a LE cert shouldn't cause problems, but it looks like you're renewing and for some reason, the certificate you're renewing isn't fully configured on disk anymore. Everything is working fine on my production with the latest version. If you don't have much to setup, it might be worth starting fresh?
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@nunofmds commented on GitHub (May 13, 2019):

@jc21, yep...I installed everything from scratch and it's ok if I do first the proxy add and after the certificate request. Maybe is the timeout don't know. I remember to see something on the logs point to .wellknow url but that was not available when I tried manually.

This can be caused on the time you make a new certificate there is a validation from let's encrypt to make sure you are the owner of the dns...

If you can't reproduce let's close this till I found more info.

<!-- gh-comment-id:491682358 --> @nunofmds commented on GitHub (May 13, 2019): @jc21, yep...I installed everything from scratch and it's ok if I do first the proxy add and after the certificate request. Maybe is the timeout don't know. I remember to see something on the logs point to .wellknow url but that was not available when I tried manually. This can be caused on the time you make a new certificate there is a validation from let's encrypt to make sure you are the owner of the dns... If you can't reproduce let's close this till I found more info.
kerem commented 2026-02-26 06:30:27 +03:00
Author
Owner
Copy link

@battilo commented on GitHub (Jun 25, 2019):

Hi everyone... I have the same problem in a new installation into a freenas vm.
I also use the duckdns ddns service.
I didn't found the "Let's Encrypt" certs in right path... every time I tried, I had the same result.
This evening I'll try to create the certs before.

<!-- gh-comment-id:505435542 --> @battilo commented on GitHub (Jun 25, 2019): Hi everyone... I have the same problem in a new installation into a freenas vm. I also use the duckdns ddns service. I didn't found the "Let's Encrypt" certs in right path... every time I tried, I had the same result. This evening I'll try to create the certs before.
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@nunofmds commented on GitHub (Jun 25, 2019):

Hi,

Make sure you are forwarding port 443 and 80 to your server...

Regards,
Nuno Silva

<!-- gh-comment-id:505445666 --> @nunofmds commented on GitHub (Jun 25, 2019): Hi, Make sure you are forwarding port 443 and 80 to your server... Regards, Nuno Silva
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@Sigri44 commented on GitHub (Jul 23, 2019):

Good morning, everyone!

I managed to fix this "internal error" problem. In fact, it only comes into play if you activate SSL on your host, and especially if you activate SSL when you have not yet created your domain (or it is not yet deployed... ! ; ;)).

I did different tests, creating the domain, then enabling the host (without SSL!) in NPM it works. if you enable SSL by returning to the settings, internal error, but once the domain is created, then no SSL error, even creating everything in one step :)

<!-- gh-comment-id:514112191 --> @Sigri44 commented on GitHub (Jul 23, 2019): Good morning, everyone! I managed to fix this "internal error" problem. In fact, it only comes into play if you activate SSL on your host, and especially if you activate SSL when you have not yet created your domain (or it is not yet deployed... ! ; ;)). I did different tests, creating the domain, then enabling the host (without SSL!) in NPM it works. if you enable SSL by returning to the settings, internal error, but once the domain is created, then no SSL error, even creating everything in one step :)
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Jul 23, 2019):

Duplicate of #133

<!-- gh-comment-id:514406692 --> @jc21 commented on GitHub (Jul 23, 2019): Duplicate of #133
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@axute commented on GitHub (Sep 17, 2020):

i dont think it is a duplicate of #133 .
i use raspberry3 and odroid (hc1) and have also a timeout (odroid runs with ssd-hd and 8 cores).
In the container logs i can see the letsencrypt request, it took 37 seconds (minimum). The ajax request will canceled after 30 seconds.

github.com/jc21/nginx-proxy-manager@28f72086ec/frontend/js/app/api.js (L56)

I also believe that the certificate request takes longer with each certificate in my store - but that's just a subjective perception.

<!-- gh-comment-id:693897170 --> @axute commented on GitHub (Sep 17, 2020): i dont think it is a duplicate of #133 . i use raspberry3 and odroid (hc1) and have also a timeout (odroid runs with ssd-hd and 8 cores). In the container logs i can see the letsencrypt request, it took 37 seconds (minimum). The ajax request will canceled after 30 seconds. https://github.com/jc21/nginx-proxy-manager/blob/28f72086ec2d8cd168fbf1aab99c770dfdc0f092/frontend/js/app/api.js#L56 I also believe that the certificate request takes longer with each certificate in my store - but that's just a subjective perception.
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (May 10, 2021):

A lot has changed since this issue was opened and since the last comment was made. If this is still a problem, please open a new issue. Maybe even a feature request, like configurable letsencrypt timeouts. Though this is basically possible using a DNS challenge.

<!-- gh-comment-id:837400646 --> @chaptergy commented on GitHub (May 10, 2021): A lot has changed since this issue was opened and since the last comment was made. If this is still a problem, please open a new issue. Maybe even a feature request, like configurable letsencrypt timeouts. Though this is basically possible using a DNS challenge.
kerem commented 2026-02-26 06:30:28 +03:00
Author
Owner
Copy link

@axute commented on GitHub (May 12, 2021):

switched to traefik2, sorry - no ui, but works.

<!-- gh-comment-id:839476262 --> @axute commented on GitHub (May 12, 2021): switched to traefik2, sorry - no ui, but works.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#126
No description provided.