starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #3076] IPV6 LetsEncryp #2086

New issue
Closed
opened 2026-02-26 07:33:58 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 07:33:58 +03:00
Owner
Copy link

Originally created by @boyi01 on GitHub (Jul 24, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3076

Describe the bug
When i try to get my certificate, lets encrypt can't complete the challenge, when i open the url i can see the standart landing page of npm, so my aaaa dns should be working:

2023-07-24 16:08:35,862:DEBUG:acme.client:Storing nonce: 15C9rNUqj6LMPBHqg2UA0XHdZkwyeADYjnrfgJBnmygcTWA
2023-07-24 16:08:35,863:INFO:certbot._internal.auth_handler:Challenge failed for domain nasboyi.my.to
2023-07-24 16:08:35,863:INFO:certbot._internal.auth_handler:http-01 challenge for nasboyi.my.to
2023-07-24 16:08:35,863:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: nasboyi.my.to
  Type:   connection
  Detail: 2a02:8071:52d0:dbc0:21e:6ff:fe45:25a6: Fetching http://nasboyi.my.to/.well-known/acme-challenge/l8p3qDW7pzjty7Vq16YigG7XHgIbJytAOHBrOtR-lFI: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-07-24 16:08:35,866:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-24 16:08:35,866:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-24 16:08:35,867:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-24 16:08:35,867:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l8p3qDW7pzjty7Vq16YigG7XHgIbJytAOHBrOtR-lFI
2023-07-24 16:08:35,867:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-07-24 16:08:35,868:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-24 16:08:35,871:ERROR:certbot._internal.log:Some challenges have failed.

2.9.11

To Reproduce
i have enabled ipv6 like here:
https://docs.docker.com/config/daemon/ipv6/
and startet the server with this docker-compose:

U nano 7.2                                                                                                                   docker-compose.yml
version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./ng/data:/data
      - ./ng/letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./mysql:/var/lib/mysql
networks:
  network1:
    name: ip6net
    external: true

Then i create a prox host with ssl and i got the error

Operating System
Debian

Originally created by @boyi01 on GitHub (Jul 24, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3076 **Describe the bug** When i try to get my certificate, lets encrypt can't complete the challenge, when i open the url i can see the standart landing page of npm, so my aaaa dns should be working: ``` 2023-07-24 16:08:35,862:DEBUG:acme.client:Storing nonce: 15C9rNUqj6LMPBHqg2UA0XHdZkwyeADYjnrfgJBnmygcTWA 2023-07-24 16:08:35,863:INFO:certbot._internal.auth_handler:Challenge failed for domain nasboyi.my.to 2023-07-24 16:08:35,863:INFO:certbot._internal.auth_handler:http-01 challenge for nasboyi.my.to 2023-07-24 16:08:35,863:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: nasboyi.my.to Type: connection Detail: 2a02:8071:52d0:dbc0:21e:6ff:fe45:25a6: Fetching http://nasboyi.my.to/.well-known/acme-challenge/l8p3qDW7pzjty7Vq16YigG7XHgIbJytAOHBrOtR-lFI: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2023-07-24 16:08:35,866:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-07-24 16:08:35,866:DEBUG:certbot._internal.error_handler:Calling registered functions 2023-07-24 16:08:35,867:INFO:certbot._internal.auth_handler:Cleaning up challenges 2023-07-24 16:08:35,867:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l8p3qDW7pzjty7Vq16YigG7XHgIbJytAOHBrOtR-lFI 2023-07-24 16:08:35,867:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2023-07-24 16:08:35,868:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1434, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-07-24 16:08:35,871:ERROR:certbot._internal.log:Some challenges have failed. ``` **2.9.11** <!-- What version of Nginx Proxy Manager is reported on the login page? --> **To Reproduce** i have enabled ipv6 like here: https://docs.docker.com/config/daemon/ipv6/ and startet the server with this docker-compose: ``` U nano 7.2 docker-compose.yml version: '3.8' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: # These ports are in format <host-port>:<container-port> - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port # Add any other Stream port you want to expose # - '21:21' # FTP environment: # Mysql/Maria connection parameters: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "npm" DB_MYSQL_NAME: "npm" # Uncomment this if IPv6 is not enabled on your host # DISABLE_IPV6: 'true' volumes: - ./ng/data:/data - ./ng/letsencrypt:/etc/letsencrypt depends_on: - db db: image: 'jc21/mariadb-aria:latest' restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'npm' volumes: - ./mysql:/var/lib/mysql networks: network1: name: ip6net external: true ``` Then i create a prox host with ssl and i got the error **Operating System** Debian
kerem 2026-02-26 07:33:58 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 07:33:59 +03:00
Author
Owner
Copy link

@boyi01 commented on GitHub (Jul 26, 2023):

The Problem was my ipv6 config..
check if ping6 works... do not trust on a successfull call the landing page.

<!-- gh-comment-id:1652440083 --> @boyi01 commented on GitHub (Jul 26, 2023): The Problem was my ipv6 config.. check if ping6 works... do not trust on a successfull call the landing page.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2086
No description provided.