mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-04-25 09:25:55 +03:00
[GH-ISSUE #556] SSL certificate error #469
Labels
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/nginx-proxy-manager-NginxProxyManager#469
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @marcomilanivi on GitHub (Aug 13, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/556
Hi,
I'm not able to get a valid SSL certificate with Let's Enncrypt.
Running the container on a Raspberry Pi 4 created from the following stack:
version: "3"
services:
app:
image: jc21/nginx-proxy-manager:latest
container_name: nginx-proxy-manager
volumes:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
ports:
- 80:80
- 443:440
- 82:81
restart: unless-stopped
db:
image: yobasystems/alpine-mariadb:latest
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: ROOTPASSWORD
MYSQL_DATABASE: DBNAME
MYSQL_USER: DBUSERNAME
MYSQL_PASSWORD: DBPASSWORD
volumes:
- /srv/dev-disk-by-label-Files/Config/NGINXDB:/var/lib/mysql
expose:
- "3306"
and this config.json file:
{
"database": {
"engine": "mysql",
"host": "db",
"name": "DBNAME",
"user": "DBUSERNAME",
"password": "DBPASSWORD",
"port": 3306
}
}
I got an "Internal error" on the SSL certificates creation process, this is the log:
[8/13/2020] [10:39:17 AM] [Nginx ] › ℹ info Reloading Nginx
[8/13/2020] [10:39:17 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #3: xxxxxxxxxxxxx
[8/13/2020] [10:39:25 AM] [Nginx ] › ℹ info Reloading Nginx
[8/13/2020] [10:39:25 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --email "xxxxxxxxxxx@gmail.com" --preferred-challenges "dns,http" --webroot --domains "xxxxxxxxxxx"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxxxxxxx
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain xxxxxxxxxxx
http-01 challenge for xxxxxxxxxxx
Cleaning up challenges
Some challenges have failed.
Looking at suggested /var/log/letsencrypt/letsencrypt.log I didn't find such folder at all!
Without SSL cert my proxy host is correctly accessible from the internet (http://).
Thanks.
@growlf commented on GitHub (Aug 21, 2020):
Just jumping in here, and I might be way off, but it seems the line
Challenge failed for domain xxxxxxxxxxxmight be from trying to create a certificate when the RaspberryPi port 443 is not exposed to the outside internet for LetsEncrypt to talk to - which is generally needed when creating the certificate for validation purposes. Check that you have the 80 and 443 ports exposed (and forwarded to your Pi) and try again? That, or make sure to fully config the DNS challenge option instead (see https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation for some good and gritty detail on that).