[GH-ISSUE #84] Unable to sattisfy challenge using DNS #78

New issue

Closed

opened 2026-02-26 05:34:09 +03:00 by kerem · 8 comments

kerem commented 2026-02-26 05:34:09 +03:00

Owner

Copy link

Originally created by @dogmatic69 on GitHub (Feb 25, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/84

Per title and related to my ticket on local certs (#81), if it was possible to use DNS challenge instead of the HTTP challenge I could at least make local only certs that don't need an endpoint serving data.

The only requirement for a certificate as I understand it is to prove ownership of the domain. http is only one of many possible ways.

Making this line configurable should solve this problem. github.com/jc21/nginx-proxy-manager@a72811ee25/src/backend/internal/certificate.js (L722)

Originally created by @dogmatic69 on GitHub (Feb 25, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/84 Per title and related to my ticket on local certs (#81), if it was possible to use DNS challenge instead of the HTTP challenge I could at least make local only certs that don't need an endpoint serving data. The only requirement for a certificate as I understand it is to prove ownership of the domain. `http` is only one of many possible ways. Making this line configurable should solve this problem. https://github.com/jc21/nginx-proxy-manager/blob/a72811ee256796ae72fc36441858d70ab9633300/src/backend/internal/certificate.js#L722

kerem closed this issue 2026-02-26 05:34:09 +03:00

kerem commented 2026-02-26 05:34:11 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Feb 25, 2019):

1 - This project doesn't handle dns letsencrypt options because it inhibits the user experience. This is an entry level project, for people who don't want to know more than they have to about the internet. Whil there might be a workflow to accomplish this for configured hosts, at this time I'm not planning to work on it.

2 - Even with a dns challenge for letsencrypt, if you're wanting a cert for foo.home you need to own that domain and have public dns configured. From what you've been saying in #81, you don't "own" foo.home domain.

<!-- gh-comment-id:467225989 --> @jc21 commented on GitHub (Feb 25, 2019): 1 - This project doesn't handle dns letsencrypt options because it inhibits the user experience. This is an entry level project, for people who don't want to know more than they have to about the internet. Whil there might be a workflow to accomplish this for configured hosts, at this time I'm not planning to work on it. 2 - Even with a dns challenge for letsencrypt, if you're wanting a cert for `foo.home` you need to own that domain and have public dns configured. From what you've been saying in #81, you don't "own" `foo.home` domain.

kerem commented 2026-02-26 05:34:11 +03:00

Author

Owner

Copy link

@dogmatic69 commented on GitHub (Feb 26, 2019):

I realise that is the case which is why I’ve since purchased a domain.

According to your first point I should now purchase and maintain an endpoint that will respond to the challenges because setting up a single dns entry “inhibits user experience”?

It seems to me that changing http in the code I’ve linked to http,dns Is all that is required. Probably even better would be dns,http so that it does not timeout waiting for a http request. Hardly requires working on as it’s already supported by the certbot.

<!-- gh-comment-id:467294276 --> @dogmatic69 commented on GitHub (Feb 26, 2019): I realise that is the case which is why I’ve since purchased a domain. According to your first point I should now purchase and maintain an endpoint that will respond to the challenges because setting up a single dns entry “inhibits user experience”? It seems to me that changing `http` in the code I’ve linked to `http,dns` Is all that is required. Probably even better would be `dns,http` so that it does not timeout waiting for a http request. Hardly requires working on as it’s already supported by the certbot.

kerem commented 2026-02-26 05:34:11 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Feb 26, 2019):

The goal of this project is to allow people who expose their home-hosted services to the internet simply and securely. You want to use this to host your private services but still want free SSL. I guess you don't trust your private network traffic.

You are welcome to make the change if you so feel. When you create a PR then CI will even create a docker image based on it for testing.

<!-- gh-comment-id:467300050 --> @jc21 commented on GitHub (Feb 26, 2019): The goal of this project is to allow people who expose their home-hosted services to the internet simply and securely. You want to use this to host your private services but still want free SSL. I guess you don't trust your private network traffic. You are welcome to make the change if you so feel. When you create a PR then CI will even create a docker image based on it for testing.

kerem commented 2026-02-26 05:34:11 +03:00

Author

Owner

Copy link

@dogmatic69 commented on GitHub (Feb 26, 2019):

I also want to expose my home hosted service to the internet, but will be doing so behind a VPN.

I trust private traffic to some extent, but am tired of having to accept SSL errors for the various apps I use so putting them behind a valid certificate will remove that pain.

I'll see if I have some time tonight to test out the change.

<!-- gh-comment-id:467320128 --> @dogmatic69 commented on GitHub (Feb 26, 2019): I also want to expose my home hosted service to the internet, but will be doing so behind a VPN. I trust private traffic to some extent, but am tired of having to accept SSL errors for the various apps I use so putting them behind a valid certificate will remove that pain. I'll see if I have some time tonight to test out the change.

kerem commented 2026-02-26 05:34:11 +03:00

Author

Owner

Copy link

@dogmatic69 commented on GitHub (Feb 28, 2019):

I've tried to run this new image but its completely different to what I was running. In docker hub it says to run the following which is what I have.

    --name=nginx-proxy-manager \
    -p 8181:8181 \
    -p 8080:8080 \
    -p 4443:4443 \
    -v /docker/appdata/nginx-proxy-manager:/config:rw \
    jlesage/nginx-proxy-manager

Now it seems mysql is ripped out and all the files have moved around as docker-compose says

      - ./data:/data
      - ./data/letsencrypt:/etc/letsencrypt
      - .:/app
      - ./rootfs/etc/nginx:/etc/nginx```

<!-- gh-comment-id:468433640 --> @dogmatic69 commented on GitHub (Feb 28, 2019): I've tried to run this new image but its completely different to what I was running. In docker hub it says to run the following which is what I have. ```docker run -d \ --name=nginx-proxy-manager \ -p 8181:8181 \ -p 8080:8080 \ -p 4443:4443 \ -v /docker/appdata/nginx-proxy-manager:/config:rw \ jlesage/nginx-proxy-manager ``` Now it seems mysql is ripped out and all the files have moved around as docker-compose says ``` volumes: - ./data:/data - ./data/letsencrypt:/etc/letsencrypt - .:/app - ./rootfs/etc/nginx:/etc/nginx```

kerem commented 2026-02-26 05:34:12 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Feb 28, 2019):

Nowhere in this github repo or on my Dockerhub page does it mention to use the jlesage/nginx-proxy-manager docker image. That's someone else using my project with their own docker builds and the PR test docker images are not built with that.

<!-- gh-comment-id:468483118 --> @jc21 commented on GitHub (Feb 28, 2019): Nowhere in this github repo or on my [Dockerhub](https://cloud.docker.com/repository/docker/jc21/nginx-proxy-manager) page does it mention to use the `jlesage/nginx-proxy-manager` docker image. That's [someone else using my project with their own docker builds](https://github.com/jlesage/docker-nginx-proxy-manager) and the PR test docker images are not built with that.

kerem commented 2026-02-26 05:34:12 +03:00

Author

Owner

Copy link

@dogmatic69 commented on GitHub (Mar 1, 2019):

Explains some things, I'll spin up a new docker env to test it.

<!-- gh-comment-id:468594419 --> @dogmatic69 commented on GitHub (Mar 1, 2019): Explains some things, I'll spin up a new docker env to test it.

kerem commented 2026-02-26 05:34:12 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 8, 2019):

See #85 and #120

<!-- gh-comment-id:490314066 --> @jc21 commented on GitHub (May 8, 2019): See #85 and #120

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#78

No description provided.