starred/nginx-ui

Fork 0

mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-25 08:45:58 +03:00

[GH-ISSUE #167] Can't update Let's encrypt certs because port 9180 isn't listening #4519

New issue

Closed

opened 2026-03-01 15:33:53 +03:00 by kerem · 6 comments

kerem commented

2026-03-01 15:33:53 +03:00

Owner

Originally created by @iterprise on GitHub (Sep 12, 2023).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/167

Can't update Let's encrypt certs because port 9180 isn't listening

Server OS: Ubuntu 22.04.3 LTS
Server Arch: x64
Nginx UI Version: v1.9.9

curl http://127.0.0.1:9180
curl: (7) Failed to connect to 127.0.0.1 port 9180 after 0 ms: Connection refused

Originally created by @iterprise on GitHub (Sep 12, 2023). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/167 Can't update Let's encrypt certs because port 9180 isn't listening - Server OS: Ubuntu 22.04.3 LTS - Server Arch: x64 - Nginx UI Version: v1.9.9 curl http://127.0.0.1:9180 curl: (7) Failed to connect to 127.0.0.1 port 9180 after 0 ms: Connection refused ![image](https://github.com/0xJacky/nginx-ui/assets/19260096/5b983935-c97c-4947-ae88-8f5ab3bdd75b)

kerem

2026-03-01 15:33:53 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-01 15:33:54 +03:00

Author

Owner

@0xJacky commented on GitHub (Sep 13, 2023):

Hi, port 9180 only listening when issuing the cert, we need to check logs for more details.JackyOn Sep 13, 2023, at 4:07 AM, iterprise @.***> wrote:
Can't update Let's encrypt certs because port 9180 isn't listening

Server OS: Ubuntu 22.04.3 LTS
Server Arch: x64
Nginx UI Version: v1.9.9

curl http://127.0.0.1:9180
curl: (7) Failed to connect to 127.0.0.1 port 9180 after 0 ms: Connection refused

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

@0xJacky commented on GitHub (Sep 13, 2023): Hi, port 9180 only listening when issuing the cert, we need to check logs for more details.JackyOn Sep 13, 2023, at 4:07 AM, iterprise ***@***.***> wrote: Can't update Let's encrypt certs because port 9180 isn't listening Server OS: Ubuntu 22.04.3 LTS Server Arch: x64 Nginx UI Version: v1.9.9 curl http://127.0.0.1:9180 curl: (7) Failed to connect to 127.0.0.1 port 9180 after 0 ms: Connection refused —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

kerem commented

2026-03-01 15:33:54 +03:00

Author

Owner

@iterprise commented on GitHub (Sep 13, 2023):

What logs do you need?

For ex:
13.59.60.96 - - [12/Sep/2023:19:49:34 +0000] "GET /.well-known/acme-challenge/c0d3 HTTP/1.1" 307 180 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

We got 307 because nginx can't connect to 9180

server {
    listen 80;
    listen [::]:80;
    server_name name.me;
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
    return 307 https://$server_name$request_uri;
}

@iterprise commented on GitHub (Sep 13, 2023): What logs do you need? For ex: `13.59.60.96 - - [12/Sep/2023:19:49:34 +0000] "GET /.well-known/acme-challenge/c0d3 HTTP/1.1" 307 180 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"` We got 307 because nginx can't connect to 9180 ``` server { listen 80; listen [::]:80; server_name name.me; location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } return 307 https://$server_name$request_uri; } ```

kerem commented

2026-03-01 15:33:55 +03:00

Author

Owner

@0xJacky commented on GitHub (Sep 13, 2023):

Try to move this block to 443 server

location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }

@0xJacky commented on GitHub (Sep 13, 2023): Try to move this block to 443 server ``` location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } ```

kerem commented

2026-03-01 15:33:55 +03:00

Author

Owner

@iterprise commented on GitHub (Sep 13, 2023):

It works! But I don't understand. Does Let's Encrypt try to connect to HTTPS (port 443) in the beginning?

@iterprise commented on GitHub (Sep 13, 2023): It works! But I don't understand. Does Let's Encrypt try to connect to HTTPS (port 443) in the beginning?

kerem commented

2026-03-01 15:33:55 +03:00

Author

Owner

@0xJacky commented on GitHub (Sep 13, 2023):

Let's Encrpty try to connect to http (port 80) in the beginning, but you addedreturn 307 https://$server_name$request_uri; so the request was redirect to https (port 443), however there was no rule for acme-challenge in your 443 server, so Let's encrypt challenge failed.

@0xJacky commented on GitHub (Sep 13, 2023): Let's Encrpty try to connect to http (port 80) in the beginning, but you added`return 307 https://$server_name$request_uri;` so the request was redirect to https (port 443), however there was no rule for acme-challenge in your 443 server, so Let's encrypt challenge failed.

kerem commented

2026-03-01 15:33:55 +03:00

Author

Owner

@iterprise commented on GitHub (Sep 13, 2023):

server {
    listen 80;
    listen [::]:80;
    server_name name.me;
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
    return 307 https://$server_name$request_uri;
}

I thought that the location /.well-known/acme-challenge worked before return. I understand that it isn't a problem with nginx-ui, but it's still strange. I wanted to avoid adding a rule about .well-known to the HTTPS section. Than you for you help.

@iterprise commented on GitHub (Sep 13, 2023): ``` server { listen 80; listen [::]:80; server_name name.me; location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } return 307 https://$server_name$request_uri; } ``` I thought that the location /.well-known/acme-challenge worked before return. I understand that it isn't a problem with nginx-ui, but it's still strange. I wanted to avoid adding a rule about .well-known to the HTTPS section. Than you for you help.