nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
SSL certificate error
Checklist
- Have you pulled and found the error with
jc21/nginx-proxy-manager:latestdocker image?- Yes
- Are you sure you're not using someone else's docker image?
- Yes
- Have you searched for similar issues (both open and closed)?
- Yes
Describe the bug i have a fresh NPM image running and tried to generate SSL certificate for my domain i tried both http/dns challenges for http challenge i get this error:
Communication with the API failed, is NPM running correctly?
or this one:
example.example.com: There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.
for the second error i made sure my DNS record is configured as DNS only and not proxied on cloudflare and i have both port 80 and 443 forwarded on my WAN router
if i opted for DNS challenge i get this error
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --email "[email protected]" --domains "example.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-3" --dns-cloudflare-propagation-seconds 240
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Encountered CloudFlareAPIError adding TXT record: 10000 Authentication error
Error communicating with the Cloudflare API: Authentication error
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
at ChildProcess.exithandler (node:child_process:397:12)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
although the API key is working fine
curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer xxxx" \
-H "Content-Type:application/json"
{"result":{"id":"96ec8dc212843213fb16d363732e6b34","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}
Nginx Proxy Manager Version v2.9.14 i tried the latest as well but i had the same issue and i saw a post here recommending downgrading helped but unfortunately it didn't help me ref. https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1862
To Reproduce Steps to reproduce the behavior:
- Go to the tab "SSL Certificates"
- Click on "Add SSL Certificate"
- Enter the domains "*.example.com, example.com"
- Select "Use DNS Challenge", Cloudflare, and set API Key
- Set Propagation Seconds (450 Seconds) (Optional)
Expected behavior wildcard SSL certificate to be created
Operating System ubuntu server 21.10
can you do *.example.com or just example.com?
Anyways i have same error with just example.com after clicking on test, but not when domain is unavailable, maybe this happens if domain points to different location. I'm using cloud flare dns without proxy do i need to use dns challenge?
With token I get
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.9.12)
(yes i'm sure, i'm used same one in traefik, but i wanted to switch to something with web ui management)
Without dns challenge i get
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
UPDATE: weirdly after 3 attempts (no change in token) it did succeeded even with wildcard, i dunno what it does say about trying same thing expecting different result
I am facing the same issue. Have enabled port forwarding for both 80 & 443. keep getting the same errors outlined in the original post
I'm seeing the same "Communication with the API failed, is NPM running correctly?" on NPM 2.9.19 on a Raspberry Pi using Docker. The error occurs when I test connectivity, but ultimately succeeded in requesting the certificate from Let's Encrypt.
I'm also getting Communication with the API failed, is NPM running correctly?" after pulling :latest this morning. I'm glad its not just me, hopefully we get this fixed. Thanks!!!
Well... u can request a certificate but only the check does currently not work. Requesting and renewing does work just fine ;)
Uncaught SyntaxError: Unexpected end of JSON input
FROM
./run: line 19: 1287 Trace/breakpoint trap (core dumped) node --abort_on_uncaught_exception --max_old_space_size=250 index.js
whenever you try to see if the server reachable, docker logs will display this error.
I've tried to pinpoint script that triggers but had no luck so far
npm | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method wil
l be removed in 3.0
npm | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` met
hod will be removed in 3.0
npm | QueryBuilder#omit is deprecated. This method will be removed in version 3.0
npm | Model#$omit is deprected and will be removed in 3.0.
Same problem in all my servers. Nothing changed, worked fine till it doesnt.
Same here. PM works fine on my Oracle Cloud hosts, but I'm facing this issue on my home server.
same. no joy. I'm new to all this and I've been beating my head thinking I messed up somewhere.
The only way I was able to get SSL is to Add host and request the SSL through the Host setup process.
The wall of "same here" messages doesn't speed up the process of resolving this issue and it creates an unnecessary spam for those who follow issues via email.
If you want to help, please provide additional information such as logs, your settings, info about your setup or anything else that you think might be helpful.
If you want to show that you also are interested in solving this issue, consider just up-voting initial issue message, so that the counter will go up.
But please, stop spamming "same here"
EDIT: Want to make it clear, that I do not think bad of people who posted "same here" and just wanted to point out that it is not the most helpful approach for participating in issues, with peace and love
@Sebekerga Agreed.
Here are most recent logs with Error/Failed tags. Happy to provide more if these are not helpful.
Failed to renew certificate npm-13 with error: Some challenges have failed.
Failed to renew certificate npm-14 with error: Some challenges have failed.
Failed to renew certificate npm-15 with error: Some challenges have failed.
Failed to renew certificate npm-17 with error: Some challenges have failed.
Failed to renew certificate npm-18 with error: Some challenges have failed.
Failed to renew certificate npm-20 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-13/fullchain.pem (failure)
/etc/letsencrypt/live/npm-14/fullchain.pem (failure)
/etc/letsencrypt/live/npm-15/fullchain.pem (failure)
/etc/letsencrypt/live/npm-17/fullchain.pem (failure)
/etc/letsencrypt/live/npm-18/fullchain.pem (failure)
/etc/letsencrypt/live/npm-20/fullchain.pem (failure)
6 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)