[URGENT] Can't add cert to nginx

[engenharia-imediadata]

From reddit: https://www.reddit.com/submit?source_id=t3_yqi9f4

I get an error when I try to add a cert to nginx. When I test server reachability, I always get this error immidately: Communication with the API failed, is NPM running correctly?

I installed nginx with this docker-compose

version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' container_name: 'nginx-proxy-manager' restart: unless-stopped network_mode: bridge ports: - '8880:80' - '8881:81' - '4443:443' environment: DISABLE_IPV6: "true" volumes: - /volume1/docker/nginx-proxy/data:/data - /volume1/docker/nginx-proxy/letsencrypt:/etc/letsencrypt

There are no errors in the log when I start it up. I even rebuilt the container, same thing happens. When I do the test, the following lines are in the log:

[11/9/2022] [12:47:29 PM] [SSL ] › ℹ info Testing http challenge for https://mydomain.xyz Uncaught SyntaxError: Unexpected token < in JSON at position 5 FROM ./run: line 19: 406 Trace/breakpoint trap (core dumped) node --abort_on_uncaught_exception --max_old_space_size=250 index.js [11/9/2022] [12:47:31 PM] [Global ] › ℹ info No valid environment variables for database provided, using default SQLite file '/data/database.sqlite' [11/9/2022] [12:47:32 PM] [Migrate ] › ℹ info Current database version: none [11/9/2022] [12:47:33 PM] [Setup ] › ℹ info Logrotate Timer initialized [11/9/2022] [12:47:33 PM] [Setup ] › ℹ info Logrotate completed. [11/9/2022] [12:47:33 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [11/9/2022] [12:47:33 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [11/9/2022] [12:47:33 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 [11/9/2022] [12:47:34 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 [11/9/2022] [12:47:34 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [11/9/2022] [12:47:34 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [11/9/2022] [12:47:34 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [11/9/2022] [12:47:34 PM] [Global ] › ℹ info Backend PID 434 listening on port 3000 ... [11/9/2022] [12:47:35 PM] [Nginx ] › ℹ info Reloading Nginx [11/9/2022] [12:47:35 PM] [SSL ] › ℹ info Renew Complete QueryBuilder#allowEager method is deprecated. You should use allowGraph instead. allowEager method will be removed in 3.0 QueryBuilder#eager method is deprecated. You should use the withGraphFetched method instead. eager method will be removed in 3.0 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 Model#$omit is deprected and will be removed in 3.0.

But when I go to site24x7.com, and check my domain, it works fine. It shows the correct IP addresses from all countries. Using Cloudfare, un-proxied DNS. One "A" record that points to my IP address.

Finally, I have questions about what ports I should forward on my router. As I type this post, my current settings are forwarding both 80 and 443 to my NAS (192.168.0.2) on the same ports, 80 & 443. But to access my nginx admin panel, I go to 192.168.0.2:8881. I have tried forwarding incoming traffic on ports 80 and 443 to 8880, 8881, and 4443 (from the docker-compose), but I still get that same API failed error.

Could anyone help?

[tayfunyasar]

I'm having same error.

[hicbka]

same

[RadioactiveTapir]

same here, getting:

Uncaught SyntaxError: Unexpected end of JSON input FROM ./run: line 19: 746 Trace/breakpoint trap (core dumped) node --abort_on_uncaught_exception --max_old_space_size=250 index.js

and

QueryBuilder#allowEagermethod is deprecated. You should useallowGraphinstead.allowEagermethod will be removed in 3.0QueryBuilder#eagermethod is deprecated. You should use thewithGraphFetchedmethod instead.eager method will be removed in 3.0 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 Model#$omit is deprected and will be removed in 3.0.

in the frontend, when i test the server reachability i get:

Communication with the API failed, is NPM running correctly?

[JNR8]

exactly the problem I have. I've got 14 days until a cert expires for one of my hosts, and I can't renew it. This error also has the added benefit of causing NPM to crash, needing a restart to get it back up and running.

[Luizzz4727]

Same problem here

[Flawioo]

+1 Same problem, it is something truly important.

[Repullsor]

Here is also the same.

[oleggtro]

Hate to be the one, but +1.

This seems to be a duplicate of #2439 and #2011 tho

[jaredatron]

+1 :(

[andrewixl]

Same here, all my certs are expired... whoops... hopefully this gets fixed asap

[woj-tek]

@andrewixl weird, while I can't test server reachability and there is an error shown while adding the certificate it's added and generated correctly. What's more, certificated are renewed correctly.

[andrewixl]

@woj-tek Sadly, mind does not reach the point of creating the certificate as it crashes immediately after testing the connection.

[jaredatron]

Can anyone recommend an older version that still works?

[andrewixl]

Okay so I got it to work after some testing. As an FYI I use portainer to run the npm container. I followed these steps:

1. Ensure npm is port forwarded to port 80 and 443.
2. Delete all certs in the SSL Cert page.
3. Go into the console and delete the /etc/letsencrypt folder and recreate the folder.
4. Now here is where it might not be a fix for everyone, I went into portainer and had it pull the latest image and recreate the container.
5. Then I logged back in attempted to create a certificate and it worked fine.

I did get an error on one subdomain mainly because that subdomain reached the limit for the day while troubleshooting. Hope this helps.

[hereisderek]

the line that seems to be causing the problem is site24x7

and it was due to the site that was used for testing https://www.site24x7.com/tools/restapi-tester is having issue

update: I might be wrong afterall, the aforementioned api does seem to be working

curl --location --request POST 'https://www.site24x7.com/tools/restapi-tester' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: 70fdde380e=5d08cdd28ddbeee5f6b75e45e848a857; _zcsr_tmp=e2340209-680e-46b3-9d85-0aa7ead254de; s247cname=e2340209-680e-46b3-9d85-0aa7ead254de' \
--data-urlencode 'method=G' \
--data-urlencode 'url=http%3A%2F%2Fmedia02.derek-dev.top%2F.well-known%2Facme-challenge%2Ftest-challenge' \
--data-urlencode 'bodytype=T' \
--data-urlencode 'requestbody=' \
--data-urlencode 'headername=User-Agent' \
--data-urlencode 'headervalue=None' \
--data-urlencode 'locationid=1' \
--data-urlencode 'ch=false' \
--data-urlencode 'cc=false'

[timnolte]

I too am having many of these same problems. I am able to request a new certificate but I can't successfully renew a certificate, additionally the testing of the server reachability is also broken.

[gehrtd]

Okay so I got it to work after some testing. As an FYI I use portainer to run the npm container. I followed these steps:

1. Ensure npm is port forwarded to port 80 and 443.

How can i do this? Npm is running as a docker container. NPM ist reachable as proxy host with Port 80 mapped to Port 81. So if i browse to npm..com the proxy host redirects it to npm-app:81, where npm-app is the name of the docker container. So this way it is impossible to make Port 80 and Port 443 from the docker container public available. Right?

[JNR8]

Opening ports 80 and 443 are the standard configuration for any NGINX server. This does not fix the issue at hand though. It still continues breaks in the same manor as I reported previously resulting

[tiagovaz]

Same here, any news/fix? Thanks.

[rodgers-95]

Hello,

Same problem here.

Does anyone have any information?

Thank you

Damien

[Reaster0]

+1 i do have the same problem, impossible to generate nor renew ssl certificates using the webui

[Zetto12]

I have the same issue. I was running Nginx as a Home Assistant Add-on and am now getting errors when I add or renew SSL certificates. I just setup an Nginx Proxmox LCX container which has exactly the same issue. Forwarded 80 and 443 to both IP's (the HA instance and the Nginx container) but always get an error. Is there anyone with a solution or an idea what might be causing this?

[Dvalin21]

I have the same issue. I was running Nginx as a Home Assistant Add-on and am now getting errors when I add or renew SSL certificates. I just setup an Nginx Proxmox LCX container which has exactly the same issue. Forwarded 80 and 443 to both IP's (the HA instance and the Nginx container) but always get an error. Is there anyone with a solution or an idea what might be causing this?

I get the same thing, proxmox, lxc. Made sure to forward 80 and 443.

[broomwalker]

Same issue - haven't been able to resolve this!

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1:

[woj-tek]

@andrewixl weird, while I can't test server reachability and there is an error shown while adding the certificate it's added and generated correctly. What's more, certificated are renewed correctly.

@woj-tek Sadly, mind does not reach the point of creating the certificate as it crashes immediately after testing the connection.

So I got notification about this issue... Even though renewal worked I switched a while back to Caddy as adding new entry for other docker services is just soooo simple and ItJustWorks