NginxProxyManager
Internal Error trying to renew cert
I was trying to renew my cert running version 2.2.1 and the following error popped up:
[5/4/2020] [10:01:54 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #1: mywebite.com,
[5/4/2020] [10:01:55 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
No certificate found with name npm-1 (expected /etc/letsencrypt/renewal/npm-1.conf).
I tried restarting the container to renew again and the log shows:
),
[5/4/2020] [10:00:15 PM] [SSL ] › ✖ error Certificate is not valid (Command failed: openssl x509 -in /etc/letsencrypt/live/npm-1/fullchain.pem -subject -noout,
140647724621128:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:,
unable to load certificate,
140647724621128:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/letsencrypt/live/npm-1/fullchain.pem','r'),
Can't open /etc/letsencrypt/live/npm-1/fullchain.pem for reading, No such file or directory,
[5/4/2020] [10:00:15 PM] [SSL ] › ℹ info Renew Complete,
[5/4/2020] [10:00:14 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized,
[5/4/2020] [10:00:14 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized,
[5/4/2020] [10:00:15 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/4/2020] [10:00:14 PM] [Global ] › ℹ info Backend PID 201 listening on port 3000 ...,
[5/4/2020] [10:00:14 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[5/4/2020] [10:00:14 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6,
[5/4/2020] [10:00:13 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json,
[5/4/2020] [10:00:14 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4,
[5/4/2020] [10:00:13 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...,
[5/4/2020] [10:00:12 PM] [Migrate ] › ℹ info Current database version: 20200410143839,
❯ Enabling IPV6 in hosts: /data/nginx,
❯ /etc/nginx/conf.d/production.conf,
❯ /etc/nginx/conf.d/default.conf,
❯ /etc/nginx/conf.d/include/resolvers.conf,
❯ /etc/nginx/conf.d/include/ip_ranges.conf,
❯ /etc/nginx/conf.d/include/proxy.conf,
❯ /etc/nginx/conf.d/include/block-exploits.conf,
❯ /etc/nginx/conf.d/include/assets.conf,
❯ /etc/nginx/conf.d/include/force-ssl.conf,
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf,
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf,
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d,
[services.d] done.,
[services.d] starting services,
[cont-init.d] done.,
[cont-init.d] executing container initialization scripts...,
[fix-attrs.d] done.,
[fix-attrs.d] applying ownership & permissions fixes...,
[s6-init] ensuring user provided files have correct perms...exited 0.,[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
I decided to update to latest and the problem persists, so I completely deleted my npm container and it's data and start a whole new instance. However, I still cannot renew and now my SSL cert expired the moment I tried registering. This is not my only webserver trying to renew SSL and its happening to my other ones as well. I've tried creating with sub.subdomain.duckdns.org and it registered fine. Here is my log after starting everything fresh:
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
Generating dummy SSL certificate...,
Generating a RSA private key,
...............................+++++,
............+++++,
writing new private key to '/data/nginx/dummykey.pem',
-----,
Complete,
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d,
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf,
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf,
❯ /etc/nginx/conf.d/include/force-ssl.conf,
❯ /etc/nginx/conf.d/include/assets.conf,
❯ /etc/nginx/conf.d/include/block-exploits.conf,
❯ /etc/nginx/conf.d/include/proxy.conf,
❯ /etc/nginx/conf.d/include/ip_ranges.conf,
❯ /etc/nginx/conf.d/include/resolvers.conf,
❯ /etc/nginx/conf.d/default.conf,
❯ /etc/nginx/conf.d/production.conf,
❯ Enabling IPV6 in hosts: /data/nginx,
[5/4/2020] [9:50:10 PM] [Global ] › ✖ error connect ECONNREFUSED xxx.xxx.xx.x3306,
[5/4/2020] [9:50:11 PM] [Global ] › ✖ error connect ECONNREFUSED xxx.xxx.xx.x3306,
[5/4/2020] [9:50:12 PM] [Global ] › ✖ error connect ECONNREFUSED xxx.xxx.xx.x3306,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info Current database version: none,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] auth Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] user Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] user_permission Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] proxy_host Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] redirection_host Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] dead_host Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] stream Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] access_list Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] certificate Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] access_list_auth Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [initial-schema] audit_log Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [websockets] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [websockets] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [forward_host] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [forward_host] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [http2_support] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [http2_support] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [http2_support] redirection_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [http2_support] dead_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [forward_scheme] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [forward_scheme] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [disabled] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [disabled] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [disabled] redirection_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [disabled] dead_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [disabled] stream Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [custom_locations] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [custom_locations] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [hsts] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [hsts] proxy_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [hsts] redirection_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [hsts] dead_host Table altered,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [settings] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [settings] setting Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [settings] Default settings added,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [access_list_client] Migrating Up...,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [access_list_client] access_list_client Table created,
[5/4/2020] [9:50:13 PM] [Migrate ] › ℹ info [access_list_client] access_list Table altered,
[5/4/2020] [9:50:13 PM] [Setup ] › ℹ info Creating a new JWT key pair...,
[5/4/2020] [9:50:22 PM] [Setup ] › ℹ info Wrote JWT key pair to config file: /app/config/production.json,
[5/4/2020] [9:50:22 PM] [Setup ] › ⚠ warning Restarting interface to apply new configuration,
[5/4/2020] [9:50:24 PM] [Migrate ] › ℹ info Current database version: 20200410143839,
[5/4/2020] [9:50:24 PM] [Setup ] › ℹ info Creating a new user: [email protected] with password: changeme,
[5/4/2020] [9:50:26 PM] [Setup ] › ℹ info Initial setup completed,
[5/4/2020] [9:50:26 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...,
[5/4/2020] [9:50:26 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json,
[5/4/2020] [9:50:26 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4,
[5/4/2020] [9:50:26 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6,
[5/4/2020] [9:50:26 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized,
[5/4/2020] [9:50:26 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[5/4/2020] [9:50:26 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized,
[5/4/2020] [9:50:26 PM] [Global ] › ℹ info Backend PID 269 listening on port 3000 ...,
[5/4/2020] [9:50:27 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/4/2020] [9:50:27 PM] [SSL ] › ℹ info Renew Complete,
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0,
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0,
QueryBuilder#omit is deprecated. This method will be removed in version 3.0,
[5/4/2020] [9:51:42 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/4/2020] [9:51:42 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #1: mywebite.com,
[5/4/2020] [9:51:46 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/4/2020] [9:51:46 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "email.com" --preferred-challenges "dns,http" --webroot --domains "mywebite.com" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Plugins selected: Authenticator webroot, Installer None,
Obtaining a new certificate,
Performing the following challenges:,
http-01 challenge for mywebite.com,
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.,
Waiting for verification...,
Challenge failed for domain mywebite.com,
http-01 challenge for mywebite.com,
Cleaning up challenges,
Some challenges have failed.,
,
Could this be possible bug in the latest update? Could it be my domain has already been registered with let's encrypted before, I cannot re-register a new one when I start a new container?
I had a similar issue and fixed it by deleting the certificate that was having issues in "SSL Certificates" tab and requested the certificate again. Before you try this you might want to backup the database and configuration files just in case.
I'm having this issue as well, tried restarting the container and clearing out the certificates that keep failing ( I only set this up for the 1st time yesterday). I can't get it to work
When I request I get an error
Then I see the errors in the log like @AnonJervis
If I navigate to SSL Certificates page, I can see an entry still but it wont work
I'm having the same issue as well. Renewing manually times out and deleting then re-adding the cert gives "internal error".
@kizza42 and @CorySanin I believe the "internal error" notifications may be fixed in PR #407
switched my existing Docker container over to jc21/nginx-proxy-manager:github-pr-407 and I'm still getting "internal error" when manually renewing or adding a new certificate.
Actually, a couple of them were able to renew. But most don't. But the ones that renewed probably would have worked before switching to the tag for the pr.
Are the ones that are failing linked to hosts that have an applied access list? If so does removing the access list allow it to succeed? Lastly, can you post the log from the npm container?
I have some with and without access lists, and the ones without are also failing. But looking at the logs I see Another instance of Certbot is already running. I think what I'm experiencing is certbot hangs on one of the certs and then everything else fails. Which doesn't seem like the original issue, I don't think. So if I continue to see this I might open up a new issue.
My log after I restart the container:
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
❯ /etc/nginx/conf.d/default.conf
❯ /etc/nginx/conf.d/production.conf
❯ /etc/nginx/conf.d/include/proxy.conf
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
❯ /etc/nginx/conf.d/include/block-exploits.conf
❯ /etc/nginx/conf.d/include/force-ssl.conf
❯ /etc/nginx/conf.d/include/ip_ranges.conf
❯ /etc/nginx/conf.d/include/assets.conf
❯ /etc/nginx/conf.d/include/resolvers.conf
❯ Enabling IPV6 in hosts: /data/nginx
❯ /data/nginx/default_host/site.conf
❯ /data/nginx/proxy_host/2.conf
❯ /data/nginx/proxy_host/3.conf
❯ /data/nginx/proxy_host/4.conf
❯ /data/nginx/proxy_host/5.conf
❯ /data/nginx/proxy_host/6.conf
❯ /data/nginx/proxy_host/7.conf
[5/11/2020] [11:34:52 PM] [Migrate ] › ℹ info Current database version: 20200410143839
[5/11/2020] [11:34:52 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[5/11/2020] [11:34:52 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/11/2020] [11:34:52 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[5/11/2020] [11:34:52 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[5/11/2020] [11:34:52 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[5/11/2020] [11:34:52 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[5/11/2020] [11:34:52 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[5/11/2020] [11:34:52 PM] [Global ] › ℹ info Backend PID 204 listening on port 3000 ...
[5/11/2020] [11:34:53 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 444, in __init__
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/npm-1.conf is broken. Skipping.
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 444, in __init__
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/npm-2.conf is broken. Skipping.
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 444, in __init__
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf is broken. Skipping.
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 444, in __init__
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf is broken. Skipping.
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 64, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 444, in __init__
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/npm-5.conf is broken. Skipping.
0 renew failure(s), 5 parse failure(s)
at ChildProcess.exithandler (child_process.js:295:12)
at ChildProcess.emit (events.js:210:5)
at maybeClose (internal/child_process.js:1028:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Those broken files: /etc/letsencrypt/renewal/npm-3.conf are just empty
So I removed them all and restarted container and tried to create a cert only:
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d,
❯ /etc/nginx/conf.d/default.conf,
❯ /etc/nginx/conf.d/production.conf,
❯ /etc/nginx/conf.d/include/proxy.conf,
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf,
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf,
❯ /etc/nginx/conf.d/include/block-exploits.conf,
❯ /etc/nginx/conf.d/include/force-ssl.conf,
❯ /etc/nginx/conf.d/include/ip_ranges.conf,
❯ /etc/nginx/conf.d/include/assets.conf,
❯ /etc/nginx/conf.d/include/resolvers.conf,
❯ Enabling IPV6 in hosts: /data/nginx,
❯ /data/nginx/default_host/site.conf,
❯ /data/nginx/proxy_host/2.conf,
❯ /data/nginx/proxy_host/3.conf,
❯ /data/nginx/proxy_host/4.conf,
❯ /data/nginx/proxy_host/5.conf,
❯ /data/nginx/proxy_host/6.conf,
❯ /data/nginx/proxy_host/7.conf,
[5/11/2020] [11:49:41 PM] [Migrate ] › ℹ info Current database version: 20200410143839,
[5/11/2020] [11:49:41 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...,
[5/11/2020] [11:49:41 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json,
[5/11/2020] [11:49:41 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4,
[5/11/2020] [11:49:41 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6,
[5/11/2020] [11:49:41 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized,
[5/11/2020] [11:49:41 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[5/11/2020] [11:49:41 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized,
[5/11/2020] [11:49:41 PM] [Global ] › ℹ info Backend PID 212 listening on port 3000 ...,
[5/11/2020] [11:49:42 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/11/2020] [11:49:42 PM] [SSL ] › ℹ info Renew Complete,
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening,
finish: applet not found,
[cont-finish.d] executing container finish scripts...,
[cont-finish.d] done.,
[s6-finish] waiting for services.,
[s6-finish] sending all processes the TERM signal.,
[s6-finish] sending all processes the KILL signal and exiting.,
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d,
❯ /etc/nginx/conf.d/default.conf,
❯ /etc/nginx/conf.d/production.conf,
❯ /etc/nginx/conf.d/include/proxy.conf,
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf,
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf,
❯ /etc/nginx/conf.d/include/block-exploits.conf,
❯ /etc/nginx/conf.d/include/force-ssl.conf,
❯ /etc/nginx/conf.d/include/ip_ranges.conf,
❯ /etc/nginx/conf.d/include/assets.conf,
❯ /etc/nginx/conf.d/include/resolvers.conf,
❯ Enabling IPV6 in hosts: /data/nginx,
❯ /data/nginx/default_host/site.conf,
❯ /data/nginx/proxy_host/2.conf,
❯ /data/nginx/proxy_host/3.conf,
❯ /data/nginx/proxy_host/4.conf,
❯ /data/nginx/proxy_host/5.conf,
❯ /data/nginx/proxy_host/6.conf,
❯ /data/nginx/proxy_host/7.conf,
[5/11/2020] [11:50:30 PM] [Migrate ] › ℹ info Current database version: 20200410143839,
[5/11/2020] [11:50:30 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...,
[5/11/2020] [11:50:30 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json,
[5/11/2020] [11:50:30 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4,
[5/11/2020] [11:50:30 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6,
[5/11/2020] [11:50:30 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized,
[5/11/2020] [11:50:30 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[5/11/2020] [11:50:30 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized,
[5/11/2020] [11:50:30 PM] [Global ] › ℹ info Backend PID 202 listening on port 3000 ...,
[5/11/2020] [11:50:31 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/11/2020] [11:50:31 PM] [SSL ] › ℹ info Renew Complete,
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0,
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0,
QueryBuilder#omit is deprecated. This method will be removed in version 3.0,
[5/11/2020] [11:51:10 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/11/2020] [11:51:10 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #6: test.kizza42.com,
[5/11/2020] [11:51:20 PM] [Nginx ] › ℹ info Reloading Nginx,
[5/11/2020] [11:51:20 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --webroot --domains "test.kizza42.com" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Plugins selected: Authenticator webroot, Installer None,
Obtaining a new certificate,
Performing the following challenges:,
http-01 challenge for test.kizza42.com,
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.,
Waiting for verification...,
Cleaning up challenges,
An unexpected error occurred:,
OSError: [Errno 95] Not supported: '../../archive/npm-6/cert1.pem' -> '/etc/letsencrypt/live/npm-6/cert.pem',
Please see the logfiles in /var/log/letsencrypt for more details.,,
And /var/log/letsencrypt/letsencrypt.log
[root@docker-226431607f00:/var/log/letsencrypt]# tail letsencrypt.log
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 430, in obtain_and_enroll_certificate
return storage.RenewableCert.new_lineage(
File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 1022, in new_lineage
os.symlink(_relpath_from_file(archive_target[kind], target[kind]), target[kind])
OSError: [Errno 95] Not supported: '../../archive/npm-6/cert1.pem' -> '/etc/letsencrypt/live/npm-6/cert.pem'
2020-05-11 23:51:20,159:ERROR:certbot._internal.log:An unexpected error occurred:
Firstly, the error in the issue at the top says that the challenge has failed. This would be due to you asking for a cert for mywebsite.com that doesn't have dns pointing to your setup.
I doubt any of this has anything to do with access lists.
The missing files make me think that maybe the data and/or letsencrypt folders aren't mounted properly. Please paste your docker-compose.yml to be sure.
Thankyou for the help @jc21 Here is my compose file:
version: "2"
services:
nGinx:
image: jc21/nginx-proxy-manager:2
restart: always
networks:
dockerlan:
ipv4_address: 192.168.0.193
dns:
- 192.168.0.1
volumes:
- /media/k2nas/SSD/Docker/data/Nginx/app/config:/app/config
- /media/k2nas/SSD/Docker/data/Nginx/data:/data
- /media/k2nas/SSD/Docker/data/Nginx/letsencrypt:/etc/letsencrypt
mariadb:
# Pinned at this version for Innodb Error
image: jc21/mariadb-aria:10.4.12
restart: always
networks:
dockerlan:
ipv4_address: 192.168.0.194
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- /media/k2nas/SSD/Docker/data/Nginx/mysql:/var/lib/mysql
networks:
dockerlan:
external: true
Also experiencing this issue. From the logs:
[5/25/2020] [6:42:02 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "[EMAIL ADDRESS]" --preferred-challenges "dns,http" --webroot --domains "[DOMAIN]" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for [DOMAIN] Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain [DOMAIN] http-01 challenge for [DOMAIN] Cleaning up challenges Some challenges have failed.
At first thought this was due to a bad install or something, so have a complete clean install and experiencing this. Checked DNS settings, all records are pointing to the correct IP and also checked firewall rules (not that any of these have changed recently).
Interestingly this worked fine a week ago.
Also experiencing an Internal Error when I attempt to perform a certificate renewal, or when the certbot attempts for me. letsencrypt.log:
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f73f85f5df0>
Prep: True
2020-05-27 07:03:04,824:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f73f85f5df0> and installer None
2020-05-27 07:03:04,824:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-05-27 07:03:04,837:WARNING:certbot._internal.renewal:Attempting to renew cert (npm-7) from /etc/letsencrypt/renewal/npm-7.conf produced an unexpected error: [Errno 1] Operation not permitted: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/2f1011068b45be8e10e11180c968b254/private_key.json'. Skipping.
2020-05-27 07:03:04,837:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/account.py", line 227, in _load_for_server_path
with open(self._key_path(account_dir_path)) as key_file:
PermissionError: [Errno 1] Operation not permitted: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/2f1011068b45be8e10e11180c968b254/private_key.json'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 449, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1178, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 607, in _init_le_client
acc, acme = _determine_account(config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 511, in _determine_account
acc = account_storage.load(config.account)
File "/usr/lib/python3.8/site-packages/certbot/_internal/account.py", line 237, in load
return self._load_for_server_path(account_id, self.config.server_path)
File "/usr/lib/python3.8/site-packages/certbot/_internal/account.py", line 232, in _load_for_server_path
raise errors.AccountStorageError(error)
certbot.errors.AccountStorageError: [Errno 1] Operation not permitted: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/2f1011068b45be8e10e11180c968b254/private_key.json'
My docker-compose.yml
version: "3"
services:
app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- 80:80
- 81:81
- 443:443
volumes:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
environment:
# if you want pretty colors in your docker logs:
- FORCE_COLOR=1
db:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: "npm"
MYSQL_DATABASE: "npm"
MYSQL_USER: "npm"
MYSQL_PASSWORD: "npm"
volumes:
- ./data/mysql:/var/lib/mysql
The volumes exist, I have files in the folder '2f1011068b45be8e10e11180c968b254' it describes as a permission issue. Latest v2.2.4.
Any help is appreciated.
Pretty bummed there's no direction on how to resolve this. Anyone thinking about going the manual certificate renewal route? Sounds like a pain, but this is debilitating for my network communication :(
My certificates are coming up for renewal and it's failing as well. 20 days before they start expiring. Any guidance on how to resolve?
Time-consuming workaround for me is:
docker exec -it docker-nginx-proxy_app_1 /bin/bash
certbot certonly --manual --preferred-challenges=dns -m [email protected] --agree-tos -d YOUR_DOMAIN.TLD
Please deploy a DNS TXT record under the name _acme-challenge.DOMAIN.TLD with the following value:
AbCdEfGhIjK12345RandomCode
Before continuing, verify the record is deployed.
Press Enter to Continue
Go to your DNS-settings of your Domain and add the following record: name: __acme-challenge type: TXT ttl: 1hr data: The code generated by certbot
wait 5 minutes and press enter in your CLI to verify your domain
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/DOMAIN.TLD-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/DOMAIN.TLD-0001/privkey.pem
Your cert will expire on 2020-10-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Exit the container and go to ./letsencrypt/ and retrieve the cert and cert key.
Go to the Manager and http://192.168.1.100:81/nginx/certificates and add a custom certificate by uploading those files.
Would love an update on this very crippling bug, or be pointed in the direction of the last Docker tag that didn't have this.
I don't know if it will help, but I ended up giving up. And going to another docker solution that supports dns challenges. Once you configure it is 100% automatic (and also doesn't need you to have your http port open).
Perhaps this could be something to explore for the future of NPM.
I also gave up and moved completely away from Nginx Proxy Manager. Had great success for a year or so, but this SSL issue is crippling. It took me 1hr to install Caddy2 and replicate everything I had.
which solution did you go for in the end @Xinil and @Tsunami2056 ?
I ended up setting up linuxserver's letsencrypt docker, a little more manual, but supports dns challenges with API plugins for alot of providers. And all is also automated.
If ever at one point there's dns challenging that's automated in npm, I would probably switch back though, it's still alot easier.
Funnily enough, the non-official docker image of NPM works totally fine - so I just started using that.
It looks like there was a change in the way the certs were written. New certs are written as root vs the uid specified in the docker setup, also the keys that are located in the live directory are now symlinks. I think these issues are the main cause of the errors
My fix was to edit each domain, go into the ssl tab and request a new cert. After that I deleted the old certs in the ssl certificates tab. This didn't get rid of the old conf files, so I opened a shell (I'm using portainer) then ran 'certbot renew' this will give you a list of bad conf files. Then I went to '/etc/letsencrypt/renewal' and deleted the conf files that were giving me errors. To see if it worked I reran 'certbot renew'. The messages came back as skipped which is what I should see.
Does anybody know what is the latest image that does not have this issue? All my certs are already expired and none of the workarounds worked for me (or I didn't understand them). The non-official package does not work on ARM, so no RPi support.
Two things:
I'm using v2.5.0 and I might have a workaround:
-
cleared all entries in the MariaDB-database/npm/certificate
-
delete all certificates in /etc/letsencrypt/
-
check firewall to have an open port 80 and port-foward to this docker container. Make sure no other ports are using these.
- @jc21 , why is npm-1.conf generated and not domain.tld.conf which I see in the folder /etc/letsencrypt/renewal?
Installed NPM through docker compose a few days ago and have been able to setup the proxy & to get a LetsEncrypt certificate.
Now, a few days later I cannot get any more certificates and I can see exceptions in the logs. When I try to renew a cert I get an internal error.
Removed the whole container and the db, reinstalled with new folders for letsencrypt and config, tried with a new subdomain and still the same issue. Port 80 and 443 are forwarded to the docker host and access to a jellyfin server (also a container) through HTTP works. I can also ping acme-v02.api.letsencrypt.org from the host and get an IpV6 reply. Exposing the host to the internet without a firewall in between also didn't help.
What I understand from the log is, that there seem to be connection errors. However, the host can access
@jc21 can you help narrowing this down?
Below the logs from within portainer after I reinstalled the container.
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [http2_support] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [http2_support] proxy_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [http2_support] redirection_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [http2_support] dead_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [forward_scheme] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [forward_scheme] proxy_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [disabled] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [disabled] proxy_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [disabled] redirection_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [disabled] dead_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [disabled] stream Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [custom_locations] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [custom_locations] proxy_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [hsts] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [hsts] proxy_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [hsts] redirection_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [hsts] dead_host Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [settings] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [settings] setting Table created,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [access_list_client] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [access_list_client] access_list_client Table created,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [access_list_client] access_list Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [access_list_client_fix] Migrating Up...,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [access_list_client_fix] access_list Table altered,
[10/29/2020] [9:29:34 PM] [Migrate ] › ℹ info [pass_auth] Migrating Up...,
[10/29/2020] [9:29:35 PM] [Migrate ] › ℹ info [pass_auth] access_list Table altered,
[10/29/2020] [9:29:35 PM] [Setup ] › ℹ info Creating a new user: [email protected] with password: changeme,
[10/29/2020] [9:29:36 PM] [Setup ] › ℹ info Initial admin setup completed,
[10/29/2020] [9:29:36 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...,
[10/29/2020] [9:29:36 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json,
[10/29/2020] [9:29:36 PM] [Setup ] › ℹ info Default settings added,
[10/29/2020] [9:29:41 PM] [IP Ranges] › ✖ error getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com,
[10/29/2020] [9:29:41 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized,
[10/29/2020] [9:29:41 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[10/29/2020] [9:29:41 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized,
[10/29/2020] [9:29:41 PM] [Global ] › ℹ info Backend PID 209 listening on port 3000 ...,
[10/29/2020] [9:29:45 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [9:29:46 PM] [SSL ] › ℹ info Renew Complete,
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0,
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0,
QueryBuilder#omit is deprecated. This method will be removed in version 3.0,
Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0,
[10/29/2020] [9:35:21 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [9:36:04 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [9:36:04 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #1: music.removed.de,
[10/29/2020] [9:36:14 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [9:36:14 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "music.removed.de" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Plugins selected: Authenticator webroot, Installer None,
An unexpected error occurred:,
Traceback (most recent call last):,
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn,
conn = connection.create_connection(,
File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection,
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):,
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo,
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):,
socket.gaierror: [Errno -3] Try again,
,
During handling of the above exception, another exception occurred:,
,
Traceback (most recent call last):,
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen,
httplib_response = self._make_request(,
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request,
self._validate_conn(conn),
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn,
conn.connect(),
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect,
conn = self._new_conn(),
File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn,
raise NewConnectionError(,
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0xffff9c5c3370>: Failed to establish a new connection: [Errno -3] Try again,
,
During handling of the above exception, another exception occurred:,
,
Traceback (most recent call last):,
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send,
resp = conn.urlopen(,
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen,
retries = retries.increment(,
File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment,
raise MaxRetryError(_pool, url, error or ResponseError(cause)),
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xffff9c5c3370>: Failed to establish a new connection: [Errno -3] Try again')),
,
During handling of the above exception, another exception occurred:,
,
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xffff9c5c3370>: Failed to establish a new connection: [Errno -3] Try again')),
Please see the logfiles in /var/log/letsencrypt for more details.,
,
[10/29/2020] [10:12:13 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [10:29:41 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...,
[10/29/2020] [10:29:45 PM] [Nginx ] › ℹ info Reloading Nginx,
[10/29/2020] [10:29:45 PM] [SSL ] › ℹ info Renew Complete,
[10/29/2020] [10:29:45 PM] [SSL ] › ✖ error Certificate is not valid (Command failed: openssl x509 -in /etc/letsencrypt/live/npm-1/fullchain.pem -subject -noout,
Can't open /etc/letsencrypt/live/npm-1/fullchain.pem for reading, No such file or directory,
281472828726840:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/letsencrypt/live/npm-1/fullchain.pem','r'),
281472828726840:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:,
unable to load certificate,
),
my docker-compose:
GNU nano 3.2 docker-compose.yaml
version: "3"
services:
app:
image: jc21/nginx-proxy-manager:2
restart: always
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port:
- '81:81'
environment:
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
volumes:
# Make sure this config.json file exists as per instructions above:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
db:
image: webhippie/mariadb:latest
restart: always
environment:
MARIADB_ROOT_PASSWORD: 'npm'
MARIADB_DATABASE: 'npm'
MARIADB_USERNAME: 'npm'
MARIADB_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
I have this exact same problem. I keep getting an error. I have two instances: one local and one on a vps. vps has no problems. Which logs should i add for info?
Please put them in the same docker network (or expose the port of db )
networks:
net:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.128.8/29 #192.168.128.9 - 192.168.128.14 bc:8.15
driver_opts:
com.docker.network.bridge.name: nginx_proxy_net
services:
app:
hostname: nginx-proxy
container_name: nginx-proxy
image: 'jc21/nginx-proxy-manager:latest'
environment:
- TZ=Europe/Amsterdam
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
- net
restart: always
db:
container_name: nginx-proxy_db
image: 'yobasystems/alpine-mariadb:latest'
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
networks:
- net
restart: always
Please put them in the same docker network (or expose the port of db )
Shouldnt docker-compose do that automatically (putting them in the same network)?
Has anyone found a solution for this? I have letsencrypt running through NGINX PROXY MANAGER and I'm seeing the same issues in my logs. It just wont give me certs.
Has anyone found a solution for this? I have letsencrypt running through NGINX PROXY MANAGER and I'm seeing the same issues in my logs. It just wont give me certs.
Same issue here. It was working before, now it's not. No change in configuration.
