Unable to create a SSL Certificate

[LeducH]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

I am unable to create a ssl certificate

Nginx Proxy Manager Version

v2.9.3

To Reproduce Steps to reproduce the behavior: Run nginx proxy manager with the following compose

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    restart: unless-stopped
  db:
    image: 'jc21/mariadb-aria:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
    restart: always

go to ssl certificate. create a certificate for a new domain example.com

Expected behavior

I am able to create the ssl certificate for my domain example.com

Screenshots

Error message

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "huy.theduke@gmail.com" --preferred-challenges "dns,http" --domains "example.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for example.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain example.com
http-01 challenge for example.com
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Operating System

arch for raspberryPi

Additional context

[yieldhog]

Also getting this error, specifically with Cloudflare when adding a new domain, had been working perfectly.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "xxxxxx@gmail.com" --domains "my.domain.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-34"
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-cloudflare-credentials /etc/letsencrypt/credentials/credentials-34

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Socket. (node:internal/child_process:453:11)
    at Socket.emit (node:events:369:20)
    at Pipe. (node:net:666:12)

[chaptergy]

@LeducH Is your pi (port 80 / 443) exposed to the internet and does the domain example.com you are trying to verify have a record containg the public IP of your pi? See Hosting your home network.

@yieldhog Your problem is totally different than what this issue is about. The issue you have seems to be identical to this one: https://github.com/jc21/nginx-proxy-manager/issues/1109

[LeducH]

@chaptergy Yes the ports are open.

[chaptergy]

Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network?

[StarkITA]

I do have the same problem. Since a few days my nginxproxymanager seems completely broken.

[Knocks83]

Are you using the DNS challenge?

[joaomarioss]

I'm also having a problem. the certificates have expired. Now there is an error generating a new certificate.

[LeducH]

Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network?

Jo I am able to access it with my public ip since other services work

[Knocks83]

what does docker logs say?

[chaptergy]

Also have a look at the files inside the container in folder /var/log/letsencrypt/, if they contain any useful information to help pinpoint this issue

[joaomarioss]

My error, the dns ip was wrong. its work. thanks for help.

[Hakker]

Getting the same behaviour although for me it's a subdomain.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "someone@example.com" --preferred-challenges "dns,http" --domains "wikijs.example.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for wikijs.example.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain wikijs.example.com
http-01 challenge for wikijs.example.com
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

[Knocks83]

Are you sure the subdomain is reachable from the internet?

If yes, try running the certbot renew command inside the container and see what happens

[theouitdenwaal]

In my case, same issue, same error, domain is not reachable from the internet and running certbot renew in the container brings:

2021-06-30 19:41:32,006:DEBUG:certbot._internal.main:certbot version: 1.16.0 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Arguments: [] 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-google,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-06-30 19:41:32,055:DEBUG:certbot._internal.log:Root logging level set at 30 2021-06-30 19:41:32,058:DEBUG:certbot.display.util:Notifying user:

---

2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: No renewals were attempted. 2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-06-30 19:41:32,060:DEBUG:certbot._internal.renewal:no renewal failures

[LeducH]

still open

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: