Open gent99 opened 2 years ago
Here ist my Log about the Error:
...... 2022-01-28T14:22:01.024729628Z [1/28/2022] [2:22:01 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... 2022-01-28T14:22:01.029569645Z [1/28/2022] [2:22:01 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized 2022-01-28T14:22:01.031130541Z [1/28/2022] [2:22:01 PM] [Global ] › ℹ info Backend PID 248 listening on port 3000 ... 2022-01-28T14:22:17.143438076Z
QueryBuilder#allowEager
method is deprecated. You should useallowGraph
instead.allowEager
method will be removed in 3.0 2022-01-28T14:22:17.144582592ZQueryBuilder#eager
method is deprecated. You should use thewithGraphFetched
method instead.eager
method will be removed in 3.0 2022-01-28T14:22:17.150001473Z QueryBuilder#omit is deprecated. This method will be removed in version 3.0 2022-01-28T14:22:17.151648151Z Model#$omit is deprected and will be removed in 3.0. 2022-01-28T14:22:57.515936923Z [1/28/2022] [2:22:57 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #10: domain.xx.xy 2022-01-28T14:22:57.515962942Z [1/28/2022] [2:22:57 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-10" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 2022-01-28T14:22:57.967649739Z [1/28/2022] [2:22:57 PM] [Express ] › ⚠ warning Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-10" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation 2022-01-28T14:22:57.967672762Z Another instance of Certbot is already running. 2022-01-28T14:22:57.967676078Z Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmp48pefxkd/log or re-run Certbot with -v for more details. 2022-01-28T14:22:57.967678303Z 2022-01-28T14:26:14.243601235Z [1/28/2022] [2:26:14 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
2022-01-28T14:26:14.243627765Z Failed to renew certificate npm-11 with error: Some challenges have failed. 2022-01-28T14:26:14.243631812Z All renewals failed. The following certificates could not be renewed: 2022-01-28T14:26:14.243634167Z /etc/letsencrypt/live/npm-11/fullchain.pem (failure) 2022-01-28T14:26:14.243636241Z 1 renew failure(s), 0 parse failure(s) 2022-01-28T14:26:14.243638555Z 2022-01-28T14:26:14.243640709Z at ChildProcess.exithandler (node:child_process:397:12) 2022-01-28T14:26:14.243642783Z at ChildProcess.emit (node:events:390:28) 2022-01-28T14:26:14.243644787Z at maybeClose (node:internal/child_process:1064:16) 2022-01-28T14:26:14.243646760Z at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
Hi, I have been solving this too. I don't know why, but some of my certificates cannot be renewed as it outputs "Connection refused" for acme-challenge as shown on the picture.
If this happens, than after each restart of NPM there is stuck processes as shown on the next image, that results in "Another instance of Certbot is already running."
If you kill these processes, than you can create new certificate for these domains and it will work as it should (renew will not work). Then go to your host and assign the new certificate to it. Than you can delete the old one.
After these changes is done, you can try to restart your NPM and see if there is still that processes. If not, than you are OK and you can ensure yourself by issuing renew.
Hope this helps and I am looking forward for this to be fixed. I don't know what cause this, but it happends on all of my 4 NPM installs for only some domains.
where can i find those logs?
in npm/data/logs i find letsencrypt-requests_access.log letsencrypt-requests_error.log letsencrypt-requests.log
but they don't show me any errors like in your posts
where can i find those logs?
in npm/data/logs i find letsencrypt-requests_access.log letsencrypt-requests_error.log letsencrypt-requests.log
but they don't show me any errors like in your posts
I have found this log here: /var/log/letsencrypt/letsencrypt.log
Hi, I have created a bash script which will fix the error. It creates symbolic links for all required files and optionally deletes the old *.pem files. For me it fixed the problem:
Just go to your /etc/letsencrypt/live
directory, create a script and paste the content below.
touch /etc/letsencrypt/live/fix.sh
Make it exectuable:
chmod +x /etc/letsencrypt/live/fix.sh
And run it:
cd /etc/letsencrypt/live/ && ./fix.sh
At the end of the script you will be asked if you want to delete the old files which are no longer needed.
After running the script restart your nginxproxymanager instance.
#!/usr/bin/env bash
DELETE_ME=()
for i in $(find . -name "npm-*" -type d); do
pushd "${i}" &>/dev/null
RELATIVE_PATH=$(echo "${i}" | sed 's/\.\///g')
# find all regular (non symbolic link) files
for t in $(find . -name "*.pem" -type f); do
# remove ./ path prefix
FILE_TO_LINK=$(echo "${t}" | sed 's/\.\///g')
NEW_FILE_NAME=$(echo "${FILE_TO_LINK}" | sed 's/\./1\./g')
echo "${RELATIVE_PATH}/${FILE_TO_LINK} needs to be linked"
echo "Moving ${RELATIVE_PATH}/${FILE_TO_LINK} to ${RELATIVE_PATH}/${FILE_TO_LINK}.bak"
mv "${FILE_TO_LINK}" "${FILE_TO_LINK}".bak
DELETE_ME+=("${RELATIVE_PATH}/${FILE_TO_LINK}.bak")
echo "linking ../../archive/${RELATIVE_PATH}/${NEW_FILE_NAME} to ${RELATIVE_PATH}/${FILE_TO_LINK}"
ln -s ../../archive/"${RELATIVE_PATH}"/"${NEW_FILE_NAME}" "${FILE_TO_LINK}"
if [[ "$?" == 0 ]]; then
echo "success"
else
echo "failure"
fi
done
popd &>/dev/null
done
if [[ -n ${DELETE_ME} ]]; then
echo -e "\nOld *.pem files:\n"
echo "${DELETE_ME[*]}"
echo "Do you want to delete the old *.pem files? (y/n) "
read delete
if [[ "${delete}" == "y" || "${delete}" == "yes" ]]; then
for y in "${DELETE_ME[@]}"; do
rm "${y}"
done
fi
else
echo "Nothing to be done."
fi
For anyone experiencing this issue, I was able to fix my setup using the following steps:
After doing the above steps for each of my Proxy Hosts, they can be renewed from the GUI. I'm not sure if Auto-renew will work but I guess I'll find out in a couple months.
I don't know what caused the problem or if it will come back but at least for now it appears to be working.
For anyone experiencing this issue, I was able to fix my setup using the following steps:
- Navigate to Proxy Hosts
- Edit a Host entry with a bad SSL Cert
- Navigate to the SSL Tab
- Click on the SSL Certificate field and in the drop down select "Request a new SSL Certificate"
- Click Save
- Navigate to SSL Certificates
- Delete the old Certificate
After doing the above steps for each of my Proxy Hosts, they can be renewed from the GUI. I'm not sure if Auto-renew will work but I guess I'll find out in a couple months.
I don't know what caused the problem or if it will come back but at least for now it appears to be working.
This just create an "Internal error", no new cert.
The same on my side. Any new suggestions?
I had the same issue and solved it by adding a DNS CAA record for the HOST.MYDOMAIN.TLD and setting letsencrypt.org as an authorized certificate provider (I use EasyDNS). What made me think of this was an email that letsencrypt had sent some time ago regarding this soon-to-come requirement from DNS providers. Nginx Proxy Manager v2.7.1 Hope this helps others.
npm 2.10.1. Out of nowhere expired certs + symlink error on npm startup. Internal error in GUI. Godaddy DNS challenge cert Gh0stRocket script did indeed fix renewal and all existing proxy hosts updated. Whew. What's not clear is fix symlink creation is permanent fix or not. Believe it is...This renewal issue with either npm / certbot really could use some attention.
Issue is now considered stale. If you want to keep it open, please comment :+1:
For me the issue is still there: Failed to renew certificate npm-1 with error: Some challenges have failed. Failed to renew certificate npm-2 with error: Some challenges have failed. Failed to renew certificate npm-3 with error: Some challenges have failed. Failed to renew certificate npm-4 with error: Some challenges have failed. All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-1/fullchain.pem (failure) /etc/letsencrypt/live/npm-2/fullchain.pem (failure) /etc/letsencrypt/live/npm-3/fullchain.pem (failure) /etc/letsencrypt/live/npm-4/fullchain.pem (failure) 4 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:422:12)
at ChildProcess.emit (node:events:517:28)
at maybeClose (node:internal/child_process:1098:16)
at ChildProcess._handle.onexit (node:internal/child_process:303:5)
I just get internal error in NPM gui when trying to renew wildcard cert (*.domain.ltd)
I encountered the same issue when trying to renew certificates using the NPM GUI. Removing the certificate that failed to renew and requesting new ones resolved the problem for me.
I'm on v2.9.15 and have a problem with "renew now" on SSL Certificates tab. I get internal error. Tried with different certs for different proxy hosts. Need more info, then please tell me where to find the needed logs.