Lzyct
commented
2 years ago Any update about this issue?
Open ahmedelemamn opened 2 years ago
Lzyct
commented
2 years ago Any update about this issue?
evlo
commented
2 years ago can you do *.example.com or just example.com?
Anyways i have same error with just example.com after clicking on test, but not when domain is unavailable, maybe this happens if domain points to different location. I'm using cloud flare dns without proxy do i need to use dns challenge?
With token I get
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.9.12)
(yes i'm sure, i'm used same one in traefik, but i wanted to switch to something with web ui management)
Without dns challenge i get
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.UPDATE: weirdly after 3 attempts (no change in token) it did succeeded even with wildcard, i dunno what it does say about trying same thing expecting different result
vm75
commented
1 year ago I am facing the same issue. Have enabled port forwarding for both 80 & 443. keep getting the same errors outlined in the original post
Evilernie2001
commented
1 year ago Same Problem here. Can`t renew the or create SSL via Letsencrypt
BL3CKM00N
commented
1 year ago guessing im not the only one here today xD
Yannic-reust
commented
1 year ago same here
g4xx
commented
1 year ago Same here
CameronMacG
commented
1 year ago +1
msawyer91
commented
1 year ago I'm seeing the same "Communication with the API failed, is NPM running correctly?" on NPM 2.9.19 on a Raspberry Pi using Docker. The error occurs when I test connectivity, but ultimately succeeded in requesting the certificate from Let's Encrypt.
HostLabs-LLC
commented
1 year ago I'm also getting Communication with the API failed, is NPM running correctly?" after pulling :latest this morning. I'm glad its not just me, hopefully we get this fixed. Thanks!!!
BL3CKM00N
commented
1 year ago Well... u can request a certificate but only the check does currently not work. Requesting and renewing does work just fine ;)
Barzoo7
commented
1 year ago +1 hope solve it
rohankm
commented
1 year ago same here
DomBrownInOz
commented
1 year ago Yep. same here?
xnrbdev
commented
1 year ago Anyone had any luck with a older version ?
OfficialMuffin
commented
1 year ago Same issue here
Srcodesalittle
commented
1 year ago Same here, please advise
MarkoS046
commented
1 year ago Same here :/
YuraBogdan
commented
1 year ago Uncaught SyntaxError: Unexpected end of JSON input
FROM
./run: line 19: 1287 Trace/breakpoint trap (core dumped) node --abort_on_uncaught_exception --max_old_space_size=250 index.jswhenever you try to see if the server reachable, docker logs will display this error.
I've tried to pinpoint script that triggers but had no luck so far
lazyzyf
commented
1 year ago npm | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method wil
l be removed in 3.0
npm | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` met
hod will be removed in 3.0
npm | QueryBuilder#omit is deprecated. This method will be removed in version 3.0
npm | Model#$omit is deprected and will be removed in 3.0.
DelScipio
commented
1 year ago Same problem in all my servers. Nothing changed, worked fine till it doesnt.
CristianEduardMihai
commented
1 year ago Same here. PM works fine on my Oracle Cloud hosts, but I'm facing this issue on my home server.
kiennt048
commented
1 year ago same here, even install lastest version hardware
gylove1994
commented
1 year ago same here.
Radiofreqq
commented
1 year ago same. no joy. I'm new to all this and I've been beating my head thinking I messed up somewhere.
bigbeka
commented
1 year ago I'm having the same issue.
tarkh
commented
1 year ago Yep, same issue.
bigbeka
commented
1 year ago The only way I was able to get SSL is to Add host and request the SSL through the Host setup process.
Sebekerga
commented
1 year ago The wall of "same here" messages doesn't speed up the process of resolving this issue and it creates an unnecessary spam for those who follow issues via email.
If you want to help, please provide additional information such as logs, your settings, info about your setup or anything else that you think might be helpful.
If you want to show that you also are interested in solving this issue, consider just up-voting initial issue message, so that the counter will go up.
But please, stop spamming "same here"
EDIT: Want to make it clear, that I do not think bad of people who posted "same here" and just wanted to point out that it is not the most helpful approach for participating in issues, with peace and love
bigbeka
commented
1 year ago @Sebekerga Agreed.
Here are most recent logs with Error/Failed tags. Happy to provide more if these are not helpful.
Failed to renew certificate npm-13 with error: Some challenges have failed.
Failed to renew certificate npm-14 with error: Some challenges have failed.
Failed to renew certificate npm-15 with error: Some challenges have failed.
Failed to renew certificate npm-17 with error: Some challenges have failed.
Failed to renew certificate npm-18 with error: Some challenges have failed.
Failed to renew certificate npm-20 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-13/fullchain.pem (failure)
/etc/letsencrypt/live/npm-14/fullchain.pem (failure)
/etc/letsencrypt/live/npm-15/fullchain.pem (failure)
/etc/letsencrypt/live/npm-17/fullchain.pem (failure)
/etc/letsencrypt/live/npm-18/fullchain.pem (failure)
/etc/letsencrypt/live/npm-20/fullchain.pem (failure)
6 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)
LucaVignati
commented
1 year ago After spending the night on it I found what was my issue.
I'm using NPM as a docker in unRAID, and for whatever reason the port settings of the template (where you specify the port forwarding at docker network level) changed.
Instead of forwarding port 180 to the internal port 80 and port 1443 to the internal port 443, the template was forwarding port 180 to port 180 and port 1443 to port 1443.
I changed it back to forwarding to 80 and 443 and now it's working.
bigbeka
commented
1 year ago @LucaVignati Thanks for sharing, glad you solved your issue.
But this doesn't explain my case. I am not using NPM, and my NGINX host is a docker image and ports 80 and 443 are pointing at the NGINX Proxy Manager Docker Container.
Radiofreqq
commented
1 year ago The wall of "same here" messages doesn't speed up the process of resolving this issue and it creates an unnecessary spam for those who follow issues via email.
If you want to help, please provide additional information such as logs, your settings, info about your setup or anything else that you think might be helpful.
If you want to show that you also are interested in solving this issue, consider just up-voting initial issue message, so that the counter will go up.
But please, stop spamming "same here"
My apologies, I believe the reason people are adding "same here" or some derivative of that is because it makes them part of the conversation. So, when there is any update on the matter, they get notified. Please forgive me if there is a less intrusive way to accomplish these results. If you know of any, go ahead an inform the forum so future users don't follow the same method.
One a side note. My issue resolved by deleting the host and SSL cert in nginx and recreating it. I have done this a bunch of times in the past already and it didn't work. It just "worked" last night. Not sure why.
patrick250709
commented
1 year ago "Same Here" -> use the button Subscribe at the top on the right sidebar (pc)
I was having the same problems, and just to test it out, i disabled IPv6 through my docker-compose.yml
#docker-compose.yml
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencryptAnd now it creating proxy host with ssl work. Will return when my instance of Nextcloud-aio is up and running, then i can test if my https://sub.domain-name.tld works
Edit
Tested my domain and Proxy Host works with ssl.
I still gets a error when testing the SSL certificate "Test Server Reachability"
Error: Communication with the API failed, is NPM running correctly?
bigbeka
commented
1 year ago @patrick250709 Could you please try getting just the certificate under SSL Certificates tab (Without creating the host first)?
The Communication with the API failed, is NPM running correctly? error comes up when you try to add the Cert before creating the host but after pointing your DNS Records at the NGINX Proxy Manager host.
patrick250709
commented
1 year ago @patrick250709 Could you please try getting just the certificate under
SSL Certificatestab (Without creating the host first)?The
Communication with the API failed, is NPM running correctly?error comes up when you try to add the Cert before creating the host but after pointing your DNS Records at the NGINX Proxy Manager host.
I just tried.
bigbeka
commented
1 year ago @patrick250709 No joy for me.
It turned out that my yml already had IPv6 disabled.
Test Server Reachability gives me Communication with the API failed, is NPM running correctly? and trying to request the SSL without testing gives me this:
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-64" --agree-tos --authenticator webroot --email "abc@example.com" --preferred-challenges "dns,http" --domains "test.example.com"
Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-xyz/log or re-run Certbot with -v for more details.
at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)Hi, for what it's worth, I solved it by remembering to change my dns records on cloudflare from proxied to DNS only, turning off both HTTPS only, automatic HTTPS rewrite., and changing certificate security from full to flexible This allowed proper HTTP communication to actually reach my server and the certs were pulled in 100% of the time. Once I received the required certs, I turned the protections and rewrites back on.
bigbeka
commented
1 year ago @Srcodesalittle Exact steps that I used to take every time I created Certs. Since the issue started, nothing has changed. I have tried to reduce to Flexible, no joy either.
I might be missing something very obvious, I just need to sleep on it maybe.
Srcodesalittle
commented
1 year ago @Srcodesalittle Exact steps that I used to take every time I created Certs. Since the issue started, nothing has changed. I have tried to reduce to Flexible, no joy either.
I might be missing something very obvious, I just need to sleep on it maybe.
Sorry to hear that, the only thing I can think is whether the dns resolver on your docker image is working correctly and if you try too many cert requests, letsencrypt will time you out for a while (logs should tell you this). Other than that, not sure what could be happening.
bigbeka
commented
1 year ago @Srcodesalittle No, not at all mate.
I will give a try to fresh install on a fresh host to reproduce this. I will report back with results, hopefully with positive ones.
davix3f
commented
1 year ago @patrick250709 No joy for me.
It turned out that my yml already had IPv6 disabled.
Test Server Reachabilitygives meCommunication with the API failed, is NPM running correctly?and trying to request the SSL without testing gives me this:Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-64" --agree-tos --authenticator webroot --email "abc@example.com" --preferred-challenges "dns,http" --domains "test.example.com" Another instance of Certbot is already running. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-xyz/log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)
I get the same errors. I didn't change anything in my container since installation a year ago and just started popping this error on new certs, or updating old ones, updating the image didn't solve this issue. I also tried rolling back acme as suggested in the main post but didn't work. Any ideas? This is annoying
r-hmn
commented
1 year ago Srcodesalittle Hi, for what it's worth, I solved it by remembering to change my dns records on cloudflare from proxied to DNS only, turning off both HTTPS only, automatic HTTPS rewrite., and changing certificate security from full to flexible This allowed proper HTTP communication to actually reach my server and the certs were pulled in 100% of the time. Once I received the required certs, I turned the protections and rewrites back on.
Worked for me!✔
i had version v2.9.18, and noticed the SSL outdated, and renewal failed as this topic.
Communication with the API failed, is NPM running correctly?
i renewed the docker image and started, now version v2.9.19 and also SSL renewal failed.
I went to the "proxy-host" and disabled "force SSL" for that host.
Then under the "SSL sertificates" tried "renew now" for that host, and it worked!
bigbeka
commented
1 year ago Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails.
Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn't have the cert yet?
Srcodesalittle
commented
1 year ago Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails.
Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn't have the cert yet?
I'm away from my server at the moment and can't check right now. I'll try to get back to you soon.
rumplin
commented
1 year ago Today some certificates expired for my sites and I'm struggling to get it back.
Here are the logs from the container:
2022-12-13T19:24:50.625796744Z [12/13/2022] [8:24:50 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
2022-12-13T19:24:50.625869881Z [12/13/2022] [8:24:50 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
2022-12-13T19:24:50.629915615Z [12/13/2022] [8:24:50 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
2022-12-13T19:24:50.896222410Z [12/13/2022] [8:24:50 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
2022-12-13T19:24:51.041405201Z [12/13/2022] [8:24:51 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
2022-12-13T19:24:51.180183421Z [12/13/2022] [8:24:51 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
2022-12-13T19:24:51.180235168Z Renewal configuration file /etc/letsencrypt/renewal/npm-1.conf is broken.
2022-12-13T19:24:51.180240077Z The error was: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink
2022-12-13T19:24:51.180256288Z Skipping.
2022-12-13T19:24:51.180259414Z Renewal configuration file /etc/letsencrypt/renewal/npm-2.conf is broken.
2022-12-13T19:24:51.180262249Z The error was: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink
2022-12-13T19:24:51.180265285Z Skipping.
2022-12-13T19:24:51.180268420Z Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf is broken.
2022-12-13T19:24:51.180280744Z The error was: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink
2022-12-13T19:24:51.180284200Z Skipping.
2022-12-13T19:24:51.180287045Z Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf is broken.
2022-12-13T19:24:51.180289951Z The error was: expected /etc/letsencrypt/live/npm-4/cert.pem to be a symlink
2022-12-13T19:24:51.180296834Z Skipping.
2022-12-13T19:24:51.180299749Z Renewal configuration file /etc/letsencrypt/renewal/npm-5.conf is broken.
2022-12-13T19:24:51.180302645Z The error was: expected /etc/letsencrypt/live/npm-5/cert.pem to be a symlink
2022-12-13T19:24:51.180309367Z Skipping.
2022-12-13T19:24:51.180312193Z 0 renew failure(s), 5 parse failure(s)
2022-12-13T19:24:51.180315329Z
2022-12-13T19:24:51.180318194Z at ChildProcess.exithandler (node:child_process:402:12)
2022-12-13T19:24:51.180321099Z at ChildProcess.emit (node:events:513:28)
2022-12-13T19:24:51.180323835Z at maybeClose (node:internal/child_process:1100:16)
2022-12-13T19:24:51.180330327Z at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)
2022-12-13T19:24:51.201348545Z [12/13/2022] [8:24:51 PM] [Nginx ] › ℹ info Reloading Nginx
2022-12-13T20:10:48.684400673Z [12/13/2022] [9:10:48 PM] [Express ] › ⚠ warning invalid signature
2022-12-13T20:10:52.155386518Z `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
2022-12-13T20:10:52.156477415Z `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
2022-12-13T20:10:52.161289113Z QueryBuilder#omit is deprecated. This method will be removed in version 3.0
2022-12-13T20:10:52.163846892Z Model#$omit is deprected and will be removed in 3.0.
2022-12-13T20:10:58.871617045Z [12/13/2022] [9:10:58 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #4: CENSORED.si
2022-12-13T20:10:58.871650769Z [12/13/2022] [9:10:58 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
2022-12-13T20:10:59.249930474Z [12/13/2022] [9:10:59 PM] [Express ] › ⚠ warning Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-4" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
2022-12-13T20:10:59.249986269Z Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-12-13T20:10:59.249991018Z Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf is broken.
2022-12-13T20:10:59.249994053Z The error was: expected /etc/letsencrypt/live/npm-4/cert.pem to be a symlink
2022-12-13T20:10:59.249997089Z Skipping.
2022-12-13T20:10:59.250000115Z 0 renew failure(s), 1 parse failure(s)
2022-12-13T20:10:59.250014361Z Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.and logs from /var/log/letsencrypt/letsencrypt.log
2022-12-13 21:15:11,720:DEBUG:certbot._internal.main:certbot version: 1.31.0
2022-12-13 21:15:11,720:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-12-13 21:15:11,720:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation']
2022-12-13 21:15:11,720:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-12-13 21:15:11,727:DEBUG:certbot._internal.log:Root logging level set at 40
2022-12-13 21:15:11,728:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-1.conf
2022-12-13 21:15:11,729:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-1.conf is broken.
2022-12-13 21:15:11,729:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink
Skipping.
2022-12-13 21:15:11,729:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 504, in __init__
self._check_symlinks()
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 578, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink
2022-12-13 21:15:11,729:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-2.conf
2022-12-13 21:15:11,730:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-2.conf is broken.
2022-12-13 21:15:11,730:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink
Skipping.
2022-12-13 21:15:11,730:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 504, in __init__
self._check_symlinks()
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 578, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink
2022-12-13 21:15:11,730:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-3.conf
2022-12-13 21:15:11,730:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf is broken.
2022-12-13 21:15:11,730:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink
Skipping.
2022-12-13 21:15:11,731:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 504, in __init__
self._check_symlinks()
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 578, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink
2022-12-13 21:15:11,731:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-4.conf
2022-12-13 21:15:11,731:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf is broken.
2022-12-13 21:15:11,731:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-4/cert.pem to be a symlink
Skipping.
2022-12-13 21:15:11,731:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 504, in __init__
self._check_symlinks()
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 578, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-4/cert.pem to be a symlink
2022-12-13 21:15:11,731:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-5.conf
2022-12-13 21:15:11,732:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-5.conf is broken.
2022-12-13 21:15:11,732:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-5/cert.pem to be a symlink
Skipping.
2022-12-13 21:15:11,732:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 504, in __init__
self._check_symlinks()
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 578, in _check_symlinks
"expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-5/cert.pem to be a symlink
2022-12-13 21:15:11,732:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-7.conf
2022-12-13 21:15:11,742:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f561e33d9e8> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f561e33d9e8>
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var preferred_chain=ISRG Root X1 (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var elliptic_curve=secp384r1 (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2022-12-13 21:15:11,742:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-12-13 21:15:11,763:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2022-12-13 21:15:11,854:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2022-12-13 21:15:11,855:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-7/cert2.pem is signed by the certificate's issuer.
2022-12-13 21:15:11,856:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-7/cert2.pem is: OCSPCertStatus.GOOD
2022-12-13 21:15:11,858:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2022-12-13 21:15:11,858:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-12-13 21:15:11,858:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var preferred_chain=ISRG Root X1 (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var elliptic_curve=secp384r1 (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2022-12-13 21:15:11,859:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2022-12-13 21:15:11,868:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2022-12-13 21:15:11,930:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2022-12-13 21:15:11,930:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-8/cert2.pem is signed by the certificate's issuer.
2022-12-13 21:15:11,931:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-8/cert2.pem is: OCSPCertStatus.GOOD
2022-12-13 21:15:11,931:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2022-12-13 21:15:11,931:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-12-13 21:15:11,931:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-12-13 21:15:11,931:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2022-12-13 21:15:11,931:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/live/npm-7/fullchain.pem expires on 2023-03-09 (skipped)
/etc/letsencrypt/live/npm-8/fullchain.pem expires on 2023-03-09 (skipped)
2022-12-13 21:15:11,931:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-12-13 21:15:11,932:DEBUG:certbot._internal.display.obj:Notifying user:
Additionally, the following renewal configurations were invalid:
2022-12-13 21:15:11,932:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/renewal/npm-1.conf (parsefail)
/etc/letsencrypt/renewal/npm-2.conf (parsefail)
/etc/letsencrypt/renewal/npm-3.conf (parsefail)
/etc/letsencrypt/renewal/npm-4.conf (parsefail)
/etc/letsencrypt/renewal/npm-5.conf (parsefail)
2022-12-13 21:15:11,932:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-12-13 21:15:11,932:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1630, in renew
renewal.handle_renewal_request(config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 511, in handle_renewal_request
f"{len(renew_failures)} renew failure(s), {len(parse_failures)} parse failure(s)")
certbot.errors.Error: 0 renew failure(s), 5 parse failure(s)
2022-12-13 21:15:11,932:ERROR:certbot._internal.log:0 renew failure(s), 5 parse failure(s)As a workaround I did the following:
Srcodesalittle
commented
1 year ago Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails.
Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn't have the cert yet?
Hi I just created a new cert for my domain and it works fine. No issues
RobusTetus
commented
1 year ago Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails. Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn't have the cert yet?
Hi I just created a new cert for my domain and it works fine. No issues
It works only for a while when you first pull the images and make a completely new and fresh container of npm without any volumes saved. Then after I add like 4 hosts, each with it's own cert, it breaks and refuses to even make a new certificate. No matter if I try to add it when adding a new proxy host or directly through the SSL cert tab.
Srcodesalittle
commented
1 year ago Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails. Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn't have the cert yet?
Hi I just created a new cert for my domain and it works fine. No issues
It works only for a while when you first pull the images and make a completely new and fresh container of npm without any volumes saved. Then after I add like 4 hosts, each with it's own cert, it breaks and refuses to even make a new certificate. No matter if I try to add it when adding a new proxy host or directly through the SSL cert tab.
Not to discount your experience, but my NPM is already running close to ten hosts on different domains. As I mentioned in my comment, that is the state where I added a new cert to a new sub domain and it worked fine.
Checklist
jc21/nginx-proxy-manager:latestdocker image?Describe the bug i have a fresh NPM image running and tried to generate SSL certificate for my domain i tried both http/dns challenges for http challenge i get this error:
or this one:
for the second error i made sure my DNS record is configured as DNS only and not proxied on cloudflare and i have both port 80 and 443 forwarded on my WAN router
if i opted for DNS challenge i get this error
although the API key is working fine
Nginx Proxy Manager Version v2.9.14 i tried the latest as well but i had the same issue and i saw a post here recommending downgrading helped but unfortunately it didn't help me ref. https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1862
To Reproduce Steps to reproduce the behavior:
Expected behavior wildcard SSL certificate to be created
Operating System ubuntu server 21.10