Open rekyuu opened 2 years ago
This is probably an issue with certbot
itself, but I wasn't able to find any open issues about it. My suggestion would be to implement certificate validation across certificates marked as active in the NPM database and what's returned by certbot certificates
.
Seems that there is a logic issue with the revoking and removal, I see from my logs
[6/7/2022] [11:32:33 AM] [SSL ] › ℹ info Command: certbot revoke --config "/etc/letsencrypt.ini" --cert-path "/etc/letsencrypt/live/npm-95/fullchain.pem" --delete-after-revoke ; rm -f '/etc/letsencrypt/credentials/credentials-95' || true
This command means that even if the certbot revoke fails, the certs would still be removed causing the error seen, surely the semicolon should be a && to only do the delete if revoke is successful. This needs capturing by the backend to update the DB only if successful.
The || true
also means that a good return code is given on failure which is suspicious and suggests error handling isn't done here.
I have a similar problem. After delete the certificate that still using for proxy from the SSL Certificates page, the proxy sites show http only. but when I change the site SSL certs, it show internal error. Then I reboot the container, it can't work and the log show that nginx can't find the old cert's files. Finally, I copy the new cert's files and rename it as the same with old cert. And reboot the container, I change the site SSL certs successfully. So, the delete cert logic leave out change the nginx configuration files.
Issue is now considered stale. If you want to keep it open, please comment :+1:
Describe the bug I recently updated all my locally hosted services to be internet inaccessible and require a VPN to use. As a result, I updated my NPM configuration to use HTTP only and deleted all my HTTPS certs, and removed all applicable DNS entries.
For some (not all) certs, the
certbot revoke --delete-after-revoke
command did not seem to take fully, as the certs remained active. Since the DNS entries were removed, this caused the hourlycertbot renew
command to fail. Failing enough times (for some reason) caused my NPM instance to lock up and my local services to time out.I was able to resolve this by going into the container and manually calling
certbot delete
on the remaining active certificates.Nginx Proxy Manager Version v2.9.18
To Reproduce Steps to reproduce the behavior:
Expected behavior The certificates should be removed after being revoked.
Operating System
Additional Context