Yabbo
commented
11 months ago log from /tmp/letsencrypt-log/letsencrypt.log
cat /tmp/letsencrypt-log/letsencrypt.log 2023-10-04 02:59:34,188:DEBUG:certbot._internal.main:certbot version: 2.5.0 2023-10-04 02:59:34,188:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2023-10-04 02:59:34,188:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-9', '--agree-tos', '--authenticator', 'webroot', '--email', 'roy.boivin@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'mixmode.vanillasystem.com'] 2023-10-04 02:59:34,188:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2023-10-04 02:59:34,197:DEBUG:certbot._internal.log:Root logging level set at 30 2023-10-04 02:59:34,197:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2023-10-04 02:59:34,199:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). Interfaces: Authenticator, Plugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fe66a36e4a8> Prep: True 2023-10-04 02:59:34,199:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fe66a36e4a8> and installer None 2023-10-04 02:59:34,199:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2023-10-04 02:59:34,314:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2023-10-04 02:59:34,316:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2023-10-04 02:59:34,338:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 467, in _make_request self._validate_conn(conn) File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1092, in _validate_conn conn.connect() File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 651, in connect assert_fingerprint=self.assert_fingerprint, File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 784, in _ssl_wrap_socket_and_match_hostname tls_in_tls=tls_intls, File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/ssl.py", line 459, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, serverhostname) File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/ssl.py", line 503, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'acme-v02.api.letsencrypt.org'. (_ssl.c:1056)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 802, in urlopen **response_kw, File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 491, in _make_request raise new_e urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'acme-v02.api.letsencrypt.org'. (_ssl.c:1056)
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 497, in send chunked=chunked, File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 845, in urlopen method, url, error=new_e, _pool=self, _stacktrace=sys.exc_info()[2] File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'acme-v02.api.letsencrypt.org'. (_ssl.c:1056)")))
During handling of the above exception, another exception occurred:
innovortex
< Checklist
jc21/nginx-proxy-manager:latestdocker image?Describe the bug When you try and get a new cert from letsencryt you are given this error.
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'acme-v02.api.letsencrypt.org'. (_ssl.c:1056)")))
I have pulled a new cert from another machine using cert bot with no issue. I have used exec -it to get into the container and tried using certbot certonly --standalone and get the same error before it asks me for the domain.
Nginx Proxy Manager Version 2.10.4 2.10.3
To Reproduce try and add an ssl cert
Expected behavior it provides me a cert
Screenshots