search

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
21.91k stars 2.53k forks source link

Exception: 403: Permission denied. on new certificate or renewal #3396

Open tquest1 opened 8 months ago

tquest1 commented 8 months ago

Checklist

Describe the bug

Whenever I try to renew or add a new ssl certificate with a DNS challenge, I get Failed to renew certificate npm-* with error: 403: Permission denied.

This seems to be a file permission maybe? - The data and letsencrypt folders that my docker-compose.yml point to are given root permissions when the container runs.

Nginx Proxy Manager Version

v2.10.4

To Reproduce Steps to reproduce the behavior:

  1. Go to SSL Certificates tab
  2. Click on renew or add ssl certificate
  3. choose dns challenge with correct api token added
  4. See error:
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-16" --agree-tos --email "**********" --domains "**********" --authenticator dns-njalla --dns-njalla-credentials "/etc/letsencrypt/credentials/credentials-16"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Encountered exception during recovery: Exception: 403: Permission denied.
An unexpected error occurred:
Exception: 403: Permission denied.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Operating System

Debian 12 lxc running docker v.24.0.7 in a container on Proxmox, latest updates

Additional context

docker-compose.yml:

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
github-actions[bot] commented 1 month ago

Issue is now considered stale. If you want to keep it open, please comment :+1: