Closed TailoredITRob closed 2 months ago
I finally have this resolved.
I needed to apply the fix from #3121 as shown below.
Create a force-ssl.conf
file in the same directory as docker-compose.yml
and then add it to your container.
force-ssl.conf
set $test "";
if ($scheme = "http") {
set $test "H";
}
if ($request_uri ~ "^\/\.well-known\/acme-challenge\/(.*)") {
set $test "${test}T";
}
if ($test = H) {
return 301 https://$host$request_uri;
}
docker-compose.yml
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./force-ssl.conf:/etc/nginx/conf.d/include/force-ssl.conf # <~~~~~~~~~~~~~~~
This should resolve the issue until PR #3121 is merged. With this I was getting back Let's Encrypt responses, but they were being denied. After inspecting the logs I realized it was failing a CAA check. (I've used other certificate providers for other subdomains. CAA records limit which CAs may issue certificates for a domain. You may need to add a CAA record for Let's Encrypt.
example.org CAA 0 issue "letsencrypt.org" 3600
You can learn more about CAA records here.
Checklist
jc21/nginx-proxy-manager:latest
docker image?Describe the bug I have a vanilla installation of Debian 12 with rootless Docker and NPM installed. (I also have a container running Portainer.) When I try to enable SSL and add a new certificate, it fails. When I attempt to create a new Let'sEncrypt certificate from the SSL page, it also fails. Additionally, the Server Reachability test also fails with the following error.
Of course, NPM is running and I'm accessing NPM through the domain I'm attempting to pull an SSL cert for.
Inspecting the JS console, I find a request going out to
http://my.domain.com/api/nginx/certificates/test-http?domains=["my.domain.com"]
is failing with the following error.Attempting to request a new certificate results in a 503 error from
http://my.domain.com/api/nginx/certificates
with the following message.The indicated log file is never created.
Nginx Proxy Manager Version 2.11.2
To Reproduce Steps to reproduce the behavior:
Expected behavior A reachability test should be completed or a new Let'sEncrypt certificate issued without errors.
Operating System Debian GNU/Linux 12 (bookworm)
Additional context
Possibly related to #2439, #2593, and #2713.