Renewing Cert - Error - Githubissues

sias32 commented 3 weeks ago

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- No
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug When trying to autoupdate a certificate, an error appears in the application logs:

[7/8/2024] [11:18:35 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/8/2024] [11:18:35 AM] [SSL      ] › ✖  error     Error: read ECONNRESET 
    at TCP.onStreamRead (node:internal/stream_base_commons:218:20)
    --------------------
    at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at Connection.query (/app/node_modules/mysql/lib/Connection.js:198:25)
    at /app/node_modules/knex/lib/dialects/mysql/index.js:132:18
    at new Promise (<anonymous>)
    at Client_MySQL._query (/app/node_modules/knex/lib/dialects/mysql/index.js:126:12)
    at executeQuery (/app/node_modules/knex/lib/execution/internal/query-executioner.js:37:17)
    at Client_MySQL.query (/app/node_modules/knex/lib/client.js:146:12)
    at Runner.query (/app/node_modules/knex/lib/execution/runner.js:123:36)
    at ensureConnectionCallback (/app/node_modules/knex/lib/execution/internal/ensure-connection-callback.js:13:17)
    at Runner.ensureConnection (/app/node_modules/knex/lib/execution/runner.js:300:20)

And on the database side, a warning comes out in the logs:

2024-07-08  8:19:44 136237 [Warning] Aborted connection 136237 to db: 'nginx' user: 'nginx' host: '10.0.4.4' (Got an error reading communication packets)
2024-07-08 10:19:53 136716 [Warning] Aborted connection 136716 to db: 'nginx' user: 'nginx' host: '10.0.4.4' (Got an error reading communication packets)
2024-07-08 12:20:02 137195 [Warning] Aborted connection 137195 to db: 'nginx' user: 'nginx' host: '10.0.4.4' (Got an error reading communication packets)

But at the same time the certificate is renewed, it has an extended date...

Nginx Proxy Manager Version Using jc21/nginx-proxy-manager:2.11.2

To Reproduce Steps to reproduce the behavior:

Create a certificate
Wait for certbot to start renewing the certificate automatically
See logs

Expected behavior Clearly no errors should pop up when updating a certificate

Operating System Debian 12, Docker. Run in docker swarm

Additional context If you do the renewal manually, no errors occur

Application environment variables

environment:
  DB_MYSQL_HOST: nginx-db
  DB_MYSQL_NAME: nginx
  DB_MYSQL_PASSWORD__FILE: /run/secrets/nginx-db-pass
  DB_MYSQL_PORT: "3306"
  DB_MYSQL_USER: nginx

sias32 commented 2 weeks ago

After upgrading to 2.11.3, the error remains

sias32 commented 2 weeks ago

This doesn't happen with all certificates, some update without problems, it's hard to figure out which ones yet

[7/11/2024] [4:50:08 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/11/2024] [4:50:08 AM] [SSL      ] › ✖  error     Error: read ECONNRESET 
    at TCP.onStreamRead (node:internal/stream_base_commons:218:20)
    --------------------
    at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at Connection.query (/app/node_modules/mysql/lib/Connection.js:198:25)
    at /app/node_modules/knex/lib/dialects/mysql/index.js:132:18
    at new Promise (<anonymous>)
    at Client_MySQL._query (/app/node_modules/knex/lib/dialects/mysql/index.js:126:12)
    at executeQuery (/app/node_modules/knex/lib/execution/internal/query-executioner.js:37:17)
    at Client_MySQL.query (/app/node_modules/knex/lib/client.js:146:12)
    at Runner.query (/app/node_modules/knex/lib/execution/runner.js:123:36)
    at ensureConnectionCallback (/app/node_modules/knex/lib/execution/internal/ensure-connection-callback.js:13:17)
    at Runner.ensureConnection (/app/node_modules/knex/lib/execution/runner.js:300:20)
[7/11/2024] [5:50:08 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/11/2024] [5:50:08 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process

sias32 commented 2 weeks ago

I created a test service, on the latest version 2.11.3

There are three domains on it, leading to one service whoami, for each of them access list was created. The first one is completely open, the second one is closed under authorization and the third one is limited by addresses. At first everything was ok, but after a day errors started to appear

[7/12/2024] [1:05:56 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/12/2024] [1:05:56 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[7/12/2024] [2:05:56 AM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[7/12/2024] [2:05:56 AM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[7/12/2024] [2:05:56 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/12/2024] [2:05:56 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[7/12/2024] [2:05:56 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[7/12/2024] [2:05:56 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[7/12/2024] [2:05:56 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[7/12/2024] [2:05:56 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/12/2024] [2:05:56 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[7/12/2024] [3:05:56 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/12/2024] [3:05:56 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[7/12/2024] [4:05:56 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/12/2024] [4:05:56 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process
[7/12/2024] [5:05:56 AM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[7/12/2024] [5:05:56 AM] [SSL      ] › ✖  error     Error: read ECONNRESET 
    at TCP.onStreamRead (node:internal/stream_base_commons:218:20)
    --------------------
    at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at Connection.query (/app/node_modules/mysql/lib/Connection.js:198:25)
    at /app/node_modules/knex/lib/dialects/mysql/index.js:132:18
    at new Promise (<anonymous>)
    at Client_MySQL._query (/app/node_modules/knex/lib/dialects/mysql/index.js:126:12)
    at executeQuery (/app/node_modules/knex/lib/execution/internal/query-executioner.js:37:17)
    at Client_MySQL.query (/app/node_modules/knex/lib/client.js:146:12)
    at Runner.query (/app/node_modules/knex/lib/execution/runner.js:123:36)
    at ensureConnectionCallback (/app/node_modules/knex/lib/execution/internal/ensure-connection-callback.js:13:17)
    at Runner.ensureConnection (/app/node_modules/knex/lib/execution/runner.js:300:20)

NginxProxyManager / nginx-proxy-manager

Renewing Cert - Error #3861