Can't receive certificates anymore.

[TheUntitledGoose]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug Previously, a few months back, I was able to get certs for my websites; the domains being from cloudns and freedns. Now whenever I do it, I always get Some challenges have failed. I've tried DNS challenge and that fails too through freedns. I looked at my website whenever I was doing the certificate and it just goes down? 404 error on it?

Nginx Proxy Manager Version v2.11.3

To Reproduce Steps to reproduce the behavior:

1. Make a HTTP routed website through Proxy Hosts. (Site works through HTTP)
2. Go to 'SSL Certificates' and make a certificate.
3. See error

Error:

[7/16/2024] [2:12:12 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #92: mywebsite.com
[7/16/2024] [2:12:12 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-92" --agree-tos --authenticator webroot --email "myemail@gmail.com" --preferred-challenges "dns,http" --domains "mywebsite.com" 
[7/16/2024] [2:12:12 PM] [Global   ] › ⬤  debug     CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-92" --agree-tos --authenticator webroot --email "myemail@gmail.com" --preferred-challenges "dns,http" --domains "mywebsite.com" 
[7/16/2024] [2:12:23 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_92.conf
[7/16/2024] [2:12:23 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[7/16/2024] [2:12:23 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/16/2024] [2:12:23 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[7/16/2024] [2:12:23 PM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.

Expected behavior An SSL cert like I've had before?

Operating System Debian Portainer host with the docker container. The Portainer is on Proxmox if that matters which shouldn't.

Additional context This has worked for months before. And now all of a sudden doesn't.

[paradox1612]

can you provide your log files

[TheUntitledGoose]

2024-07-16 17:26:15,786:INFO:certbot._internal.auth_handler:Challenge failed for domain mywebsite.com
2024-07-16 17:26:15,786:INFO:certbot._internal.auth_handler:http-01 challenge for mywebsite.com
2024-07-16 17:26:15,786:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mywebsite.com
  Type:   connection
  Detail: 1.2.3.4: Fetching http://mywebsite.com/.well-known/acme-challenge/_qmCJf-tzJAIst8ZrhEyUIgnh8w2umTgPt_DQGThjc9s: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2024-07-16 17:26:15,787:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-07-16 17:26:15,787:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-07-16 17:26:15,787:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-16 17:26:15,787:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/_qmCJf-tzJAIst8ZrhEyUIgnh8w2umTgPt_DQGThjc9s
2024-07-16 17:26:15,787:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-07-16 17:26:15,787:DEBUG:certbot._internal.log:Exiting abnormally:

This is the last part before error in the /tmp/letsencrypt-log It's saying it's failed to authenticate because of Type: connection, which I assume it can't connect to the website, which would make sense, since the reverse proxy url stops working when the certification happens. (Unless I'm wrong about what Type: connection means)

[F1zzyD]

I'm here with ya. Had no issues for a week and now, once again, NPM is unable to issue certs for me. Domain is up and ready to receive requests, all ports and permissions are good, and I even get an Apache page saying "It Works!" yet NPM says "internal error" I'm wondering if this is another round of problems that we had two or so weeks ago... great....

[badincite]

Sam here any fix?

[F1zzyD]

Sam here any fix?

I got a cert using my cloudflare domain (*.domain.com) and have been using that for all of my forwarding needs. Let's Encrypt is still not letting me get cert for most domains, even for ones I've gotten certs before. Don't bother going to the let's encrypt forums as they'll just say "don't use npm" or "it's a port/permission issue". Never got a helpful answer over there.

[TheUntitledGoose]

I got a cert using my cloudflare domain (*.domain.com) and have been using that for all of my forwarding needs. Let's Encrypt is still not letting me get cert for most domains, even for ones I've gotten certs before. Don't bother going to the let's encrypt forums as they'll just say "don't use npm" or "it's a port/permission issue". Never got a helpful answer over there.

I use freedns which doesn't do that, and rely on let's encrypt. I have yet to find a solution. I've heard using traefik could work or caddy. Haven't tried either yet.

[badincite]

I have cloudfare as well but my stuff doesn't seem to like it. This has been working for years wonder whats happened.

[TheUntitledGoose]

I have cloudfare as well but my stuff doesn't seem to like it. This has been working for years wonder whats happened.

Yeah it used to work. Got me thinking about maybe downgrading? See if you can try that.

[badincite]

I just followed this as a work around https://medium.com/@life-is-short-so-enjoy-it/homelab-nginx-proxy-manager-setup-ssl-certificate-with-domain-name-in-cloudflare-dns-732af64ddc0b

[Chopper1337]

Currently I am working around this by adding a CNAME record on a regular domain such as example.com and pointing that to example.cloudns.org. Then example.cloudns.org points to my dynamic IP address. (With a cron job to update the IP, as normal)

I can then create a certificate as normal for example.com. Of course, this does require owning another domain but it works for now.

[gigadjo]

Hello,

I had same sort of issue, so went back to v2.11.2, but sadly problem continued.

I then realised that, IPv6 to my server had changed, and Certbot used it as primary ip. So, there were problems with http challenge, and certbot failed to operate.

Changed my DNS config, updated back to 2.11.3, ant all works fine. Just my two cents :-)

/joen

[jc21]

DNS plugin issues with Certbot really should be investigated/tested in isolation, this project just calls the certbot command, it doesn't do anything crazy. The only real impact this project can make to help things work is to upgrade the plugin version.

[TheUntitledGoose]

I just ended up buying a domain from Cloudflare and doing a DNS challenge which seems to have worked. Really hoped I could of not had to buy a domain, but oh well, better for long term to have a personal domain.

[TheUntitledGoose]

Figured it out! My router had port forwarding setup, however it wasn't port forwarding? A quick reapply in the settings and everything was how it was before. Guess I have a domain now though.