search

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
22.61k stars 2.63k forks source link

Better error handling - expose exception details to user #3894

Open tomers opened 2 months ago

tomers commented 2 months ago

When trying to request SSL certificate, there was an error cause by the fact that I forgot to add that subdomain in my DNS configuration. So the error was "DNS problem: NXDOMAIN looking up A for wordpress-test.xxxxxx.com - check that a DNS record exists for this domain". However, the use only see some generic error, and is not able to know what the detail of the error, in order to fix it. I think this is a rather big usability issue.

2024-07-24 15:59:50,119:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "wordpress-test.xxxxxx.com"\n    }\n  ]\n}'
2024-07-24 15:59:50,120:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTg1NDAxMzA3NyIsICJub25jZSI6ICJncEJqTF8zaUpkd2EtanhYdHhTU2Zja2xUc3Q0X29USTlJUklzZG9WcEZDLVllaHAtN00iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "IPuOsvQWKhWkrn5ZN3yCE-nGsv5geU-4oodhIeHN5hLUnSd0v4A5G74Sprt_c-RRiXos9m59avy5lde--3nMKey2w6J4wpq-w5B5rs3X4oCtk_ay6wbIhmkGtP_u49OgfkNpZF05gHENCSUJTcUjm2ts4OELyThr3lGaMM2Ikm7gZBkRQU94MMYRU_eb_WHRiHXKMqIh6CAC_RbWdaOD2WqLKIq1OJR0OvorRdsqSncSJ6Eu6ux2Bse7B8vuFKhFsOgS8YOf0iESu6YgGGTOfkDXEJTFciTX9na5FdbLaR4ewR8gJoJTu-viJ_ulZudiQItlp5WA6K3qfEXwivL4kg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvcmRwcmVzcy10ZXN0LnRvbWVycy5jb20iCiAgICB9CiAgXQp9"
}
2024-07-24 15:59:50,445:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 351
2024-07-24 15:59:50,445:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 24 Jul 2024 15:59:52 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 1854013077
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1854013077/290204332577
Replay-Nonce: gpBjL_3irk6JtdgArBvEKzEtLUyG9h4zMN3YWmxx5hmYUDGnhCY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-07-31T15:59:51Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "wordpress-test.xxxxxx.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/381296130707"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1854013077/290204332577"
}
2024-07-24 15:59:50,445:DEBUG:acme.client:Storing nonce: gpBjL_3irk6JtdgArBvEKzEtLUyG9h4zMN3YWmxx5hmYUDGnhCY
2024-07-24 15:59:50,445:DEBUG:acme.client:JWS payload:
b''
2024-07-24 15:59:50,446:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/381296130707:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTg1NDAxMzA3NyIsICJub25jZSI6ICJncEJqTF8zaXJrNkp0ZGdBckJ2RUt6RXRMVXlHOWg0ek1OM1lXbXh4NWhtWVVER25oQ1kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM4MTI5NjEzMDcwNyJ9",
  "signature": "cuPPnYBt8X6KeBUphsvU3zZKD4OtfF2ttcY4nM6JLo26xUcJYqi_uR3Dlc_6u0jk4ajHLFSluiKGZ_twqG7f2n_gk9QJ0lzzknXj7L6fxTrut_u3mIiFn_HYWngRuN2PfDUDkRh4-zU8WxRvLdZf_GkG-BIPvXSJ1OMYbqE2Dp4Z0zhXqtYKeUEAJLEL6CfA7Sj6gVkTyzc3z0FQunceK5CyleGte0pcq8gSS1cTCpMon9ZqIZwgXWzCLGZHkrzdK5Ia9Zcz8DX1Kit_wVlWXJvBAERTGkXsv8RjaaQq1h2cDgKnOnODqE-23ycwwXH02WazuDpZ3wOcLWLl14RIJg",
  "payload": ""
}
2024-07-24 15:59:50,647:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/381296130707 HTTP/1.1" 200 809
2024-07-24 15:59:50,648:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jul 2024 15:59:52 GMT
Content-Type: application/json
Content-Length: 809
Connection: keep-alive
Boulder-Requester: 1854013077
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: biP_gDtCMgXP7alJJeSNf5uqmHe6LRgqq4neqBaepDrKDkaLMmI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "wordpress-test.xxxxxx.com"
  },
  "status": "pending",
  "expires": "2024-07-31T15:59:51Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/YgaNnQ",
      "status": "pending",
      "token": "q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/DRdOcw",
      "status": "pending",
      "token": "q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/oS1bVg",
      "status": "pending",
      "token": "q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24"
    }
  ]
}
2024-07-24 15:59:50,648:DEBUG:acme.client:Storing nonce: biP_gDtCMgXP7alJJeSNf5uqmHe6LRgqq4neqBaepDrKDkaLMmI
2024-07-24 15:59:50,648:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-07-24 15:59:50,648:INFO:certbot._internal.auth_handler:http-01 challenge for wordpress-test.xxxxxx.com
2024-07-24 15:59:50,648:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2024-07-24 15:59:50,648:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2024-07-24 15:59:50,648:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24
2024-07-24 15:59:50,649:DEBUG:acme.client:JWS payload:
b'{}'
2024-07-24 15:59:50,649:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/YgaNnQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTg1NDAxMzA3NyIsICJub25jZSI6ICJiaVBfZ0R0Q01nWFA3YWxKSmVTTmY1dXFtSGU2TFJncXE0bmVxQmFlcERyS0RrYUxNbUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM4MTI5NjEzMDcwNy9ZZ2FOblEifQ",
  "signature": "ZidjOPwTToUeMZ6tx_cTl7c9gmUvTpho2IRhbXNo70uNZd1av73__wz5D6c_TNPiVrlTOj2jIsEAt9SHs4Pybovad0LUP2dgh0naDK0h6jgZkFVXPfs0jUu274wIRaIZ_-PvxH03TC0yYdY2bYeQtHpLMZrffHyMMlDCg0rnmpuiAFNjpFvbukn3cPK98chr7YKY2NfDBpcU_x5ziNABhNbOvXqzkJ24bKj6lkI2Z6LAGKWws1LzDKcPEKI_quImLmQnpBsSceTLjdtdeMF2MB0OeHdpkW8cSOdf6AXrzGI-cIiR6YAl9QpjhOphE9-D9eyGHmGQW_9h8USXCRLi8A",
  "payload": "e30"
}
2024-07-24 15:59:50,878:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/381296130707/YgaNnQ HTTP/1.1" 200 187
2024-07-24 15:59:50,878:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jul 2024 15:59:52 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1854013077
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/381296130707>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/YgaNnQ
Replay-Nonce: gpBjL_3iR_WNgbkQip0zmw7_pRrCY_8e6-ak5uKDgLjfTIJh3H4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/YgaNnQ",
  "status": "pending",
  "token": "q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24"
}
2024-07-24 15:59:50,879:DEBUG:acme.client:Storing nonce: gpBjL_3iR_WNgbkQip0zmw7_pRrCY_8e6-ak5uKDgLjfTIJh3H4
2024-07-24 15:59:50,879:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-07-24 15:59:51,879:DEBUG:acme.client:JWS payload:
b''
2024-07-24 15:59:51,880:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/381296130707:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTg1NDAxMzA3NyIsICJub25jZSI6ICJncEJqTF8zaVJfV05nYmtRaXAwem13N19wUnJDWV84ZTYtYWs1dUtEZ0xqZlRJSmgzSDQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM4MTI5NjEzMDcwNyJ9",
  "signature": "lWMmoN4RxVeeJR9rz1DAaV1hRT7pudnrKu5QOFhX5eY91GyG_5KrcYZDeq2KSKFf-RGQf_av31JjLHhejEb6sK1govUzuSovTAJ-LfGxmqRjFUV0N6r1NwiYiIMm8mQE7_paEeuCy-Bkb94V2D6Ypndm3rN8pLn9As8MQ3FoJidEkEwIlp4L9PNnQxeSOA6MMNFGETUUm-O41XlN5WOQX6AnQxqPkZZzW4iBvkMUqCZ7U341gwHGWkCHg9xAANGCWyZQrHY68uVSaYmdqFW1QhRSWWOqsYzKL3a1aqTFtb6VOiRIHtiC4eIczR-h5OJpY_mEbLLbst6ioqJ-53BfrA",
  "payload": ""
}
2024-07-24 15:59:52,071:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/381296130707 HTTP/1.1" 200 774
2024-07-24 15:59:52,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jul 2024 15:59:53 GMT
Content-Type: application/json
Content-Length: 774
Connection: keep-alive
Boulder-Requester: 1854013077
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: biP_gDtC3XPC--icuq9AYwYWDE4eTj0IQ49OvV_kfZDSAaZJusA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "wordpress-test.xxxxxx.com"
  },
  "status": "invalid",
  "expires": "2024-07-31T15:59:51Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/381296130707/YgaNnQ",
      "status": "invalid",
      "validated": "2024-07-24T15:59:52Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up A for wordpress-test.xxxxxx.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for wordpress-test.xxxxxx.com - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "xxxxxxxxxxxxxxxxxx"
    }
  ]
}
2024-07-24 15:59:52,071:DEBUG:acme.client:Storing nonce: biP_gDtC3XPC--icuq9AYwYWDE4eTj0IQ49OvV_kfZDSAaZJusA
2024-07-24 15:59:52,071:INFO:certbot._internal.auth_handler:Challenge failed for domain wordpress-test.xxxxxx.com
2024-07-24 15:59:52,071:INFO:certbot._internal.auth_handler:http-01 challenge for wordpress-test.xxxxxx.com
2024-07-24 15:59:52,071:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: wordpress-test.xxxxxx.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for wordpress-test.xxxxxx.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for wordpress-test.xxxxxx.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2024-07-24 15:59:52,072:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-07-24 15:59:52,072:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-07-24 15:59:52,072:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-24 15:59:52,072:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/q6lInG_iOPt6dQxiiO55pxcIhC4izLIl7E_61QH6v24
2024-07-24 15:59:52,072:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-07-24 15:59:52,072:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-07-24 15:59:52,073:ERROR:certbot._internal.log:Some challenges have failed.

Using version 2.11.3. Using docker jc21/nginx-proxy-manager:latest, sha256:28147ecda6596be570548a7f81be5bc8eb487a3e3a7d6dca8595b612db1a92d5 from 2024-07-01 14:43:50.