search

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
22.61k stars 2.63k forks source link

DuckDNS SSL certificate challange failed #3913

Closed skywalker478 closed 2 months ago

skywalker478 commented 2 months ago

Checklist

Describe the bug

Generating SSL Certificate using DuckDNS DNS Challenge results in internal error. Further details show that 'Some challenges have failed'.

Nginx Proxy Manager Version

v2.11.3

To Reproduce Steps to reproduce the behavior:

  1. Go to 'SSL Certificates'
  2. Click on 'Add SSL Certificate > Let's Encrypt'
  3. Fill out necessary information
  4. See error

Expected behavior

It should have generated the ssl certificate as it used to do before.

Screenshots

2024-08-02 19_36_30-Nginx Proxy Manager — LibreWolf

Operating System

Arch linux

I would very much appreciate any help and thanks in advance.

IntrovertedCoder commented 2 months ago

I'm not sure if this is going to fix your issue but it seemed to fix mine, what I had to do was:

  1. read the log file. docker exec [docker container name] cat /tmp/letsencrypt-log/letsencrypt.log
  2. scroll up until you see something along the lines of: 
    {
"identifier": {
"type": "dns",
"value": "[domain].duckdns.org"
},
"status": "invalid",
"expires": "2024-08-09T19:03:54Z",
"challenges": [
{
  "type": "dns-01",
  "url": "[ignore]",
  "status": "invalid",
  "validated": "2024-08-02T19:05:55Z",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"ZxdIfbptc2CqbXH9wyfQd30n_h_2AO7kth9Cf30bdm8\" found at _acme-challenge.[domainx.duckdns.org",
    "status": 403
  },
  "token": "[ignore]"
}
],
"wildcard": true
}
    1. And then follow the instructions here under TXT Record API, replacing &txt={YOURVALUE} with &txt=ZxdIfbptc2CqbXH9wyfQd30n_h_2AO7kth9Cf30bdm8 in this example.

In the end for this example the command to run would be

curl https://www.duckdns.org/update?domains={YOURVALUE}&token={YOURVALUE}&txt=ZxdIfbptc2CqbXH9wyfQd30n_h_2AO7kth9Cf30bdm8

You can confirm this worked by running

dig [domain].duckdns.org TXT

Let me know if I can provide some more explanations.

skywalker478 commented 2 months ago

Thank you for your reply. From what I can gather from the logs, I am facing lookup error. I would be glad if you could provide your opinion on this.


{
  "identifier": {
    "type": "dns",
    "value": "skyreach.duckdns.org"
  },
  "status": "invalid",
  "expires": "2024-08-09T13:33:53Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/385125013997/Srn6aQ",
      "status": "invalid",
      "validated": "2024-08-02T13:35:55Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: SERVFAIL looking up CAA for skyreach.duckdns.org - the domain's nameservers may be malfunctioning",
        "status": 400
      },
      "token": "SEiQYTOYCC0-2DNAbV7krNSPz_8tF-c1ATptH4-JrMQ",
      "validationRecord": [
        {
          "hostname": "skyreach.duckdns.org"
        }
      ]
    }
  ]
}
skywalker478 commented 2 months ago

I don't know what happened but it's working suddenly. Thank God, I guess.