hassio-addons / addon-nginx-proxy-manager

Nginx Proxy Manager - Home Assistant Community Add-ons
https://addons.community
MIT License
315 stars 101 forks source link

Still getting "internal error" when trying to install a let's encrypt certificat. See also #517 #554

Open jondor opened 3 months ago

jondor commented 3 months ago

Hmm.. bot seems to think that if nobody says anything, the issue has magically disappeared. But no. Sorry, the usual unhelpful "internal error"

Trying to renew the let's encrypt key on my generic-x86-64 HA system. -->8-- [4/1/2024] [7:31:42 PM] [Nginx ] › ⬤ debug Deleting file: /config/nginx/proxy_host/1.conf [4/1/2024] [7:31:42 PM] [Nginx ] › ⬤ debug Deleting file: /config/nginx/proxy_host/1.conf.err [4/1/2024] [7:31:42 PM] [Nginx ] › ⬤ debug Could not delete file: { "errno": -2, "syscall": "unlink", "code": "ENOENT", "path": "/config/nginx/proxy_host/1.conf.err" } [4/1/2024] [7:31:42 PM] [Nginx ] › ℹ info Reloading Nginx [4/1/2024] [7:31:42 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates via TransIP for Cert #13: emby.frappe4all.nl [4/1/2024] [7:31:42 PM] [SSL ] › ℹ info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_transip_username = jondor dns_transip_key_file = /ssl/transip-rsa.key' > '/etc/letsencrypt/credentials/credentials-13' && chmod 600 '/etc/letsencrypt/credentials/credentials-13' && pip install certbot-dns-transip~=0.4.3 && certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-13" --agree-tos --email "gerhard@xxx.nl" --domains "emby.xxx.nl" --authenticator dns-transip --dns-transip-credentials "/etc/letsencrypt/credentials/credentials-13" [4/1/2024] [7:31:45 PM] [Nginx ] › ℹ info Reloading Nginx [4/1/2024] [7:31:45 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-13" --agree-tos --email "gerhard@xxx.nl" --domains "emby.xxx.nl" --authenticator dns-transip --dns-transip-credentials "/etc/letsencrypt/credentials/credentials-13" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Encountered exception during recovery: RuntimeError: The private key doesn't exist An unexpected error occurred: RuntimeError: The private key doesn't exist Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. -->8--

The folders mentioned are not there, neither is the logfile in the /tmp (or anywhere else on the system for that matter). The private key is where the system, according to the log file, expects it and the name is correct. Non of the folders and files which are made and copied too in the /etc folder are there which also makes rerunning certbot -v difficult.

If there's anything else I could check I more than willen to give it a go, but lacking useful info I'm stuck for now.

luccajan commented 2 months ago

I used the DNS challange option and that worked for me

dtcu8ey6p41w commented 1 month ago

After the reset of NPM I had to renew my let's encrypt certificate and it took me hours and hours before I got it working. I constantly got the same error as you and I searched forever for an solution. In the issue that is closed now I finally found the solution for me. The solution Joukio gave works for me and if this does not work for you it maybe helps others in the future solving their problem.

This is the information I filled in:

image

Log in at Transip and go to the page where you can create an API key. Save the Key Pair in a file named transip-rsa.key Fill in your Transip username at Credentials File Content (set the Propagation Seconds to a high number to prevent a timeout) Now the part that drove me insane. Wherever I placed the file I kept getting the error: RuntimeError: The private key doesn't exist Untill I placed the file in /addon_configs/a0d7b954_nginxproxymanager/letsencrypt

image

Now I can save the request in Nginx proxy manager and after a minute or 2 my SSL certificate is created.

I hope this will help some people.

gigatexel commented 1 month ago

Same issue here, but with GoDaddy. I cannot even create additional certs using non-dns challenge.

AccessRetrieved commented 3 weeks ago

Same issue here, but with GoDaddy. I cannot even create additional certs using non-dns challenge.

Omg same. This thing is driving me crazy. been trying to crack it for days now. Keeps generating errors and the underlying logs say that I've reached the maximum limit and had to wait (but it failed for the first time too).

I got the fullchain and privkey certificates working by certbot but can't figure out a way to upload custom ssl certificates.

gschmidl commented 1 week ago

Renewal or creation of new certificates not working for me using LetsEncrypt. "The DNS response does not contain an answer to the question: [hostname].duckdns.org. IN TXT"