search

jlesage / docker-nginx-proxy-manager

Docker container for Nginx Proxy Manager
MIT License
780 stars 176 forks source link

Gererating an SSL certificate, internal error occured #132

Open josegomera opened 4 years ago

josegomera commented 4 years ago

Hi, I'm trying to generate an SSL certificate but an internal error showed up. I opened the corresponding ports on my router but doesn't work. I'm using freenom as a domain provider.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 00-app-niceness.sh: executing... [cont-init.d] 00-app-niceness.sh: exited 0. [cont-init.d] 00-app-script.sh: executing... [cont-init.d] 00-app-script.sh: exited 0. [cont-init.d] 00-app-user-map.sh: executing... [cont-init.d] 00-app-user-map.sh: exited 0. [cont-init.d] 00-clean-logmonitor-states.sh: executing... [cont-init.d] 00-clean-logmonitor-states.sh: exited 0. [cont-init.d] 00-clean-tmp-dir.sh: executing... [cont-init.d] 00-clean-tmp-dir.sh: exited 0. [cont-init.d] 00-set-app-deps.sh: executing... [cont-init.d] 00-set-app-deps.sh: exited 0. [cont-init.d] 00-set-home.sh: executing... [cont-init.d] 00-set-home.sh: exited 0. [cont-init.d] 00-take-config-ownership.sh: executing... [cont-init.d] 00-take-config-ownership.sh: exited 0. [cont-init.d] 00-xdg-runtime-dir.sh: executing... [cont-init.d] 00-xdg-runtime-dir.sh: exited 0. [cont-init.d] 90-db-upgrade.sh: executing... [cont-init.d] 90-db-upgrade.sh: exited 0. [cont-init.d] nginx-proxy-manager.sh: executing...
[cont-init.d] nginx-proxy-manager.sh: exited 0. [cont-init.d] done. [services.d] starting services [services.d] starting s6-fdholderd... [services.d] starting logrotate... [services.d] starting logmonitor... [services.d] starting nginx... [logrotate] starting... [logmonitor] no file to monitor: disabling service... [services.d] starting cert_cleanup... [nginx] starting... [services.d] starting statusmonitor... [cert_cleanup] starting... [statusmonitor] no file to monitor: disabling service... [services.d] starting app... [app] starting Nginx Proxy Manager... [services.d] done. [cert_cleanup] ---------------------------------------------------------- [cert_cleanup] Let's Encrypt certificates cleanup - 2020/11/11 00:06:43 [cert_cleanup] ---------------------------------------------------------- [cert_cleanup] Deleting /etc/letsencrypt/csr/0000_csr-certbot.pem. [cert_cleanup] Deleting /etc/letsencrypt/keys/0000_key-certbot.pem. [cert_cleanup] 0 file(s) kept. [cert_cleanup] 2 file(s) deleted. Current database version: none Fetching IP Ranges from online services... Fetching https://ip-ranges.amazonaws.com/ip-ranges.json Fetching https://www.cloudflare.com/ips-v4 Fetching https://www.cloudflare.com/ips-v6 Let's Encrypt Renewal Timer initialized Renewing SSL certs close to expiry... IP Ranges Renewal Timer initialized Backend PID 707 listening on port 3000 ... Reloading Nginx Renew Complete Certificate is not valid (Command failed: openssl x509 -in /etc/letsencrypt/live/npm-5/fullchain.pem -subject -noout Can't open /etc/letsencrypt/live/npm-5/fullchain.pem for reading, No such file or directory 140285929815368:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/letsencrypt/live/npm-5/fullchain.pem','r') 140285929815368:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load certificate ) QueryBuilder#allowEager method is deprecated. You should use allowGraph instead. allowEager method will be removed in 3.0 QueryBuilder#eager method is deprecated. You should use the withGraphFetched method instead. eager method will be removed in 3.0 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 Renewing Let'sEncrypt certificates for Cert #5: heimdall-dashboard.ddns.net Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-5" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /var/log/letsencrypt/letsencrypt.log No certificate found with name npm-5 (expected /etc/letsencrypt/renewal/npm-5.conf). 

  Reloading Nginx 
  Reloading Nginx

Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 Reloading Nginx Requesting Let'sEncrypt certificates for Cert #6: heimdall-dashboard.technoboy.tk Reloading Nginx Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --email "josemerchol.07@gmail.com" --preferred-challenges "dns,http" --domains "heimdall-dashboard.technoboy.tk" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for heimdall-dashboard.technoboy.tk Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain heimdall-dashboard.technoboy.tk http-01 challenge for heimdall-dashboard.technoboy.tk Cleaning up challenges Some challenges have failed. 

  Reloading Nginx 
  Requesting Let'sEncrypt certificates for Cert #7: heimdall-dashboard.technoboy.tk 
  Reloading Nginx 
  Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --email "josemerchol.07@gmail.com" --preferred-challenges "dns,http" --domains "heimdall-dashboard.technoboy.tk"

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for heimdall-dashboard.technoboy.tk Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain heimdall-dashboard.technoboy.tk http-01 challenge for heimdall-dashboard.technoboy.tk Cleaning up challenges Some challenges have failed. 

  Revoking Let'sEncrypt certificates for Cert #5: heimdall-dashboard.ddns.net 
  Revoking Let'sEncrypt certificates for Cert #6: heimdall-dashboard.technoboy.tk 
  Renewing Let'sEncrypt certificates for Cert #7: heimdall-dashboard.technoboy.tk 
  Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --preferred-challenges "dns,http" --disable-hook-validation

Saving debug log to /var/log/letsencrypt/letsencrypt.log No certificate found with name npm-7 (expected /etc/letsencrypt/renewal/npm-7.conf). 

  Reloading Nginx 
  Revoking Let'sEncrypt certificates for Cert #7: heimdall-dashboard.technoboy.tk 
  Reloading Nginx 
  Requesting Let'sEncrypt certificates for Cert #8: heimdall-dashboard.technoboy.tk 
  Reloading Nginx 
  Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-8" --agree-tos --email "josemerchol.07@gmail.com" --preferred-challenges "dns,http" --domains "heimdall-dashboard.technoboy.tk"

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for heimdall-dashboard.technoboy.tk Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain heimdall-dashboard.technoboy.tk http-01 challenge for heimdall-dashboard.technoboy.tk Cleaning up challenges Some challenges have failed. 

  Renewing Let'sEncrypt certificates for Cert #8: heimdall-dashboard.technoboy.tk 
  Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-8" --preferred-challenges "dns,http" --disable-hook-validation

Saving debug log to /var/log/letsencrypt/letsencrypt.log No certificate found with name npm-8 (expected /etc/letsencrypt/renewal/npm-8.conf). 

  Reloading Nginx 
  Reloading Nginx 
  Reloading Nginx 
  Reloading Nginx 
  Revoking Let'sEncrypt certificates for Cert #8: heimdall-dashboard.technoboy.tk 
  Reloading Nginx 
  Requesting Let'sEncrypt certificates for Cert #9: heimdall-dashboard.technoboy.tk 
  Reloading Nginx 
  Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-9" --agree-tos --email "josemerchol.07@gmail.com" --preferred-challenges "dns,http" --domains "heimdall-dashboard.technoboy.tk"

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for heimdall-dashboard.technoboy.tk Using the webroot path /config/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain heimdall-dashboard.technoboy.tk http-01 challenge for heimdall-dashboard.technoboy.tk Cleaning up challenges Some challenges have failed.

jlesage commented 3 years ago

You should have a look at letsencrypt.log to get more details on the failure.

wiebereu commented 3 years ago

I also have problems with letsencrypt. If i request a new certificate i get an internal error in Nginx. I don't know if it has anything to do with the fact that i have an Synology NAS which i use quite often to generate certificates from Lets Encrypt. I think that it shouldn't matter which tool you use to request for a certificate. I also could not find any log file in the var/ log/ letsencrypt folder. There is no letsencryptfolder in the Log folder of Var.

jlesage commented 3 years ago

Only one application on a device can generate Let's Encrypt certificates. The Let's Encrypt server needs to fetch information from your device over port 80. Obviously, only one application can serve/listen on port 80. So if your Synology itself is doing it, Nginx Proxy Manager won't be able to also do it.