Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Internal error when requesting new certificate
See original GitHub issueHi, I get an “internal error” when I try to request a ssl certificate after setting up a proxy host. It was working fine in july (I’ve created multiple host with working certificate the 16th july 2021), but now it seems to be broken. I’m running NPM on a raspberry pi, inside Docker (alongside Watchtower, AdGuard Home and Portainer other containers). Being not very good at docker things and ssh command, I manage my container with Portainer GUI.
I’ve try to find a similar issue here, but without succes. Here are the first clues I can provide to you (sorry for my english from France).
My router is ok, 80 and 443 redirected to my Pi. I can reach some services from outside my network.
So my images : jc21/nginx-proxy-manager:latest yobasystems/alpine-mariadb:10.4.17-arm32v7 (I try with :latest, but never get it working. I finally found some advice online saying that on the raspberry pi, you have to use this version. It works for me, but if you have advice, I will take it.
NPM container settings :
When I try to get the certificate, here are the logs inside Portainer :
[8/30/2021] [8:31:40 PM] [Nginx] › ℹ info Reloading Nginx
[8/30/2021] [8:31:40 PM] [SSL] › ℹ info Requesting Let'sEncrypt certificates for Cert #22: rss.mydomain.fr
[8/30/2021] [8:31:40 PM] [SSL] › ℹ info Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --authenticator webroot --email "my@mail.com" --preferred-challenges "dns,http" --domains "rss.mydomain.fr"
[8/30/2021] [8:31:52 PM] [Nginx ] › ℹ info Reloading Nginx
[8/30/2021] [8:31:52 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --authenticator webroot --email "my@mail.com" --preferred-challenges "dns,http" --domains "rss.mydomain.fr"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb59d5eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Inside the console, if I run certbot renew, I get :
[root@docker-f244e925705b:/app]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/npm-1.conf
Certificate not yet due for renewal
Processing /etc/letsencrypt/renewal/npm-2.conf
Certificate not yet due for renewal
Processing /etc/letsencrypt/renewal/npm-3.conf
Certificate not yet due for renewal
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/npm-1/fullchain.pem expires on 2021-10-14 (skipped)
/etc/letsencrypt/live/npm-2/fullchain.pem expires on 2021-10-14 (skipped)
/etc/letsencrypt/live/npm-3/fullchain.pem expires on 2021-10-14 (skipped)
No renewals were attempted.
Those certificate correspond (I guess) to the working certificate I’ve already set up the 16th july 2021 and which are valid until october.
After that, I’m a bit lost. I don’t know how to reach the Lets’Encrypt log, or other specific log which could be useful.
Thanks for your help.
(edit : clarify syntax, anonymised personnal email and domain)
Issue Analytics
- State:
- Created 2 years ago
- Comments:13
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @thebiblelover7 , thanks again for your tip, it force me to go back to the basics (which I did’nt master apparently). So I was only getting ping respond for 8.8.8.8 but not from google.com. After settings the DNS of the host, I’ve search how to force the DNS of the docker container and found that guide online : https://robinwinslow.uk/fix-docker-networking-dns
You can set the default DNS settings options for the docker daemon by creating a daemon configuration file at /etc/docker/daemon.json.
I’ve choosed to completely “overpassed” my AdGuardHome DNS (running on another container on the same raspberry pi) to see if it could be the problem (so Cloudflare as primary, and Google as secondary DNS) And with that settings (and maybe in addition with the previous one made on /etc/dhcpcd.conf), everything is now working as expected. Hourra !
I’ve successfully setup a wildcard certificate for my domain (with the DNS challenge). A’ve also tested LinuxServer SWAG, and it was giving me the same error until I set the daemon.json files.
So thank you again for your help 😃
(may I try a last thing : what is your advice about the network config : with only AdGuard Home, watchtower (mode notify only) and NPM on the Pi, should I run NPM under the bridge network or under the specific network created by Portainer when I deployed the stack ? (see capture attached of my current config).
@S1M8N This is not a nginx-proxy-manager issue, please pass this on to portainer/docker