[Support] Nginx Proxy Manager (NPM) Official

[Kilrah]

45 minutes ago, kim_sv said:

When setting it up on Pihole, how exactly would that be done? My NPM (and all my services) has the same IP as my server and I don’t see a way to point Local DNS to a specific port, only IP.  

You need to direct it to NPM.

NPM will need to be on ports 80/443.

 

For pihole either you enter everything manually in local DNS records or you can make a custom conf in dnsmasq.d that directs the whole domain in one go.

 

Edited January 15, 2023 by Kilrah

[mgutt]

Or do you mean that you can not open your domain through the local IP? Then NPM probably doesn't listen to Port 80 and 443?! This is a requirement (change unRAID to 5000 / 5001) for local DNS rewrite and IPv6.

[Yivey_unraid]

4 hours ago, mgutt said:

Set the network to host or bridge and use the local IP of your unRAID server?!

 

 

I'm sorry, but now you lost me. ELI5... What container should I set to Host or Bridge, and when?

 

4 hours ago, mgutt said:

Or do you mean that you can not open your domain through the local IP? Then NPM probably doesn't listen to Port 80 and 443?! This is a requirement (change unRAID to 5000 / 5001) for local DNS rewrite and IPv6.

No, locally (and remote) everything works fine! 

 

4 hours ago, Kilrah said:

You need to direct it to NPM.

NPM will need to be on ports 80/443.

 

For pihole either you enter everything manually in local DNS records or you can make a custom conf in dnsmasq.d that directs the whole domain in one go.

 

THIS IS IT! (I think...) Thank you!

 

I first tried adding a wildcard domain in the PiHole WEB-UI but didn't get that to work. This above seems to be the solution though! 

 

I added a "02-wildcard-dns.conf" file to /etc/dynmasq.d/ (host path for my PiHole container: /mnt/user/appdata/pihole/dnsmasq.d/).

 

In that conf I added:

address=/mydomain.com/192.168.1.4

 

Then restarted PiHole.

 

Before I started everything I ran this in the Unraid CLI to see where the URL routes to:

nslookup mydomain.com

and that pointed to my public IP. Same result running:

nslookup servicesubdomain.mydomain.com

 

After restarting PiHole and running the same commands they come back to 192.168.1.4

 

So I guess it's working. The subdomains I have setup in NPM shows as normal with a guilty SSL cert when surfing to them locally.

 

Only "downside" is that if I only surf to "mydomain.com" I'm routed to Unraid UI since that's the servers IP, insecure no SSL. Same if I surf to any type of subdomain that not proxied in NPM.

It's only in the local LAN, so not a major issue. Surfing to Unraid UI through the normal IP is equally "open", just feels more hidden. I guess it's just a feeling... I do have a strong root password. 

 

If anyone have any suggestion for this to only work on URLs in NPM I'm all ears. Perhaps wildcard wasn't the right choice.  

 

 

 

 

 

 

 

[Kilrah]

34 minutes ago, kim_sv said:

If anyone have any suggestion for this to only work on URLs in NPM I'm all ears. Perhaps wildcard wasn't the right choice.  

Move unraid UI to other ports than 80/443.

Edited January 15, 2023 by Kilrah

[Yivey_unraid]

31 minutes ago, Kilrah said:

Move unraid UI to other ports than 80/443.

That solved that too! Thanks! 

Edited January 15, 2023 by kim_sv
Spelling

[jmbl]

Please can you help with the setup of Homarr behind Authelia an Nginx Proxy Manager? Thanks

[JBake130]

New to unraid, came from windows using certify the web, which i setup a http-01 for acme challenge for certificate on google domains (not cloud).  Now i am trying to use NPM to request a certificate.  I got http pointing to my overseer.  But I don’t know where to start with getting a certificate to issue with google domains.  Looking at log, it says “some challenged have failed” Anyone have an idea where to start with google domain (not cloud)???

[lsmith5]

I have been experiencing an issue where accessing my Jellyfin & Home Assistant container/vm via NPM (in docker) can soft-lock my unraid server if I have a large amount of bandwidth traveling through it. Accessing the same data using my local IP address does not result in any crashing.

I have way more information and details on another post:

 but it was recommended that I post here as well.

I tried with Caddy and still received the soft-locking (so perhaps its more of a general reverse-proxy issue). But I am able to run NPM on an Ubuntu VM or my Win11 PC pointing to the same Jellyfin/HA instances and it works flawlessly.

Was hoping maybe someone more adept in reverse-proxies/npm could take a look at my thread and see if anything sticks out. Thanks!

[mgutt]

6 hours ago, lsmith5 said:

accessing my Jellyfin & Home Assistant container/vm via NPM (in docker) can soft-lock my unraid server

Try changing all Container paths from /mnt/user to /mnt/cache. Jellyfin paths can be changed to /mnt/disk1/Movie, /mint/disk2/Movie and so on. But this could need a full reindex. By changing to disk paths it avoids a lot of CPU load. But note: This fully bypasses your cache mover settings. So this is only useful for Shares set to only or no. I suggest to combine it with a free min space for alle shares and disks and pools!

 

[lsmith5]

57 minutes ago, mgutt said:

Try changing all Container paths from /mnt/user to /mnt/cache. Jellyfin paths can be changed to /mnt/disk1/Movie, /mint/disk2/Movie and so on. But this could need a full reindex. By changing to disk paths it avoids a lot of CPU load. But note: This fully bypasses your cache mover settings. So this is only useful for Shares set to only or no. I suggest to combine it with a free min space for alle shares and disks and pools!

 

Unfortunately this did not solve the issue. I really do not have much CPU load. Maybe 30-50% max. Thank you for the suggestion

[mgutt]

1 hour ago, lsmith5 said:

Maybe 30-50% max.

The dashboard is "lying" to you. Check with the terminal command htop which processes are running. Especially in the situation when you suffer from the soft lock.

[lsmith5]

3 hours ago, mgutt said:

The dashboard is "lying" to you. Check with the terminal command htop which processes are running. Especially in the situation when you suffer from the soft lock.

Not really unfortunately If I run multiple 4k transcodes locally or on my alternative server NPM, htop also reports between that 30-50%. Here is a screen-grab of the moment it crashed when hosting NPM via unraid's docker service, low CPU usage:

[kasuke]

Hello,

I realised that I was receiving a lot of mails from let's encrypt telling me that my certs will expire soon
I tried to renew by hand certs but always drop error.

I went to the docker and did a

cat /var/log/letsencrypt/letsencrypt.log

here is the result

bash-5.1# cat /var/log/letsencrypt/letsencrypt.log
2023-01-19 23:50:51,060:DEBUG:certbot._internal.main:certbot version: 1.27.0
2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-34', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation']
2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-19 23:50:53,479:DEBUG:certbot._internal.log:Root logging level set at 30
2023-01-19 23:50:53,486:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-34.conf
2023-01-19 23:50:53,535:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x14f7eca8d2b0> and installer <certbot._internal.cli.cli_utils._Default object at 0x14f7eca8d2b0>
2023-01-19 23:50:53,536:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2023-01-19 23:50:53,536:DEBUG:certbot._internal.cli:Var preferred_chain=ISRG Root X1 (set by user).
2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user).
2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var elliptic_curve=secp384r1 (set by user).
2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2023-01-19 23:50:53,538:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2023-01-19 23:50:53,538:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2023-01-19 23:50:53,591:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2023-01-19 23:50:53,592:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-01-19 23:50:53,598:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14f7eca90550>
Prep: True
2023-01-19 23:50:53,598:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14f7eca90550> and installer None
2023-01-19 23:50:53,599:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-01-19 23:50:53,687:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/97301992', new_authzr_uri=None, terms_of_service=None), cfcc4e62d5104fbc422964fd3c9de12a, Meta(creation_dt=datetime.datetime(2020, 9, 22, 10, 45, 47, tzinfo=<UTC>), creation_host='d7b18c68d420', register_to_eff=None))>
2023-01-19 23:50:53,688:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-01-19 23:50:53,691:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-01-19 23:50:54,114:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2023-01-19 23:50:54,115:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:54 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "boArPOo5uHk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-01-19 23:50:54,122:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for my.host.net
2023-01-19 23:50:54,139:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2023-01-19 23:50:54,154:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2023-01-19 23:50:54,157:DEBUG:acme.client:Requesting fresh nonce
2023-01-19 23:50:54,158:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-01-19 23:50:54,297:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-01-19 23:50:54,298:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:54 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEP8xRxBLXGeoZcrMyqcXyJ97lU3iykrCixkfZmERLRis
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-01-19 23:50:54,299:DEBUG:acme.client:Storing nonce: A5FEP8xRxBLXGeoZcrMyqcXyJ97lU3iykrCixkfZmERLRis
2023-01-19 23:50:54,300:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "my.host.net"\n    }\n  ]\n}'
2023-01-19 23:50:54,303:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiQTVGRVA4eFJ4QkxYR2VvWmNyTXlxY1h5Sjk3bFUzaXlrckNpeGtmWm1FUkxSaXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "X4IY07LzjQuIUpVM0QOK1AfzsIB1esBkk-L7Tialv83xcPBtpt-ODqg0V1w_5TknGkD3r0N33-hWkwtJpDycKIvJKyKYxYOIUknapdtjrasrhrzSbDTDS5e7gToAL1c8TXCWc8YBLNApbO6RGRj_5Xtjup0fRhak-rzgra_UMwBitgAl925Drv84_nsDHkISyKLPbVuudhchxlLRfZjOJSlZlub-Tc3Q5sVW1g7bYXPfuSgq_nhfiYizXJpvYKEXta46sLUvLCqBSQhkUnp7Zq7HbkGcCA2SmJy7sd43AL--v-1ZuerNV-BBqeEyEIkLJ2S7XtYJhswV9OkoV3Jvrg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndhcmRlbi5rYXRlY2gubmV0IgogICAgfQogIF0KfQ"
}
2023-01-19 23:50:54,470:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2023-01-19 23:50:54,472:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 19 Jan 2023 22:50:54 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/97301992/159840323717
Replay-Nonce: F977HPI57IUFtlwRbfGvbTnYXQdms-tHB2gnl12OoCk5QTQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-01-26T22:50:54Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "my.host.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/97301992/159840323717"
}
2023-01-19 23:50:54,473:DEBUG:acme.client:Storing nonce: F977HPI57IUFtlwRbfGvbTnYXQdms-tHB2gnl12OoCk5QTQ
2023-01-19 23:50:54,474:DEBUG:acme.client:JWS payload:
b''
2023-01-19 23:50:54,476:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0hQSTU3SVVGdGx3UmJmR3ZiVG5ZWFFkbXMtdEhCMmdubDEyT29DazVRVFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9",
  "signature": "ooBLjfQWDfiIPvWriQYD8GmIbSOdjVepF4gV4B-7WRbX68QmJxbXQXkxmGC29x-iUVP4tjGWD6brC0iRfcUx-9XXVr6JhzMRBgz8enpktp7qLifqcv17RvEW888jZu-iLZzOkzJxfWSB1MLvocVHMOkao1Z0OFIeD4xwyzFpma350cNQJcdXJ7MjJia9_pGw3bzDuNBmPMMkBueDdcsmbVFS60jRDhi16kRrO4SNnztZJcqLnRQ4aL6gVsELUgAa_0hc6Rh8VBeGG9fEDxFMXzqL3CeBNBmUcuKqp8EBTiR24tEtDrnEH_okKFYdLd66oWswNH5kD6Y15-Ue-XSuww",
  "payload": ""
}
2023-01-19 23:50:54,616:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801
2023-01-19 23:50:54,618:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:54 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712xvvXnb89hEu_3KQkLnwayymR4NdT41ErGqNt0Nax1zw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.host.net"
  },
  "status": "pending",
  "expires": "2023-01-26T22:50:54Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    }
  ]
}
2023-01-19 23:50:54,619:DEBUG:acme.client:Storing nonce: 2712xvvXnb89hEu_3KQkLnwayymR4NdT41ErGqNt0Nax1zw
2023-01-19 23:50:54,620:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-01-19 23:50:54,620:INFO:certbot._internal.auth_handler:http-01 challenge for my.host.net
2023-01-19 23:50:54,621:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2023-01-19 23:50:54,621:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2023-01-19 23:50:54,625:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM
2023-01-19 23:50:54,627:DEBUG:acme.client:JWS payload:
b'{}'
2023-01-19 23:50:54,630:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiMjcxMnh2dlhuYjg5aEV1XzNLUWtMbndheXltUjROZFQ0MUVyR3FOdDBOYXgxenciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzE5NjYxNDg3ODg2Ny82bnpLNWcifQ",
  "signature": "B0A_PFhBve87B25kqbM6qAi4g4KYQItqqyz4Yy8qkTNIbw6hu_GLbi0NUXJ77a6RmN5zWdn0ZgGuZQfPw37L964AH98tsj8fnoVraVyLe-yPumFJGD1KRtzVZaP7ebNoxyMyGMmBV_lKkgqy9m4T8I8JnCNLk-L1GUrrEItG2dGcItkErUGNd6upNpL1sfcoIgxHZ13TJdR_4TvVAQl8ZBjL0i2juoj-K7jXbqUuCS3tw847IOQwC0K7aJuBsLxtuKLTHuaMyPfxXayEz3Gv4563j62CG0Bp4O_tLx5Zcwmx2SLDbrQRoKQfj-ZPMIoTpJVbRnBx089NliiyIf9BAQ",
  "payload": "e30"
}
2023-01-19 23:50:54,773:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/196614878867/6nzK5g HTTP/1.1" 200 187
2023-01-19 23:50:54,775:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:54 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g
Replay-Nonce: 2712nqlnrMugVmbfIqNn3d78lo-cSnYtLCXoia9Aw-9H2YI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
  "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
}
2023-01-19 23:50:54,776:DEBUG:acme.client:Storing nonce: 2712nqlnrMugVmbfIqNn3d78lo-cSnYtLCXoia9Aw-9H2YI
2023-01-19 23:50:54,777:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-01-19 23:50:55,779:DEBUG:acme.client:JWS payload:
b''
2023-01-19 23:50:55,785:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiMjcxMm5xbG5yTXVnVm1iZklxTm4zZDc4bG8tY1NuWXRMQ1hvaWE5QXctOUgyWUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9",
  "signature": "tK_yi34Mh-SC2SMo5tLNVxaDhU-YzVkcEu4BI5IoymklmicPlJKJDhoKEGBE0xg6Tspm90m9V9m3MND4_ZzCZ8FRqpsr98YV8Onhv7U2KgKlvbFutXlgLUSeoJnRkD-FW86o0_FUWhGVHpV4S4y802rg-gLRUm21g9UDft5P_nGNA1Q5Q4fA9hQ8J8hJPMe2xeNRW3-_xfrV0xB_dL3-nejryztQ4qvQoxtvSjp_DK4yku2p8LFiultRArLD4d9aHvb1yas2BMSNcN2XbD7Sxw0F4Il4ZedinmC2w3GPcZ_cTDVDEubsTiQGqrWUzmEsKNdDR139CJq-eqQouSRCug",
  "payload": ""
}
2023-01-19 23:50:55,927:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801
2023-01-19 23:50:55,928:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:55 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEHwx4ntAtDM7GO4PgIo8cYi4WG7eUE-qW6by68iyjTYI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.host.net"
  },
  "status": "pending",
  "expires": "2023-01-26T22:50:54Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    }
  ]
}
2023-01-19 23:50:55,929:DEBUG:acme.client:Storing nonce: A5FEHwx4ntAtDM7GO4PgIo8cYi4WG7eUE-qW6by68iyjTYI
2023-01-19 23:50:58,933:DEBUG:acme.client:JWS payload:
b''
2023-01-19 23:50:58,939:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiQTVGRUh3eDRudEF0RE03R080UGdJbzhjWWk0V0c3ZVVFLXFXNmJ5NjhpeWpUWUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9",
  "signature": "S5EeflLmuk3kTOo7KcYg0Qk3DdwFAvMfyXlELoYpUD2vfTtaagBTZgsFR7DSWX8BoMJEEblDE8bIZ1gcpojinPBHytucmwUyKhiT8U5gAEOdXOxpdwz8ub-MS_wACxRypzaWTrAKuWQek0rrSqfnR8VLSJ_84s9XKHQtJlFYWpoLJXE6oZMzo2_r3p8N9AaMVFctO7QJIUoaO-AC_r50okCib0G0oMnrFLOVAez7wQwX03jTMpvQreUNzxvVtqsUDgFmXSr0zrLMXp-Nrvo8G0f0IpURNfZxkudPvVyDx3LuAgeEznUOFAUuMf5Gd4kZ_QKy2K2XqUBu9tKFtjRs4A",
  "payload": ""
}
2023-01-19 23:50:59,085:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801
2023-01-19 23:50:59,087:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:50:59 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977CIdBnXkLMhLauFWsWee65g0Sjt4qKopEjh0u8pzaD9Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.host.net"
  },
  "status": "pending",
  "expires": "2023-01-26T22:50:54Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    }
  ]
}
2023-01-19 23:50:59,088:DEBUG:acme.client:Storing nonce: F977CIdBnXkLMhLauFWsWee65g0Sjt4qKopEjh0u8pzaD9Q
2023-01-19 23:51:02,092:DEBUG:acme.client:JWS payload:
b''
2023-01-19 23:51:02,098:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0NJZEJuWGtMTWhMYXVGV3NXZWU2NWcwU2p0NHFLb3BFamgwdThwemFEOVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9",
  "signature": "bAr3IyaJxFcCVomRVISLdP9qKl0l6dpo6m_nunEkQB87anchXHeeemP3_8mjJjJvQFybNxBr1khw9yg4nllbK6QduhQ6MjV5qMjrErpghLrL33a8SQJOzBHIKYNWlBYoBKk32sYmEmIfka2dAV9cWJsIUHcBXH4d8o7n_PONUMQT-OKXm3hWvXC_z0ZEE8mw7DQdloLRPnkrFJctcjs0XSj4PfbH7Ix_iiaj6FVbZPJyCVt0saoj6PybWCNpF6vCm6Soy8UV4_jbyrg3jC0VfLBffrgDI00C0CJrmlAXT6zMGlsfVenjfJewKC_QxFEsMcg3iwymvSb1T9Zk7SDGXg",
  "payload": ""
}
2023-01-19 23:51:02,241:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801
2023-01-19 23:51:02,243:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:51:02 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977CJnaLdGU1Od_M-vbdzDKAVk6cC1R7CitnreW-MMcpnc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.host.net"
  },
  "status": "pending",
  "expires": "2023-01-26T22:50:54Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM"
    }
  ]
}
2023-01-19 23:51:02,243:DEBUG:acme.client:Storing nonce: F977CJnaLdGU1Od_M-vbdzDKAVk6cC1R7CitnreW-MMcpnc
2023-01-19 23:51:05,246:DEBUG:acme.client:JWS payload:
b''
2023-01-19 23:51:05,251:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0NKbmFMZEdVMU9kX00tdmJkekRLQVZrNmNDMVI3Q2l0bnJlVy1NTWNwbmMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9",
  "signature": "gChvCJzV5hxNCNFp4Q6yBcnVu5YPfIOb5hXWPhWrLX8x7hGZqMPTWm2FwXarzHv1G4adgn_Q3aUEh24pE73KCVB522bE3TNiWEQ-BTEXcCfyzMxPrMFO5wuX8iTwsqP5wTLeixCuOdEynSxNJGglBOfeJf_JNVwaIV_3nJM8Kc67XlGiF27aA05I5q46888i-iLqesqhH3NIgQA7NYSpBsmZPikLDyFgB8kXRJmrxTjy7LU-XsK1SC2dLyP3BXjGNkzRT-Ek2VxTu4cf6E29NqE2xdyZPgp1uiHEvKSdauv7peDs4Qbt4htRfKpII53dQemDhS0oympwzd7as20HDA",
  "payload": ""
}
2023-01-19 23:51:05,391:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 1060
2023-01-19 23:51:05,392:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 19 Jan 2023 22:51:05 GMT
Content-Type: application/json
Content-Length: 1060
Connection: keep-alive
Boulder-Requester: 97301992
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853F3k_3x_syoNGSuO0mWbO2DW7GxhxyiT0ABFzfTUKg5n0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.host.net"
  },
  "status": "invalid",
  "expires": "2023-01-26T22:50:54Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g",
      "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM",
      "validationRecord": [
        {
          "url": "http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM",
          "hostname": "my.host.net",
          "port": "80",
          "addressesResolved": [
            "89.95.42.66"
          ],
          "addressUsed": "89.95.42.66"
        }
      ],
      "validated": "2023-01-19T22:50:54Z"
    }
  ]
}
2023-01-19 23:51:05,393:DEBUG:acme.client:Storing nonce: 853F3k_3x_syoNGSuO0mWbO2DW7GxhxyiT0ABFzfTUKg5n0
2023-01-19 23:51:05,394:INFO:certbot._internal.auth_handler:Challenge failed for domain my.host.net
2023-01-19 23:51:05,395:INFO:certbot._internal.auth_handler:http-01 challenge for my.host.net
2023-01-19 23:51:05,395:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: my.host.net
  Type:   connection
  Detail: 89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-01-19 23:51:05,396:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-01-19 23:51:05,396:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-01-19 23:51:05,397:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-01-19 23:51:05,397:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM
2023-01-19 23:51:05,398:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-01-19 23:51:05,399:ERROR:certbot._internal.renewal:Failed to renew certificate npm-34 with error: Some challenges have failed.
2023-01-19 23:51:05,402:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 484, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1541, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 129, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 344, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-01-19 23:51:05,404:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-01-19 23:51:05,405:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2023-01-19 23:51:05,405:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-34/fullchain.pem (failure)
2023-01-19 23:51:05,405:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-01-19 23:51:05,406:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1630, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2023-01-19 23:51:05,406:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
bash-5.1# date
Thu Jan 19 23:55:35 CET 2023

I don't know what to do ? It used to work well

[mgutt]

1 hour ago, kasuke said:

        "detail": "89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem)",
        "status": 400

 

Did you close port 80? Lets Encrypt can not reach your domain through http.

[kasuke]

it is open but I just realised that it's not my ip address ...

That explain a lot of issue that I got

Edited January 20, 2023 by kasuke

[WillyThunder]

Hello There

 

I got kind of a basic question.

 

I'm using the nginx proxy manager for most of my dockers like nextcloud, homeassistant using a subdomain like cloud.example.com or homeassistant.example.com

 

how do i get the main domain "example.com" to work with a specific docker? I always get the message "example.com is already in use". 

 

Thanks

[mgutt]

18 minutes ago, WillyThunder said:

I always get the message "example.com is already in use". 

Isn't normal. Something is wrong with your npm installation. 

 

The easiest way would be to do a fresh install. Or you need to check the proxy config files in appdata or the npm database itself. Or you open an issue at GitHub and post your logs there.

[GreenEyedMonster]

I give up... I need help and I'm willing to pay for it.  Not much as I work for a non-profit but something!  NPM works great sometimes and the site loads right up... other times it takes forever to load.  I'm seeing this...  They all eventually load up.  On my server they load up automatically like they should.  Any help?  Feel free to PM!

 

Thanks!

[mgutt]

2 hours ago, GreenEyedMonster said:

Any help? 

Check the access and error logs of your proxy host. You find them in NPMs appdata path /data/logs

 

Then check the same logs of the target container.

 

Did you enable any cache settings in NPM for this host? Any advanced configs? Dies this happen for all targets or only for one container?

[GreenEyedMonster]

6 hours ago, mgutt said:

Check the access and error logs of your proxy host. You find them in NPMs appdata path /data/logs

 

Then check the same logs of the target container.

 

Did you enable any cache settings in NPM for this host? Any advanced configs? Dies this happen for all targets or only for one container?

First thank you!


NPM
2023/01/10 16:20:56 [warn] 882#882: *64284 using uninitialized "server" variable while logging request, client: xxx.xxx.xx.x, server: mywebsite.com, request: "HELP"

Target Container
No error log that matches times with NPM.  I'll work on seeing if I can find one that times match up.  

This happens to all of my target containers.  I have the following settings with no advanced configuration: 

[pankie]

I've been using NPM for a few days now with no problem, I was accessing my nextcloud and jellyfin with the reverse proxy and my domain. Today I restarted my server and now the container won't run again. 

I've double checked that there are no invalid paths or anything Can anyone shed some light on this? It simply won't start

I can't access the logs because the container won't start 

[mgutt]

3 hours ago, pankie said:

I can't access the logs because the container won't start 

This happens often if you have two containers using the same ports. Try to stop all other containers and then try to start npm. Does it start then?

 

[WillyThunder]

On 1/20/2023 at 7:46 AM, WillyThunder said:

Hello There

 

I got kind of a basic question.

 

I'm using the nginx proxy manager for most of my dockers like nextcloud, homeassistant using a subdomain like cloud.example.com or homeassistant.example.com

 

how do i get the main domain "example.com" to work with a specific docker? I always get the message "example.com is already in use". 

 

Thanks

 

 

Hi There

 

I got this worked out, passing the traffic from the maindomain to docker is now possible. I can't figure out why i can get a ssl-certificate with a subdomain no problem "cloud.example.com" but I am unable to to this with the maindomain "example.com".

 

Proxy Host is right?

 

 

Edited February 2, 2023 by WillyThunder

[Kilrah]

You typically don't want HSTS, that has pretty complex requirements.

[WillyThunder]

Same message if i uncheck HSTS or HTTP/2 Support or even Force SSL