Kilrah Posted January 15 Share Posted January 15 (edited) 45 minutes ago, kim_sv said: When setting it up on Pihole, how exactly would that be done? My NPM (and all my services) has the same IP as my server and I don’t see a way to point Local DNS to a specific port, only IP. You need to direct it to NPM. NPM will need to be on ports 80/443. For pihole either you enter everything manually in local DNS records or you can make a custom conf in dnsmasq.d that directs the whole domain in one go. Edited January 15 by Kilrah 1 Quote Link to comment
mgutt Posted January 15 Author Share Posted January 15 Or do you mean that you can not open your domain through the local IP? Then NPM probably doesn't listen to Port 80 and 443?! This is a requirement (change unRAID to 5000 / 5001) for local DNS rewrite and IPv6. Quote Link to comment
Yivey_unraid Posted January 15 Share Posted January 15 4 hours ago, mgutt said: Set the network to host or bridge and use the local IP of your unRAID server?! I'm sorry, but now you lost me. ELI5... What container should I set to Host or Bridge, and when? 4 hours ago, mgutt said: Or do you mean that you can not open your domain through the local IP? Then NPM probably doesn't listen to Port 80 and 443?! This is a requirement (change unRAID to 5000 / 5001) for local DNS rewrite and IPv6. No, locally (and remote) everything works fine! 4 hours ago, Kilrah said: You need to direct it to NPM. NPM will need to be on ports 80/443. For pihole either you enter everything manually in local DNS records or you can make a custom conf in dnsmasq.d that directs the whole domain in one go. THIS IS IT! (I think...) Thank you! I first tried adding a wildcard domain in the PiHole WEB-UI but didn't get that to work. This above seems to be the solution though! I added a "02-wildcard-dns.conf" file to /etc/dynmasq.d/ (host path for my PiHole container: /mnt/user/appdata/pihole/dnsmasq.d/). In that conf I added: address=/mydomain.com/192.168.1.4 Then restarted PiHole. Before I started everything I ran this in the Unraid CLI to see where the URL routes to: nslookup mydomain.com and that pointed to my public IP. Same result running: nslookup servicesubdomain.mydomain.com After restarting PiHole and running the same commands they come back to 192.168.1.4 So I guess it's working. The subdomains I have setup in NPM shows as normal with a guilty SSL cert when surfing to them locally. Only "downside" is that if I only surf to "mydomain.com" I'm routed to Unraid UI since that's the servers IP, insecure no SSL. Same if I surf to any type of subdomain that not proxied in NPM. It's only in the local LAN, so not a major issue. Surfing to Unraid UI through the normal IP is equally "open", just feels more hidden. I guess it's just a feeling... I do have a strong root password. If anyone have any suggestion for this to only work on URLs in NPM I'm all ears. Perhaps wildcard wasn't the right choice. Quote Link to comment
Kilrah Posted January 15 Share Posted January 15 (edited) 34 minutes ago, kim_sv said: If anyone have any suggestion for this to only work on URLs in NPM I'm all ears. Perhaps wildcard wasn't the right choice. Move unraid UI to other ports than 80/443. Edited January 15 by Kilrah 1 Quote Link to comment
Yivey_unraid Posted January 15 Share Posted January 15 (edited) 31 minutes ago, Kilrah said: Move unraid UI to other ports than 80/443. That solved that too! Thanks! Edited January 15 by kim_sv Spelling Quote Link to comment
jmbl Posted January 17 Share Posted January 17 Please can you help with the setup of Homarr behind Authelia an Nginx Proxy Manager? Thanks Quote Link to comment
JBake130 Posted January 17 Share Posted January 17 New to unraid, came from windows using certify the web, which i setup a http-01 for acme challenge for certificate on google domains (not cloud). Now i am trying to use NPM to request a certificate. I got http pointing to my overseer. But I don’t know where to start with getting a certificate to issue with google domains. Looking at log, it says “some challenged have failed” Anyone have an idea where to start with google domain (not cloud)??? Quote Link to comment
lsmith5 Posted January 18 Share Posted January 18 I have been experiencing an issue where accessing my Jellyfin & Home Assistant container/vm via NPM (in docker) can soft-lock my unraid server if I have a large amount of bandwidth traveling through it. Accessing the same data using my local IP address does not result in any crashing. I have way more information and details on another post: but it was recommended that I post here as well. I tried with Caddy and still received the soft-locking (so perhaps its more of a general reverse-proxy issue). But I am able to run NPM on an Ubuntu VM or my Win11 PC pointing to the same Jellyfin/HA instances and it works flawlessly. Was hoping maybe someone more adept in reverse-proxies/npm could take a look at my thread and see if anything sticks out. Thanks! Quote Link to comment
mgutt Posted January 18 Author Share Posted January 18 6 hours ago, lsmith5 said: accessing my Jellyfin & Home Assistant container/vm via NPM (in docker) can soft-lock my unraid server Try changing all Container paths from /mnt/user to /mnt/cache. Jellyfin paths can be changed to /mnt/disk1/Movie, /mint/disk2/Movie and so on. But this could need a full reindex. By changing to disk paths it avoids a lot of CPU load. But note: This fully bypasses your cache mover settings. So this is only useful for Shares set to only or no. I suggest to combine it with a free min space for alle shares and disks and pools! 1 Quote Link to comment
lsmith5 Posted January 18 Share Posted January 18 57 minutes ago, mgutt said: Try changing all Container paths from /mnt/user to /mnt/cache. Jellyfin paths can be changed to /mnt/disk1/Movie, /mint/disk2/Movie and so on. But this could need a full reindex. By changing to disk paths it avoids a lot of CPU load. But note: This fully bypasses your cache mover settings. So this is only useful for Shares set to only or no. I suggest to combine it with a free min space for alle shares and disks and pools! Unfortunately this did not solve the issue. I really do not have much CPU load. Maybe 30-50% max. Thank you for the suggestion Quote Link to comment
mgutt Posted January 18 Author Share Posted January 18 1 hour ago, lsmith5 said: Maybe 30-50% max. The dashboard is "lying" to you. Check with the terminal command htop which processes are running. Especially in the situation when you suffer from the soft lock. Quote Link to comment
lsmith5 Posted January 19 Share Posted January 19 3 hours ago, mgutt said: The dashboard is "lying" to you. Check with the terminal command htop which processes are running. Especially in the situation when you suffer from the soft lock. Not really unfortunately If I run multiple 4k transcodes locally or on my alternative server NPM, htop also reports between that 30-50%. Here is a screen-grab of the moment it crashed when hosting NPM via unraid's docker service, low CPU usage: Quote Link to comment
kasuke Posted January 19 Share Posted January 19 Hello, I realised that I was receiving a lot of mails from let's encrypt telling me that my certs will expire soon I tried to renew by hand certs but always drop error. I went to the docker and did a cat /var/log/letsencrypt/letsencrypt.log here is the result bash-5.1# cat /var/log/letsencrypt/letsencrypt.log 2023-01-19 23:50:51,060:DEBUG:certbot._internal.main:certbot version: 1.27.0 2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-34', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation'] 2023-01-19 23:50:51,061:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2023-01-19 23:50:53,479:DEBUG:certbot._internal.log:Root logging level set at 30 2023-01-19 23:50:53,486:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-34.conf 2023-01-19 23:50:53,535:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x14f7eca8d2b0> and installer <certbot._internal.cli.cli_utils._Default object at 0x14f7eca8d2b0> 2023-01-19 23:50:53,536:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user). 2023-01-19 23:50:53,536:DEBUG:certbot._internal.cli:Var preferred_chain=ISRG Root X1 (set by user). 2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user). 2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var elliptic_curve=secp384r1 (set by user). 2023-01-19 23:50:53,537:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user). 2023-01-19 23:50:53,538:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user). 2023-01-19 23:50:53,538:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user). 2023-01-19 23:50:53,591:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal... 2023-01-19 23:50:53,592:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2023-01-19 23:50:53,598:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: Authenticator, Plugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14f7eca90550> Prep: True 2023-01-19 23:50:53,598:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14f7eca90550> and installer None 2023-01-19 23:50:53,599:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2023-01-19 23:50:53,687:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/97301992', new_authzr_uri=None, terms_of_service=None), cfcc4e62d5104fbc422964fd3c9de12a, Meta(creation_dt=datetime.datetime(2020, 9, 22, 10, 45, 47, tzinfo=<UTC>), creation_host='d7b18c68d420', register_to_eff=None))> 2023-01-19 23:50:53,688:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2023-01-19 23:50:53,691:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2023-01-19 23:50:54,114:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659 2023-01-19 23:50:54,115:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:54 GMT Content-Type: application/json Content-Length: 659 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "boArPOo5uHk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2023-01-19 23:50:54,122:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for my.host.net 2023-01-19 23:50:54,139:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem 2023-01-19 23:50:54,154:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem 2023-01-19 23:50:54,157:DEBUG:acme.client:Requesting fresh nonce 2023-01-19 23:50:54,158:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2023-01-19 23:50:54,297:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2023-01-19 23:50:54,298:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:54 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: A5FEP8xRxBLXGeoZcrMyqcXyJ97lU3iykrCixkfZmERLRis X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2023-01-19 23:50:54,299:DEBUG:acme.client:Storing nonce: A5FEP8xRxBLXGeoZcrMyqcXyJ97lU3iykrCixkfZmERLRis 2023-01-19 23:50:54,300:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "my.host.net"\n }\n ]\n}' 2023-01-19 23:50:54,303:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiQTVGRVA4eFJ4QkxYR2VvWmNyTXlxY1h5Sjk3bFUzaXlrckNpeGtmWm1FUkxSaXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "X4IY07LzjQuIUpVM0QOK1AfzsIB1esBkk-L7Tialv83xcPBtpt-ODqg0V1w_5TknGkD3r0N33-hWkwtJpDycKIvJKyKYxYOIUknapdtjrasrhrzSbDTDS5e7gToAL1c8TXCWc8YBLNApbO6RGRj_5Xtjup0fRhak-rzgra_UMwBitgAl925Drv84_nsDHkISyKLPbVuudhchxlLRfZjOJSlZlub-Tc3Q5sVW1g7bYXPfuSgq_nhfiYizXJpvYKEXta46sLUvLCqBSQhkUnp7Zq7HbkGcCA2SmJy7sd43AL--v-1ZuerNV-BBqeEyEIkLJ2S7XtYJhswV9OkoV3Jvrg", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndhcmRlbi5rYXRlY2gubmV0IgogICAgfQogIF0KfQ" } 2023-01-19 23:50:54,470:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341 2023-01-19 23:50:54,472:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 19 Jan 2023 22:50:54 GMT Content-Type: application/json Content-Length: 341 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/97301992/159840323717 Replay-Nonce: F977HPI57IUFtlwRbfGvbTnYXQdms-tHB2gnl12OoCk5QTQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2023-01-26T22:50:54Z", "identifiers": [ { "type": "dns", "value": "my.host.net" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/97301992/159840323717" } 2023-01-19 23:50:54,473:DEBUG:acme.client:Storing nonce: F977HPI57IUFtlwRbfGvbTnYXQdms-tHB2gnl12OoCk5QTQ 2023-01-19 23:50:54,474:DEBUG:acme.client:JWS payload: b'' 2023-01-19 23:50:54,476:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0hQSTU3SVVGdGx3UmJmR3ZiVG5ZWFFkbXMtdEhCMmdubDEyT29DazVRVFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9", "signature": "ooBLjfQWDfiIPvWriQYD8GmIbSOdjVepF4gV4B-7WRbX68QmJxbXQXkxmGC29x-iUVP4tjGWD6brC0iRfcUx-9XXVr6JhzMRBgz8enpktp7qLifqcv17RvEW888jZu-iLZzOkzJxfWSB1MLvocVHMOkao1Z0OFIeD4xwyzFpma350cNQJcdXJ7MjJia9_pGw3bzDuNBmPMMkBueDdcsmbVFS60jRDhi16kRrO4SNnztZJcqLnRQ4aL6gVsELUgAa_0hc6Rh8VBeGG9fEDxFMXzqL3CeBNBmUcuKqp8EBTiR24tEtDrnEH_okKFYdLd66oWswNH5kD6Y15-Ue-XSuww", "payload": "" } 2023-01-19 23:50:54,616:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801 2023-01-19 23:50:54,618:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:54 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 2712xvvXnb89hEu_3KQkLnwayymR4NdT41ErGqNt0Nax1zw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "my.host.net" }, "status": "pending", "expires": "2023-01-26T22:50:54Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" } ] } 2023-01-19 23:50:54,619:DEBUG:acme.client:Storing nonce: 2712xvvXnb89hEu_3KQkLnwayymR4NdT41ErGqNt0Nax1zw 2023-01-19 23:50:54,620:INFO:certbot._internal.auth_handler:Performing the following challenges: 2023-01-19 23:50:54,620:INFO:certbot._internal.auth_handler:http-01 challenge for my.host.net 2023-01-19 23:50:54,621:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2023-01-19 23:50:54,621:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2023-01-19 23:50:54,625:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM 2023-01-19 23:50:54,627:DEBUG:acme.client:JWS payload: b'{}' 2023-01-19 23:50:54,630:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiMjcxMnh2dlhuYjg5aEV1XzNLUWtMbndheXltUjROZFQ0MUVyR3FOdDBOYXgxenciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzE5NjYxNDg3ODg2Ny82bnpLNWcifQ", "signature": "B0A_PFhBve87B25kqbM6qAi4g4KYQItqqyz4Yy8qkTNIbw6hu_GLbi0NUXJ77a6RmN5zWdn0ZgGuZQfPw37L964AH98tsj8fnoVraVyLe-yPumFJGD1KRtzVZaP7ebNoxyMyGMmBV_lKkgqy9m4T8I8JnCNLk-L1GUrrEItG2dGcItkErUGNd6upNpL1sfcoIgxHZ13TJdR_4TvVAQl8ZBjL0i2juoj-K7jXbqUuCS3tw847IOQwC0K7aJuBsLxtuKLTHuaMyPfxXayEz3Gv4563j62CG0Bp4O_tLx5Zcwmx2SLDbrQRoKQfj-ZPMIoTpJVbRnBx089NliiyIf9BAQ", "payload": "e30" } 2023-01-19 23:50:54,773:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/196614878867/6nzK5g HTTP/1.1" 200 187 2023-01-19 23:50:54,775:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:54 GMT Content-Type: application/json Content-Length: 187 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g Replay-Nonce: 2712nqlnrMugVmbfIqNn3d78lo-cSnYtLCXoia9Aw-9H2YI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" } 2023-01-19 23:50:54,776:DEBUG:acme.client:Storing nonce: 2712nqlnrMugVmbfIqNn3d78lo-cSnYtLCXoia9Aw-9H2YI 2023-01-19 23:50:54,777:INFO:certbot._internal.auth_handler:Waiting for verification... 2023-01-19 23:50:55,779:DEBUG:acme.client:JWS payload: b'' 2023-01-19 23:50:55,785:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiMjcxMm5xbG5yTXVnVm1iZklxTm4zZDc4bG8tY1NuWXRMQ1hvaWE5QXctOUgyWUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9", "signature": "tK_yi34Mh-SC2SMo5tLNVxaDhU-YzVkcEu4BI5IoymklmicPlJKJDhoKEGBE0xg6Tspm90m9V9m3MND4_ZzCZ8FRqpsr98YV8Onhv7U2KgKlvbFutXlgLUSeoJnRkD-FW86o0_FUWhGVHpV4S4y802rg-gLRUm21g9UDft5P_nGNA1Q5Q4fA9hQ8J8hJPMe2xeNRW3-_xfrV0xB_dL3-nejryztQ4qvQoxtvSjp_DK4yku2p8LFiultRArLD4d9aHvb1yas2BMSNcN2XbD7Sxw0F4Il4ZedinmC2w3GPcZ_cTDVDEubsTiQGqrWUzmEsKNdDR139CJq-eqQouSRCug", "payload": "" } 2023-01-19 23:50:55,927:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801 2023-01-19 23:50:55,928:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:55 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: A5FEHwx4ntAtDM7GO4PgIo8cYi4WG7eUE-qW6by68iyjTYI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "my.host.net" }, "status": "pending", "expires": "2023-01-26T22:50:54Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" } ] } 2023-01-19 23:50:55,929:DEBUG:acme.client:Storing nonce: A5FEHwx4ntAtDM7GO4PgIo8cYi4WG7eUE-qW6by68iyjTYI 2023-01-19 23:50:58,933:DEBUG:acme.client:JWS payload: b'' 2023-01-19 23:50:58,939:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiQTVGRUh3eDRudEF0RE03R080UGdJbzhjWWk0V0c3ZVVFLXFXNmJ5NjhpeWpUWUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9", "signature": "S5EeflLmuk3kTOo7KcYg0Qk3DdwFAvMfyXlELoYpUD2vfTtaagBTZgsFR7DSWX8BoMJEEblDE8bIZ1gcpojinPBHytucmwUyKhiT8U5gAEOdXOxpdwz8ub-MS_wACxRypzaWTrAKuWQek0rrSqfnR8VLSJ_84s9XKHQtJlFYWpoLJXE6oZMzo2_r3p8N9AaMVFctO7QJIUoaO-AC_r50okCib0G0oMnrFLOVAez7wQwX03jTMpvQreUNzxvVtqsUDgFmXSr0zrLMXp-Nrvo8G0f0IpURNfZxkudPvVyDx3LuAgeEznUOFAUuMf5Gd4kZ_QKy2K2XqUBu9tKFtjRs4A", "payload": "" } 2023-01-19 23:50:59,085:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801 2023-01-19 23:50:59,087:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:50:59 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: F977CIdBnXkLMhLauFWsWee65g0Sjt4qKopEjh0u8pzaD9Q X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "my.host.net" }, "status": "pending", "expires": "2023-01-26T22:50:54Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" } ] } 2023-01-19 23:50:59,088:DEBUG:acme.client:Storing nonce: F977CIdBnXkLMhLauFWsWee65g0Sjt4qKopEjh0u8pzaD9Q 2023-01-19 23:51:02,092:DEBUG:acme.client:JWS payload: b'' 2023-01-19 23:51:02,098:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0NJZEJuWGtMTWhMYXVGV3NXZWU2NWcwU2p0NHFLb3BFamgwdThwemFEOVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9", "signature": "bAr3IyaJxFcCVomRVISLdP9qKl0l6dpo6m_nunEkQB87anchXHeeemP3_8mjJjJvQFybNxBr1khw9yg4nllbK6QduhQ6MjV5qMjrErpghLrL33a8SQJOzBHIKYNWlBYoBKk32sYmEmIfka2dAV9cWJsIUHcBXH4d8o7n_PONUMQT-OKXm3hWvXC_z0ZEE8mw7DQdloLRPnkrFJctcjs0XSj4PfbH7Ix_iiaj6FVbZPJyCVt0saoj6PybWCNpF6vCm6Soy8UV4_jbyrg3jC0VfLBffrgDI00C0CJrmlAXT6zMGlsfVenjfJewKC_QxFEsMcg3iwymvSb1T9Zk7SDGXg", "payload": "" } 2023-01-19 23:51:02,241:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 801 2023-01-19 23:51:02,243:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:51:02 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: F977CJnaLdGU1Od_M-vbdzDKAVk6cC1R7CitnreW-MMcpnc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "my.host.net" }, "status": "pending", "expires": "2023-01-26T22:50:54Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/3Zv8ng", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/FAj-Ug", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM" } ] } 2023-01-19 23:51:02,243:DEBUG:acme.client:Storing nonce: F977CJnaLdGU1Od_M-vbdzDKAVk6cC1R7CitnreW-MMcpnc 2023-01-19 23:51:05,246:DEBUG:acme.client:JWS payload: b'' 2023-01-19 23:51:05,251:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/196614878867: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTczMDE5OTIiLCAibm9uY2UiOiAiRjk3N0NKbmFMZEdVMU9kX00tdmJkekRLQVZrNmNDMVI3Q2l0bnJlVy1NTWNwbmMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE5NjYxNDg3ODg2NyJ9", "signature": "gChvCJzV5hxNCNFp4Q6yBcnVu5YPfIOb5hXWPhWrLX8x7hGZqMPTWm2FwXarzHv1G4adgn_Q3aUEh24pE73KCVB522bE3TNiWEQ-BTEXcCfyzMxPrMFO5wuX8iTwsqP5wTLeixCuOdEynSxNJGglBOfeJf_JNVwaIV_3nJM8Kc67XlGiF27aA05I5q46888i-iLqesqhH3NIgQA7NYSpBsmZPikLDyFgB8kXRJmrxTjy7LU-XsK1SC2dLyP3BXjGNkzRT-Ek2VxTu4cf6E29NqE2xdyZPgp1uiHEvKSdauv7peDs4Qbt4htRfKpII53dQemDhS0oympwzd7as20HDA", "payload": "" } 2023-01-19 23:51:05,391:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/196614878867 HTTP/1.1" 200 1060 2023-01-19 23:51:05,392:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 19 Jan 2023 22:51:05 GMT Content-Type: application/json Content-Length: 1060 Connection: keep-alive Boulder-Requester: 97301992 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 853F3k_3x_syoNGSuO0mWbO2DW7GxhxyiT0ABFzfTUKg5n0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "my.host.net" }, "status": "invalid", "expires": "2023-01-26T22:50:54Z", "challenges": [ { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem)", "status": 400 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/196614878867/6nzK5g", "token": "nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM", "validationRecord": [ { "url": "http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM", "hostname": "my.host.net", "port": "80", "addressesResolved": [ "89.95.42.66" ], "addressUsed": "89.95.42.66" } ], "validated": "2023-01-19T22:50:54Z" } ] } 2023-01-19 23:51:05,393:DEBUG:acme.client:Storing nonce: 853F3k_3x_syoNGSuO0mWbO2DW7GxhxyiT0ABFzfTUKg5n0 2023-01-19 23:51:05,394:INFO:certbot._internal.auth_handler:Challenge failed for domain my.host.net 2023-01-19 23:51:05,395:INFO:certbot._internal.auth_handler:http-01 challenge for my.host.net 2023-01-19 23:51:05,395:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: my.host.net Type: connection Detail: 89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2023-01-19 23:51:05,396:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-01-19 23:51:05,396:DEBUG:certbot._internal.error_handler:Calling registered functions 2023-01-19 23:51:05,397:INFO:certbot._internal.auth_handler:Cleaning up challenges 2023-01-19 23:51:05,397:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM 2023-01-19 23:51:05,398:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2023-01-19 23:51:05,399:ERROR:certbot._internal.renewal:Failed to renew certificate npm-34 with error: Some challenges have failed. 2023-01-19 23:51:05,402:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 484, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1541, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 129, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 344, in renew_cert new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-01-19 23:51:05,404:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2023-01-19 23:51:05,405:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed: 2023-01-19 23:51:05,405:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-34/fullchain.pem (failure) 2023-01-19 23:51:05,405:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2023-01-19 23:51:05,406:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1744, in main return config.func(config, plugins) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1630, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request raise errors.Error( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2023-01-19 23:51:05,406:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s) bash-5.1# date Thu Jan 19 23:55:35 CET 2023 I don't know what to do ? It used to work well Quote Link to comment
mgutt Posted January 20 Author Share Posted January 20 1 hour ago, kasuke said: "detail": "89.95.42.66: Fetching http://my.host.net/.well-known/acme-challenge/nB9BxlKyyRe91XjvTdn78jGOPM5sY2n8vHXz8WeC2XM: Timeout during connect (likely firewall problem)", "status": 400 Did you close port 80? Lets Encrypt can not reach your domain through http. Quote Link to comment
kasuke Posted January 20 Share Posted January 20 (edited) it is open but I just realised that it's not my ip address ... That explain a lot of issue that I got Edited January 20 by kasuke Quote Link to comment
WillyThunder Posted January 20 Share Posted January 20 Hello There I got kind of a basic question. I'm using the nginx proxy manager for most of my dockers like nextcloud, homeassistant using a subdomain like cloud.example.com or homeassistant.example.com how do i get the main domain "example.com" to work with a specific docker? I always get the message "example.com is already in use". Thanks Quote Link to comment
mgutt Posted January 20 Author Share Posted January 20 18 minutes ago, WillyThunder said: I always get the message "example.com is already in use". Isn't normal. Something is wrong with your npm installation. The easiest way would be to do a fresh install. Or you need to check the proxy config files in appdata or the npm database itself. Or you open an issue at GitHub and post your logs there. Quote Link to comment
GreenEyedMonster Posted January 24 Share Posted January 24 I give up... I need help and I'm willing to pay for it. Not much as I work for a non-profit but something! NPM works great sometimes and the site loads right up... other times it takes forever to load. I'm seeing this... They all eventually load up. On my server they load up automatically like they should. Any help? Feel free to PM! Thanks! Quote Link to comment
mgutt Posted January 24 Author Share Posted January 24 2 hours ago, GreenEyedMonster said: Any help? Check the access and error logs of your proxy host. You find them in NPMs appdata path /data/logs Then check the same logs of the target container. Did you enable any cache settings in NPM for this host? Any advanced configs? Dies this happen for all targets or only for one container? Quote Link to comment
GreenEyedMonster Posted January 24 Share Posted January 24 6 hours ago, mgutt said: Check the access and error logs of your proxy host. You find them in NPMs appdata path /data/logs Then check the same logs of the target container. Did you enable any cache settings in NPM for this host? Any advanced configs? Dies this happen for all targets or only for one container? First thank you! NPM 2023/01/10 16:20:56 [warn] 882#882: *64284 using uninitialized "server" variable while logging request, client: xxx.xxx.xx.x, server: mywebsite.com, request: "HELP" Target Container No error log that matches times with NPM. I'll work on seeing if I can find one that times match up. This happens to all of my target containers. I have the following settings with no advanced configuration: Quote Link to comment
pankie Posted January 27 Share Posted January 27 I've been using NPM for a few days now with no problem, I was accessing my nextcloud and jellyfin with the reverse proxy and my domain. Today I restarted my server and now the container won't run again. I've double checked that there are no invalid paths or anything Can anyone shed some light on this? It simply won't start I can't access the logs because the container won't start Quote Link to comment
mgutt Posted January 27 Author Share Posted January 27 3 hours ago, pankie said: I can't access the logs because the container won't start This happens often if you have two containers using the same ports. Try to stop all other containers and then try to start npm. Does it start then? Quote Link to comment
WillyThunder Posted February 2 Share Posted February 2 (edited) On 1/20/2023 at 7:46 AM, WillyThunder said: Hello There I got kind of a basic question. I'm using the nginx proxy manager for most of my dockers like nextcloud, homeassistant using a subdomain like cloud.example.com or homeassistant.example.com how do i get the main domain "example.com" to work with a specific docker? I always get the message "example.com is already in use". Thanks Hi There I got this worked out, passing the traffic from the maindomain to docker is now possible. I can't figure out why i can get a ssl-certificate with a subdomain no problem "cloud.example.com" but I am unable to to this with the maindomain "example.com". Proxy Host is right? Edited February 2 by WillyThunder Quote Link to comment
Kilrah Posted February 2 Share Posted February 2 You typically don't want HSTS, that has pretty complex requirements. Quote Link to comment
WillyThunder Posted February 2 Share Posted February 2 Same message if i uncheck HSTS or HTTP/2 Support or even Force SSL Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.