November 24, 20241 yr In my adguard home config, I created a filter, DNS rewrites *.1234.site and pointed to 192.168.1.3 (npm). In npm, I have the following: Doing so, I get 502 Bad Gateway. Going to letsencrypt, using sonarr.1234.site, shows the following: sonarr.qnap.site: There is a server found at this domain but it returned an unexpected status code Invalid domain or IP. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running. another proxy host tower.1234.site http://192.168.1.10:80 leads me to the Congratulations page. I have a firewall. I haven't port forwarded anything yet, as I believe that's what adguard is there for. Internal access to sonarr.1234.site should point to app behind npm. Is this correct? Or do I have to configure firewall? So far, no intention to access from outside.
November 24, 20241 yr You don't need to touch firewall settings. You might have to turn on Websockets, depending on what's implemented on the destination page. You should always clear your computer's DNS cache and the browser's cache. In most cases, cached DNS is responsible for the issues. If you see a NPM congratulations page, your NPM is working. When you try the IP:Port in the browser it should show the same result as going to the FQDN. Some services require additional settings within the own config to allow proxies - for example, Home Assistant, QBittorrent, etc. Otherwise they will block the incoming connection. If you're troubleshooting the proxying, it's a good idea to try without SSL to make sure the basics are working. Edited November 24, 20241 yr by Espressomatic
November 26, 20241 yr @Espressomatic After following all your advise, this is the final step got it working. Now, I can access radarr.1234.site, tower.1234.site, all EXCEPT sonarr.1234.site. Sonarr doesn't proceed. But after sometime, it does. Sometimes after 30 mins, this time, after restart of all docker, a day. Similar behavior with other browsers, chrome, edge. Any idea what causes this? Lastly, how do you get ssl cert? Below test doesn't work. I've tried *.1234.site, doesn't work either. Error message says: *.1234.site: There is a server found at this domain but it returned an unexpected status code Invalid domain or IP. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.
November 26, 20241 yr You start first by getting cert for your base domain and wildcard on same domain - you can use that cert for any subdomain. If you also want additional unique certs by subdomain, you can also do those separately after, the same way. Your domain(s) need to have DNS set up with a provider that accepts DNS challenge for validation. If your DNS is not currently with someone that supports a challenge for Let's Encrypt, then you'll need to make those changes first. Otherwise you will have to do HTTP validation which requires a connection into your domain, which means opening ports, etc. NOT RECOMMENDED. For example, if your domain is registered but not currently in use, you open account at Cloudflare (for example) and then set its DNS servers in the DNS record for your domain using your refgistrar's control panel. If the domain is already in use like for an external site, then you will also need to make settings at Cloudflare (or elsewhere) to migrate the DNS setup from your web/mail/whatever hosting company so all that keeps working. That's outside the scope of the info I'm giving here. The form in NPM should be filled out exactly like this. Substitute your domain(s) and email, plus select the provider of your DNS. I use Cloudflare and a couple of others - for no particular reason. Edited November 26, 20241 yr by Espressomatic
November 26, 20241 yr I'm having some issues starting up NPMO. I currently run nginx on my firewall, but it has not been updating the Let's Encrypt certs automatically (I cannot figure out why). After an issue with Google flagging my apps as dangerous (got that resolved) and restarting my current nginx service, now 2 of my apps are not working... I decided to switch to NPMO in unRAID as all but one app that needs nginx is on the unRAID server anyway. When I try to start it up after selecting my docker custom network, I receive an error in my logs and this is what the mapping looks like in the Docker tab. This is the error in the creation log. docker: Error response from daemon: driver failed programming external connectivity on endpoint Nginx-Proxy-Manager-Official (ea336f70b9060a33facb1c1604d88956cacd513ac79bc324b838e9220addbb0a): Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use. I did have pihole installed in unRAID, but it was not running when I created the NPMO docker container. After uninstalling pihole, I still receive this error and I do not see port 443 allocated in docker anywhere. Edited November 26, 20241 yr by thewolf56
November 26, 20241 yr I can't seem to access the NPM gui on my local network and all of my services are suddenly inaccessible externally. However, they remain accessible internally. I don't believe I've done anything to create a breaking change. I am noticing the following flooding my logs. Could this prevent me from accessing the gui and also prevent ngnix from proxying my unraid services (vaultwarden, etc.)? nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/10.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:2 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:3 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:6 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:7 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/12.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/12.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/13.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/13.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/13.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/13.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/14.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/14.conf:20 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/15.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/15.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/3.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/3.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/4.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/4.conf:20 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/8.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/8.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/9.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/9.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/9.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/9.conf:20 nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /data/nginx/proxy_host/11.conf:1 ❯ Starting nginx ... nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/1.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/1.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/10.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/10.conf:19 I am also getting the following error in Unraid's logs during startup: Nov 26 05:57:30 Tower nginx: 2024/11/26 05:57:30 [error] 13452#13452: *251615 open() "/usr/local/emhttp/plugins/dynamix.file.manager/javascript/ace/mode-log.js" failed (2: No such file or directory) while sending to client, client: 192.168.88.247, server: , request: "GET /plugins/dynamix.file.manager/javascript/ace/mode-log.js HTTP/1.1", host: "192.168.88.225:8024", referrer: "http://192.168.88.225:8024/Shares/Browse?dir=%2Fmnt%2Fuser%2Fappdata%2FNginx-Proxy-Manager-Official%2Fdata%2Flogs" NPM is running on my bridge network with all my other dockers. Cloudflare is telling me DNS is working. I run CF DDNS, but haven't changed anything and dynamic IP updating seems to be working. My A Name still points to my IP. I have found various troubleshooting steps to modify the Proxy Hosts config files to get rid of these http2 errors, but would love confirmation that they are the issue, if at all possible.
November 27, 20241 yr 8 hours ago, Espressomatic said: You start first by getting cert for your base domain and wildcard on same domain - you can use that cert for any subdomain. If you also want additional unique certs by subdomain, you can also do those separately after, the same way. Your domain(s) need to have DNS set up with a provider that accepts DNS challenge for validation. If your DNS is not currently with someone that supports a challenge for Let's Encrypt, then you'll need to make those changes first. Otherwise you will have to do HTTP validation which requires a connection into your domain, which means opening ports, etc. NOT RECOMMENDED. For example, if your domain is registered but not currently in use, you open account at Cloudflare (for example) and then set its DNS servers in the DNS record for your domain using your refgistrar's control panel. If the domain is already in use like for an external site, then you will also need to make settings at Cloudflare (or elsewhere) to migrate the DNS setup from your web/mail/whatever hosting company so all that keeps working. That's outside the scope of the info I'm giving here. The form in NPM should be filled out exactly like this. Substitute your domain(s) and email, plus select the provider of your DNS. I use Cloudflare and a couple of others - for no particular reason. In my scenario, I'm using Adguard home for my internal DNS. I don't access it from outside. Are the instructions still applicable to get ssl cert? Cloudflare supports DNS challenge?
November 27, 20241 yr 16 hours ago, jang430 said: In my scenario, I'm using Adguard home for my internal DNS. I don't access it from outside. Are the instructions still applicable to get ssl cert? Cloudflare supports DNS challenge? Yes, everything the same as I outlined above. The exception is that if you're not *also* using an upstream local DNS resolver or forwarder for LAN/private name resolution, you'll have to create your local mappings in AdGuard Home using ReWrites, so when you visit myservice.mylan.tld it can send you to the IP for NPM. Edited November 27, 20241 yr by Espressomatic
November 30, 20241 yr Thank you for your patience @Espressomatic. The SSL is the last thing I am figuring out.
December 1, 20241 yr I can already go to sites via sonarr.1234.site, tower.1234.site, and this is coming from external WAN connection. I assume my firewall is configured properly that's why it hits the intended server. But when I go to ssl and test server reachability, using the same tower.1234.site, I get this error "Communication with the API failed, is NPM running correctly?" When using duckdns, something.duckdns.org, testing server reachability provides the same error. When doing the dns challenge, I get the following: Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-12" --agree-tos --email "[email protected]" --domains "something.duckdns.org" --authenticator dns-duckdns --dns-duckdns-credentials "/etc/letsencrypt/credentials/credentials-12" An unexpected error occurred: ModuleNotFoundError: No module named 'CloudFlare' Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-zox60zoj/log or re-run Certbot with -v for more details. I wonder why there's the word CloudFlare in there? Any clues? Edited December 1, 20241 yr by jang430
December 1, 20241 yr Where do i go, and what file do i edit to increase it's allowed filesize to come through to my server? As i set xbackbone to allow 25GB, but still, i get errors when i try to upload a 2GB file. Read that i'd need to set the amount in nginx as well, but can't figure out where to do that. I added it like this in an attempt, for the xbackbone config within nginx's appdata folder, but didn't help, and still denied me to upload it.
December 1, 20241 yr 10 hours ago, jang430 said: I wonder why there's the word CloudFlare in there? It sounds like you have something configured with Cloudflare settings (Credential file contents text box?) and are using a different DNS challenge setting (like DuckDNS). I strongly recommend to use Cloudflare or Registrar like Porkbun with a real FQDN rather than using DuckDNS. But Duck should still work if you make sure that the credentials text box is filled out correctly. 10 hours ago, jang430 said: But when I go to ssl and test server reachability I don't understand what you're trying here. If you have NPM working correctly, any visit to your FQDN should automatically be reritten as HTTPS and use the cert. It doesn't matter if you type http or https or nothing when hitting the site from your browser. NPM is listening on both port 80 (http) and 443 (https). Do *all* your testing from inside your LAN only. Don't bother trying any connections from the WAN side until you know everything is working 100% I also strongly recommend closing all incoming ports on your firewall and using Tailscale instead - but just like above, only after making sure everything is 100% inside the LAN. Edited December 1, 20241 yr by Espressomatic
December 2, 20241 yr I've got nginx configured properly, for me to be able to access domains from internally, to sites such as sonarr.1234.site, and tower.1234.site, this greatly helps, and is what I wanted to achieve. What is left for me to do is to access this sites without showing not secure. This I am still trying to figure out. I should be generating an SSL cert first right? To do so, I'm testing server reachability first using both sites above, and I'm getting "Communication with the API failed, is NPM running correctly?" I am using a firewall. Do I need to do anything? Do I have to open any ports for the server reachability to work?
December 2, 20241 yr 5 hours ago, jang430 said: Do I have to open any ports For NPM to be able to get certs 80 and 443 need to be forwarded to it, yes. AFAIK the server reachability check is broken, don't use it, just do the cert request when set up.
December 2, 20241 yr I have Adguard Home (192.168.1.2) and have DNS rewrite *.1234.site to Nginx Proxy Manager (npm, 192.168.1.3). In npm, I went to add certificate, under domains, I put in *.1234.site, use DNS challenge Cloudflare. I created a token in Cloudflare before this. Under DNS of 1234.site, I also put in a CNAME * under name, Target I used something.duckdns.org (this points to my public IP). Proxy status is turned off. I'm getting this error: Error: Command failed: . /opt/certbot/bin/activate && pip install --no-cache-dir certbot-dns-cloudflare==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') cloudflare && deactivate An unexpected error occurred: ModuleNotFoundError: No module named 'CloudFlare' Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-daeijkey/log or re-run Certbot with -v for more details. ERROR: Ignored the following versions that require a different python version: 2.10.0 Requires-Python >=3.8; 2.11.0 Requires-Python >=3.8; 2.8.0 Requires-Python >=3.8; 2.9.0 Requires-Python >=3.8; 3.0.0 Requires-Python >=3.8; 3.0.1 Requires-Python >=3.8 ERROR: Could not find a version that satisfies the requirement certbot-dns-cloudflare== (from versions: 0.14.0.dev0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.31.0, 1.32.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4) ERROR: No matching distribution found for certbot-dns-cloudflare== [notice] A new release of pip is available: 23.3.2 -> 24.0 [notice] To update, run: pip install --upgrade pip at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5). In my firewall, I have http, https pointed to npm (192.168.1.3). Am I missing something? I can't get ssl to work. I saw this on my logs: [12/2/2024] [11:24:02 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --preferred-challenges "dns,http" --disable-hook-validation P.S. I also thought test server reachability might be broken. Edited December 2, 20241 yr by jang430
December 2, 20241 yr 6 hours ago, Kilrah said: For NPM to be able to get certs 80 and 443 need to be forwarded to it, yes. No, this doesn't need to be done to generate certificates and using DNS challenge. And shouldn't be done at all - use Tailscale AFTER setting up NPM locally, including certificates. 5 hours ago, jang430 said: I'm getting this error: Looks like your NPM container is messed up. Use NPM-Plus. 5 hours ago, jang430 said: Under DNS of 1234.site, I also put in a CNAME * under name, Target I used something.duckdns.org You don't need this. Even your A-record doesn't need to point to your IP if you set up Tailscale, which is the secure way of accessing your local services from outside your LAN. You're trying to do too many unrelated steps at the same time and because of that it's difficult to follow and figure out where things are going wrong. I'm tempted to suggest you blow away the entire NPM config and just start over from a Youtube guide. This is a pretty simple process and there's little to no reason it shouldn't work immediately after a few steps which only take minutes.
December 4, 20241 yr On 11/26/2024 at 9:56 AM, that_was_easy said: I can't seem to access the NPM gui on my local network and all of my services are suddenly inaccessible externally. However, they remain accessible internally. I don't believe I've done anything to create a breaking change. I am noticing the following flooding my logs. Could this prevent me from accessing the gui and also prevent ngnix from proxying my unraid services (vaultwarden, etc.)? nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/10.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:2 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:3 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:6 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/11.conf:7 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/12.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/12.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/13.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/13.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/13.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/13.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/14.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/14.conf:20 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/15.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/15.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/3.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/3.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/4.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/4.conf:20 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/8.conf:19 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/8.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/9.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/9.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/9.conf:20 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/9.conf:20 nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /data/nginx/proxy_host/11.conf:1 ❯ Starting nginx ... nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/1.conf:19 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/1.conf:20 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/10.conf:19 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/10.conf:19 I am also getting the following error in Unraid's logs during startup: Nov 26 05:57:30 Tower nginx: 2024/11/26 05:57:30 [error] 13452#13452: *251615 open() "/usr/local/emhttp/plugins/dynamix.file.manager/javascript/ace/mode-log.js" failed (2: No such file or directory) while sending to client, client: 192.168.88.247, server: , request: "GET /plugins/dynamix.file.manager/javascript/ace/mode-log.js HTTP/1.1", host: "192.168.88.225:8024", referrer: "http://192.168.88.225:8024/Shares/Browse?dir=%2Fmnt%2Fuser%2Fappdata%2FNginx-Proxy-Manager-Official%2Fdata%2Flogs" NPM is running on my bridge network with all my other dockers. Cloudflare is telling me DNS is working. I run CF DDNS, but haven't changed anything and dynamic IP updating seems to be working. My A Name still points to my IP. I have found various troubleshooting steps to modify the Proxy Hosts config files to get rid of these http2 errors, but would love confirmation that they are the issue, if at all possible. Is there any reason nginx would fail to start and loop the above logs? Even that [emerg] line in the logs seems to be confined to a single proxy host conf file, which seems like it wouldn't result in the whole docker failing to start.
December 4, 20241 yr 11 hours ago, that_was_easy said: Is there any reason nginx would fail to start and loop the above logs? Even that [emerg] line in the logs seems to be confined to a single proxy host conf file, which seems like it wouldn't result in the whole docker failing to start. I've had some problem with npm previously where a disable/enable of Docker under Settings/Docker solved the issue. Maybe it's worth a try?
December 5, 20241 yr On 12/4/2024 at 4:31 AM, flosken said: I've had some problem with npm previously where a disable/enable of Docker under Settings/Docker solved the issue. Maybe it's worth a try? Ok so I think I figured it out, but it was very non-intuitive, even though the logs did show me the way. I also tried restarting docker and reobooting Unraid to solve the problem, neither of which worked. Before the issue arose I tried, unsuccessfully, to set up Matrix Synapse (which I may return to), and created a Proxy Host and associated conf file for it. My NPM logs indicated an issue with that config and since I'm abandoning Matrix Synapse for now, I just deleted the Proxy Host config file. Everything came back after that and the webgui is now accessible, as are all my services. I just think it's pretty weird behavior for a misconfigured Proxy Host to prevent the entire webgui from loading. Not sure if that is the design intention, but it certainly had me scratching my head.
December 7, 20241 yr Hello there, Switch to this container, but having some problems. Any ideia how to solve? 2024-12-07 16:37:31,611:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-12-07 16:37:31,611:DEBUG:certbot._internal.error_handler:Calling registered functions 2024-12-07 16:37:31,611:INFO:certbot._internal.auth_handler:Cleaning up challenges 2024-12-07 16:37:31,611:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/RWhZct77DJHBgXLb8bDB5pQEPmQzHSiBqiWseo7Q_MI 2024-12-07 16:37:31,613:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2024-12-07 16:37:31,613:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-12-07 16:37:31,615:ERROR:certbot._internal.log:Some challenges have failed.
December 8, 20241 yr Hi again all, An update to my issue. A page or 2 back I was saying how my NPM was fully working with Tailscale but would freeze every 1/2 day or so. Well, it seems to have fixed itself. What I think fixed it.... Originally I was running stable Unraid but when this started happening I decided to switch to v7 b3 to see if that helped at all.... And it didn't help any. Exact same issues. But a v7 b4 just came out and once I upgraded to that....everything has been stable every since. (3 days now). Fingers crossed!
December 9, 20241 yr I got an email from LetsEncrypt that two of my domains had certificates that were going to expire in 10 days. In the last few years I haven't thought twice about it as NPM just took care of it. I went into the GUI and tried to manually renew the certs and got "Internal Error". I decided to reboot the docker and now it won't boot at all. This is in the log over and over again: ❯ Starting nginx ... nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:14 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/3.conf:15 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/7.conf:14 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/7.conf:14 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/7.conf:15 nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/7.conf:15 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/redirection_host/3.conf:10 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/redirection_host/3.conf:11 nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-5/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/npm-5/fullchain.pem, r) error:10000080:BIO routines::no such file) What happened here, and how can I resolve it? Looks like something with a keyfile has failed?
December 10, 20241 yr You have a bad DNS configuration. https://community.letsencrypt.org/t/failed-to-establish-a-new-connection-errno-3-temporary-failure-in-name-resolution/170617
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.