Jimmy Posted January 20 Share Posted January 20 Hi, I follow your guide on YouTube for reverse proxy with Nginx Proxy Manager and I can't get the certification from Let'sEncrypt. When I look at the status of my proxy host, it said online but when I try to make the ssl certificate it said internal error. I'm new with this and hope someone can help me with that. PS I don't have the Let'sEncrypt log in my tmp. Quote Link to comment
JCM Posted February 8 Share Posted February 8 On 12/29/2023 at 12:46 PM, Ptolemyiv said: Am getting a certbot route53 error again in the logs and am unable to log in to the gui (since itself relies on ssl certificate!) - log is showing the following repeatedly: [app ] [12/29/2023] [11:33:43 AM] [Global ] › ✖ error Command failed: pip install --no-cache-dir certbot-dns-route53==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') [app ] The 'certbot_dns_route53.authenticator' plugin errored while loading: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py). You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. [app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ul_q9vn7/log or re-run Certbot with -v for more details. [app ] ERROR: Could not find a version that satisfies the requirement certbot-dns-route53== (from versions: 0.15.0.dev0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.31.0, 1.32.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0) [app ] ERROR: No matching distribution found for certbot-dns-route53== [app ] [12/29/2023] [11:33:44 AM] [Migrate ] › ℹ info Current database version: none Unfortunately the fix before doesn't seem to be working - anyone know how to fix this once and for all? (may be a recent update issue since only just started reoccurring again) EDIT: So the only way I was able to fix this error was to run the following command and download urllib manually: pip install 'urllib3<2' Nginx Proxy Manager then loaded and unsuccessfully failed to auto-renew the certificates - after this, I was able to manually renew the certificates from the UI. Strangely, if I reboot the container than the original error re-occurs and I have to manually execute the above command again... Anyone else encountering the same or can suggest a permanent fix? Many thanks I have the exact same issue and your fix helped me successfully renew my certificates manually. Sadly I have no permanent solution for this. I will take a look into this again in May 😉 Quote Link to comment
hathi_ndg Posted March 22 Share Posted March 22 On 12/30/2019 at 1:55 PM, Djoss said: Since you are not using the "Bridge" network type, the UI should be reachable over port 8181. In your case you probably need to use http://192.168.2.5:8181 It's been a while, but have you found a solution? Quote Link to comment
Panja Posted April 1 Share Posted April 1 This is also now broken for me with generic "Internal Error" Quote Link to comment
costind Posted April 14 Share Posted April 14 Hi all, I thiink I may have found a sollution to generate a certificate. Instead of renew, go to the Add SSL certificate option, Let's encrypt and select use a DNS challange. Enter your DNS provider, in my case Duckdns and the token that you have when you log in to duckdns page. It generated a new cert. Make sure you backup your existing one by downloading it, delete the old cert and config the redirect by selecting the new cert. An easy way to tell which one is the new one is by looking at ethe expiry date. Hope it helps. Quote Link to comment
bmpreston Posted May 23 Share Posted May 23 Struggling to get a Cloudflare DNS Challenge working and only getting this error: Confusion I have is I generated a cloudflare.ini file in appdata/nginxproxymanager/letsencrypt/cloudflare.ini. Is it supposed to be cloudflare.ini or letsencrypt.ini? Online docs mention one thing, the error seems to be looking for letsencrypt.ini. Regardless, would love to get this going... I want internal only RP with SSL. Need to stop the shenanigans with 10.0.0.250:8888 Ya know? Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --email "[email protected]" --domains "*.prestonfamily.net,prestonfamily.net" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-11" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log /config/.local/lib/python3.10/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py:107: PendingDeprecationWarning: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! You're seeing this warning because you've upgraded the Python package 'cloudflare' to version !! !! 2.20.* via an automated upgrade without version pinning. Version 2.20.0 exists to catch any !! !! of these upgrades before Cloudflare releases a new major release under the release number 3.x. !! !! !! !! Should you determine that you need to revert this upgrade and pin to v2.19.* it is recommended !! !! you do the following: pip install --upgrade cloudflare==2.19.* or equivilant. !! !! !! !! Or you can upgrade to v3.x. NOTE: Release 3.x will not be code-compatible or call-compatible !! !! with previous releases. To see more about upgrading to next major version, please see: !! !! https://github.com/cloudflare/python-cloudflare/discussions/191 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! self.cf = CloudFlare.CloudFlare(token=api_token) /config/.local/lib/python3.10/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py:107: PendingDeprecationWarning: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! You're seeing this warning because you've upgraded the Python package 'cloudflare' to version !! !! 2.20.* via an automated upgrade without version pinning. Version 2.20.0 exists to catch any !! !! of these upgrades before Cloudflare releases a new major release under the release number 3.x. !! !! !! !! Should you determine that you need to revert this upgrade and pin to v2.19.* it is recommended !! !! you do the following: pip install --upgrade cloudflare==2.19.* or equivilant. !! !! !! !! Or you can upgrade to v3.x. NOTE: Release 3.x will not be code-compatible or call-compatible !! !! with previous releases. To see more about upgrading to next major version, please see: !! !! https://github.com/cloudflare/python-cloudflare/discussions/191 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! self.cf = CloudFlare.CloudFlare(token=api_token) /config/.local/lib/python3.10/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py:107: PendingDeprecationWarning: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! You're seeing this warning because you've upgraded the Python package 'cloudflare' to version !! !! 2.20.* via an automated upgrade without version pinning. Version 2.20.0 exists to catch any !! !! of these upgrades before Cloudflare releases a new major release under the release number 3.x. !! !! !! !! Should you determine that you need to revert this upgrade and pin to v2.19.* it is recommended !! !! you do the following: pip install --upgrade cloudflare==2.19.* or equivilant. !! !! !! !! Or you can upgrade to v3.x. NOTE: Release 3.x will not be code-compatible or call-compatible !! !! with previous releases. To see more about upgrading to next major version, please see: !! !! https://github.com/cloudflare/python-cloudflare/discussions/191 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! self.cf = CloudFlare.CloudFlare(token=api_token) Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) Quote Link to comment
Wachuwamekil Posted May 29 Share Posted May 29 I've got a system upstream that uses lets encrypt and has it configured. Can I use this proxy manager as a transparent proxy to just pass along traffic to an upstream system without having to mess with the packets? The upstream system is very sensitive and tends to not like proxies trying to inspect traffic. I'd want to go from URL : 443 -> Nginx : URL Translate to IP :443 -> server ip : 443 Quote Link to comment
RaptorBeaver Posted May 30 Share Posted May 30 (edited) Hi guys, Sorry if my problem seems to be basic but i tried everything. It's not my first time with nginx pm but it's my first time with unraid. Usually i had a VM on proxmox dedicated to docker and run my nginx in it, never had any problem with my method in this setup. I don't want to access to my server from outside I just want users when connected to my local network to get access to services through subdomains. I change my DNS records with an A / mydomain.com / 192.168.1.50 (unraid local IP) I deployed jlesage/nginx-proxy-manager tried every network config... host, bridge, br0 etc. I get access to the webui, no problem. I try to config my subdomains... Again, not my first time, don't think the problem is with this config. --> Everytime i try to connect to any subdomain i go to the unraid login page... Like nginx was not catching the request... Please can you help me ? Thanks a lot Edited May 30 by RaptorBeaver Quote Link to comment
Kilrah Posted May 30 Share Posted May 30 Sounds like you got your port forwards wrong and directing to unraid instead of NPM. Quote Link to comment
RaptorBeaver Posted May 30 Share Posted May 30 (edited) OK so how do i tell him to redirect request from a user of the local network that want to reach a service via a subdomain to be redirected to npm please ? Is it possible to run a docker container with another IP than the unraid host ? Will definetely solve the problem i guess... Edited May 30 by RaptorBeaver Quote Link to comment
Kilrah Posted May 30 Share Posted May 30 For local to work you can't have port mappings so you need to run npm from ports 80/443 directly, which you can do after changing the ports the unraid ui is served on. Quote Link to comment
DaveG Posted May 30 Share Posted May 30 Evening, I have bought a domain, changed the DNS servers to point to cloudflare. Works great. I can load dockers in and configue to use them from anywhere with any device. Ive also got my certificates installed. He comes my problem... I want to host my own webserver on my Unraid system. (I know about risks etc, so please dont preach) I just cannot for the life of me enter my domainname as is. and get it to point to the home page in either Nginx or NginxProxyManger? What am i doing wrong please? Any help would be appreiated. I have 7 other dockers install and i can pont and run to them no problem but strange jow i just cant get a simple website up... NginxProxyManger Logs.txt Nginx Logs.txt Quote Link to comment
calabriel Posted June 9 Share Posted June 9 I have a weird issue - I had to move my entire UnRaid install to a new PC. Got all my containers installed, including NPM. I had proxy redirects set up and working properly, but now that I have set everything back up only three are successfully redirecting. Two of them are routing me to the default NPM page, saying this: In the Proxy Host list, they are set up properly and NPM says the server is online. I ran a cURL command from the NPM container aimed at my binhex-overseerr container, which is one of the failing redirects, and got this response: HTTP/1.1 307 Temporary Redirect X-Powered-By: Express Location: /login Date: Sun, 09 Jun 2024 18:29:19 GMT Connection: keep-alive Keep-Alive: timeout=5 Transfer-Encoding: chunked It was working previously and I didn't change any settings away from the original setup, so I don't know why I'm getting this 307 response. I asked in the binhex support page, but was redirected here because it seems like a NPM issue. Any help would be appreciated, and I can provide logs and things if needed and if I'm told where they are located. Thanks! Quote Link to comment
Kilrah Posted June 9 Share Posted June 9 How have you configured your hosts? if it's by ip, and the server's ip isn't the same becasue you didn't update your reservations when changing hardware then it won't work Quote Link to comment
calabriel Posted June 9 Share Posted June 9 1 hour ago, Kilrah said: How have you configured your hosts? if it's by ip, and the server's ip isn't the same becasue you didn't update your reservations when changing hardware then it won't work I did update host IPs. Everything is the same as it was, 192.168.1.212 for all containers and then default ports from the container configuration. I had proxies for Plex, Overseerr, Tautulli, Homarr, and a Rickroll container all using the same IP address but their own ports. Only Overseerr and Homarr aren't working after the move. Navigating to them via IP address is working, and my DNS records seem to be working because I am getting routed to NPM via DNS. Quote Link to comment
Nebur692 Posted June 14 Share Posted June 14 Good afternoon Is this docker no longer updating? The proxy version is 2.11.2 and the one that is installed is 2.10.4 Quote Link to comment
Kilrah Posted June 14 Share Posted June 14 Check that you didn't force that version yourself in the past. Quote Link to comment
danbru1989 Posted June 23 Share Posted June 23 (edited) Anyone know why I can't get NPM to setup a SSL cert for my OnlyOffice domain? I get "Internal Error" every time. The OnlyOffice container is using my reverse proxy docker network with port 8081. I guess the problem is with my OnlyOffice setup and not NPM because I'm successfully using NPM for many other things. But I'm stuck on this for two days now and can't find a solution. Help appreciated! Edited June 23 by danbru1989 Quote Link to comment
costind Posted June 23 Share Posted June 23 Use the DNS challenge for certificate as I've described above, should work. Quote Link to comment
danbru1989 Posted June 24 Share Posted June 24 That didn't work for me, but I solved the issue with a wildcard cert from Cloudflare. 1 Quote Link to comment
Interstellar Posted June 30 Share Posted June 30 Got an odd problem: If I don't set a --dns=10.10.2.1 flag in extra parameters, I can login to NPM fine from 10.10.1.X if I set --dns=10.10.2.1, then I get a bad gateway error on login as I'm accessing it from 10.10.1.X Problem is NPM is on a separate NIC, with the 10.10.2 range, and without setting the --dns=10.10.2 flag I don't get DNS resolution (opnsense + adguard). What is going on? 😶 Quote Link to comment
Ustrombase Posted July 1 Share Posted July 1 @PtolemyivDid you ever figure this out? I'm considering switching form this revproxy to another one but before I do wanted to get caught up on the latest fixes if any. I haven't seen anything on his github only that you can kill the PID process that runs on a loop for this. I have a feeling the maintainer has stepped away because I also haven't seen any updates to this container. On 12/29/2023 at 5:46 AM, Ptolemyiv said: Am getting a certbot route53 error again in the logs and am unable to log in to the gui (since itself relies on ssl certificate!) - log is showing the following repeatedly: [app ] [12/29/2023] [11:33:43 AM] [Global ] › ✖ error Command failed: pip install --no-cache-dir certbot-dns-route53==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') [app ] The 'certbot_dns_route53.authenticator' plugin errored while loading: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py). You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer. [app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ul_q9vn7/log or re-run Certbot with -v for more details. [app ] ERROR: Could not find a version that satisfies the requirement certbot-dns-route53== (from versions: 0.15.0.dev0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.31.0, 1.32.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0) [app ] ERROR: No matching distribution found for certbot-dns-route53== [app ] [12/29/2023] [11:33:44 AM] [Migrate ] › ℹ info Current database version: none Unfortunately the fix before doesn't seem to be working - anyone know how to fix this once and for all? (may be a recent update issue since only just started reoccurring again) EDIT: So the only way I was able to fix this error was to run the following command and download urllib manually: pip install 'urllib3<2' Nginx Proxy Manager then loaded and unsuccessfully failed to auto-renew the certificates - after this, I was able to manually renew the certificates from the UI. Strangely, if I reboot the container than the original error re-occurs and I have to manually execute the above command again... Anyone else encountering the same or can suggest a permanent fix? Many thanks Quote Link to comment
Ptolemyiv Posted July 13 Share Posted July 13 It seems to reoccur for me whenever I update/reinstall the container. My nginx updated to the recent latest release which broke for a different reason (something about an argument list being too long) so I had to manually configure to the previous docker version and had the same error again but it appears to at least be easily resolvable by just re-running the urllib command mentioned previously. Not sure why the latest version is breaking though - anyone else getting the same? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.