thedoomguy Posted June 4, 2023 Share Posted June 4, 2023 Thanks for providing this container. I'm really loving it. I have it all working as I'd like -- I have all my dockers in a separate VLAN 50 and have them configured to use br0.50, including Nginx Proxy Manager itself. All of this is working great. The problem I have is I want to set up split DNS so that locally DNS will return the IP of Nginx Proxy Manager and serve it local without going through the WAN or using hairpin NAT. I'm fine with the DNS setup part -- where I'm struggling is I need to configure the Nginx Proxy Manager container to listen on 443 and 80 instead of 8080 and 4443 (which is what it is using when using br0.50). I tried modifying 8080 to 80 and 4443 to 443 in the template but it remains as above -- listening on 8080 and 4443. How do I modify the container (while using a VLAN) to listen on 80 and 443 instead of 8080 and 4443 so I can use split DNS? Quote Link to comment
mattie112 Posted June 5, 2023 Share Posted June 5, 2023 Last time I checked it was hardcoded to port 443 (and 8080). I also changed this due to having IPv6 with no NAT so I needed it to run on those ports. https://github.com/jlesage/docker-nginx-proxy-manager/blob/master/src/nginx-proxy-manager/build.sh#L150 Feel free to use my fork that only has the ports changed. https://github.com/Mattie112/docker-nginx-proxy-manager If I'll remember to do it I will update/merge it again somewhere this week Quote Link to comment
SnugglyDino Posted June 7, 2023 Share Posted June 7, 2023 I could use some help. I'm trying to use NginxProxyManager but I keep getting an "Invalid SSL certificate" error. I am not sure what I am doing wrong here. I have a cert from NPM so what am I doing wrong? Hopefully the 4 screenshots help provide context. The first screenshot is supposed to show how I successfully created a SSL cert for test3.testdomain.com. The second screenshot shows how I have test3.testdomain.com pointed to an internal ip address. The third screenshot shows that I added a DNS type A record for test3. And lastly the last screenshot shows the error. Did I miss a step? Am I doing something wrong? Quote Link to comment
mattie112 Posted June 8, 2023 Share Posted June 8, 2023 Can you try to access your website directly? I don't use cloudflare but perhaps you can see the certificate there? If you don't know what certificate your website serves it is hard to debug from here. Perhaps you can "pause" cloudflare and then test your website here: https://www.ssllabs.com/ssltest/ Quote Link to comment
SnugglyDino Posted June 8, 2023 Share Posted June 8, 2023 (edited) 5 hours ago, mattie112 said: Can you try to access your website directly? I don't use cloudflare but perhaps you can see the certificate there? If you don't know what certificate your website serves it is hard to debug from here. Perhaps you can "pause" cloudflare and then test your website here: https://www.ssllabs.com/ssltest/ What do you mean by access website directly? Use my local ip address (i.e. 192.168.10.5:7878)? Edited June 8, 2023 by SnugglyDino Quote Link to comment
mattie112 Posted June 8, 2023 Share Posted June 8, 2023 4 minutes ago, SnugglyDino said: What do you mean by access website directly? Use my local ip address (i.e. 192.168.10.5:7878)? Yes for example, just to pull the certificate and to make sure it is what you expect. If you see that it is expired for example you know to start with the renewal process. If it is valid then start at CF. Quote Link to comment
SnugglyDino Posted June 8, 2023 Share Posted June 8, 2023 16 minutes ago, mattie112 said: Yes for example, just to pull the certificate and to make sure it is what you expect. If you see that it is expired for example you know to start with the renewal process. If it is valid then start at CF. I'm still confused on how to pull the certificate. So I decided to start fresh and deleted all the hosts and SSLs Certs in NginxProxyManager, A record in cloudflare and Port FWD in my router. After recreating the host, ssl cert, A record, and port fwd rule I am now getting Connection Timed out and Origin is unreachable errors. Any thoughts on what causes these two errors? Quote Link to comment
SnugglyDino Posted June 8, 2023 Share Posted June 8, 2023 (edited) 38 minutes ago, SnugglyDino said: I'm still confused on how to pull the certificate. So I decided to start fresh and deleted all the hosts and SSLs Certs in NginxProxyManager, A record in cloudflare and Port FWD in my router. After recreating the host, ssl cert, A record, and port fwd rule I am now getting Connection Timed out and Origin is unreachable errors. Any thoughts on what causes these two errors? Not sure what I'm doing differently but I got things working now after starting from scratch. Thank you for offering your help and replying to my questions. Edited June 8, 2023 by SnugglyDino Quote Link to comment
mattie112 Posted June 8, 2023 Share Posted June 8, 2023 I was talking about viewing the certificate (details) with your web browser. But good that it is working now Quote Link to comment
Gragorg Posted June 11, 2023 Share Posted June 11, 2023 My certs are not renewing not sure what changed here is a snippet from the log [app ] [6/11/2023] [9:09:56 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation [app ] Failed to renew certificate npm-1 with error: Some challenges have failed. [app ] Failed to renew certificate npm-10 with error: Some challenges have failed. [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] Failed to renew certificate npm-13 with error: Some challenges have failed. [app ] Failed to renew certificate npm-2 with error: Some challenges have failed. [app ] Failed to renew certificate npm-3 with error: Some challenges have failed. [app ] Failed to renew certificate npm-4 with error: Some challenges have failed. [app ] Failed to renew certificate npm-5 with error: Some challenges have failed. [app ] Failed to renew certificate npm-6 with error: Some challenges have failed. [app ] Failed to renew certificate npm-7 with error: Some challenges have failed. [app ] Failed to renew certificate npm-8 with error: Some challenges have failed. [app ] Failed to renew certificate npm-9 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed: Quote Link to comment
mattie112 Posted June 15, 2023 Share Posted June 15, 2023 On 6/11/2023 at 3:12 PM, Gragorg said: My certs are not renewing not sure what changed here is a snippet from the log [app ] [6/11/2023] [9:09:56 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation [app ] Failed to renew certificate npm-1 with error: Some challenges have failed. [app ] Failed to renew certificate npm-10 with error: Some challenges have failed. [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] Failed to renew certificate npm-13 with error: Some challenges have failed. [app ] Failed to renew certificate npm-2 with error: Some challenges have failed. [app ] Failed to renew certificate npm-3 with error: Some challenges have failed. [app ] Failed to renew certificate npm-4 with error: Some challenges have failed. [app ] Failed to renew certificate npm-5 with error: Some challenges have failed. [app ] Failed to renew certificate npm-6 with error: Some challenges have failed. [app ] Failed to renew certificate npm-7 with error: Some challenges have failed. [app ] Failed to renew certificate npm-8 with error: Some challenges have failed. [app ] Failed to renew certificate npm-9 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed: Try running certbot manually with some debug flags (-v) and see what it does. Quote Link to comment
Gragorg Posted June 16, 2023 Share Posted June 16, 2023 Ok so I had to change my cloudflare to dns only to renew. Is there a way to renew them while they are proxied in cloudflare? Quote Link to comment
mattie112 Posted June 16, 2023 Share Posted June 16, 2023 I don't use CF myself. But you need to be sure that the .well-known directory can be reached over unsecured http port 80 Quote Link to comment
Kilrah Posted June 16, 2023 Share Posted June 16, 2023 (edited) 3 hours ago, Gragorg said: Ok so I had to change my cloudflare to dns only to renew. Is there a way to renew them while they are proxied in cloudflare? Nope since when proxy is enabled letsencrypt (like anyone else trying to reach your domain) will be pointed to cloudflare's servers and not yours. Edited June 16, 2023 by Kilrah 1 Quote Link to comment
mattie112 Posted June 16, 2023 Share Posted June 16, 2023 29 minutes ago, Kilrah said: Nope since when proxy is enabled letsencrypt (like anyone else trying to reach your domain) will be pointed to cloudflare's servers and not yours. Or use DNS authantication for letsencrypt Or possible: https://community.letsencrypt.org/t/cloudflare-blocking/180172/5 1 Quote Link to comment
LuttyMiix Posted June 16, 2023 Share Posted June 16, 2023 (edited) Hey guys, same problem as others, from today, cannot renew certificate and can't create new ones either. Last time i launch all of this it worked like a charm. Ports 18443 LAN to 443 WAN & 1880 LAN to 80 WAN in the router config TCP only for my Unraid server Dynamic DNS set with CF DDNS docker is working flawlessly. The only real problem is about the SSL renew/creation here I don't have a clue on what it's going on. If someone has an idea about this you're welcome ^^ Thanks a lot guys letsencrypt.log Edited June 16, 2023 by LuttyMiix added log file Quote Link to comment
mattie112 Posted June 16, 2023 Share Posted June 16, 2023 This exactly the error as the previous 10 posts Make sure your website works for the .well-known folder on unsecured http port 80. If you have cloudflare see the post above. This really says it all: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: nextcloud.myserver.com Type: unauthorized Detail: 2606:4700:3034::6815:31d8: Invalid response from http://nextcloud.myserver.com/.well-known/acme-challenge/B2MWRSrn1NaJZaqWPpd4YVrWrBoqB1U11L4iIWluKFw: 403 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Quote Link to comment
LuttyMiix Posted June 16, 2023 Share Posted June 16, 2023 13 minutes ago, mattie112 said: This exactly the error as the previous 10 posts Make sure your website works for the .well-known folder on unsecured http port 80. If you have cloudflare see the post above. This really says it all: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: nextcloud.myserver.com Type: unauthorized Detail: 2606:4700:3034::6815:31d8: Invalid response from http://nextcloud.myserver.com/.well-known/acme-challenge/B2MWRSrn1NaJZaqWPpd4YVrWrBoqB1U11L4iIWluKFw: 403 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Well, putting DNS Only in CF to create works thanks a lot. What i don't get is why are we forced to do this ? Anytime the cert need to be renewed ineed to put DNS Only in CF to bypass CF ? I'm sorry for being such a newbie but even if i understand way more things that before, i don't get all ^^ Quote Link to comment
mattie112 Posted June 16, 2023 Share Posted June 16, 2023 I don't use CF so please check their forums. Either they cache it incorrectly (as it will create a new file to verify each time) or they block http/port 80. Quote Link to comment
LuttyMiix Posted June 16, 2023 Share Posted June 16, 2023 10 minutes ago, mattie112 said: I don't use CF so please check their forums. Either they cache it incorrectly (as it will create a new file to verify each time) or they block http/port 80. I'll get in touch with CF then, thanks a lot m8 Quote Link to comment
mattie112 Posted June 16, 2023 Share Posted June 16, 2023 Good luck, let us know Quote Link to comment
Gragorg Posted June 16, 2023 Share Posted June 16, 2023 6 hours ago, mattie112 said: Or use DNS authantication for letsencrypt Thanks for this. Got it all setup and working like a charm with my domain proxied. 1 Quote Link to comment
dandiodati Posted June 17, 2023 Share Posted June 17, 2023 WebUI menu option on the docker container disappeared after upgrading to unraid 6.12.0. Anyone else seen this ? Quote Link to comment
SimonF Posted June 17, 2023 Share Posted June 17, 2023 6 minutes ago, dandiodati said: WebUI menu option on the docker container disappeared after upgrading to unraid 6.12.0. Anyone else seen this ? Have you checked settings enabled and running? Quote Link to comment
RackIt Posted June 18, 2023 Share Posted June 18, 2023 On 6/2/2023 at 2:45 PM, debit lagos said: Did you add these to custom location or to the actual proxy files for that host? I added it to the custom location for the individual proxy. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.