June 4, 20233 yr Thanks for providing this container. I'm really loving it. I have it all working as I'd like -- I have all my dockers in a separate VLAN 50 and have them configured to use br0.50, including Nginx Proxy Manager itself. All of this is working great. The problem I have is I want to set up split DNS so that locally DNS will return the IP of Nginx Proxy Manager and serve it local without going through the WAN or using hairpin NAT. I'm fine with the DNS setup part -- where I'm struggling is I need to configure the Nginx Proxy Manager container to listen on 443 and 80 instead of 8080 and 4443 (which is what it is using when using br0.50). I tried modifying 8080 to 80 and 4443 to 443 in the template but it remains as above -- listening on 8080 and 4443. How do I modify the container (while using a VLAN) to listen on 80 and 443 instead of 8080 and 4443 so I can use split DNS?
June 5, 20233 yr Last time I checked it was hardcoded to port 443 (and 8080). I also changed this due to having IPv6 with no NAT so I needed it to run on those ports. https://github.com/jlesage/docker-nginx-proxy-manager/blob/master/src/nginx-proxy-manager/build.sh#L150 Feel free to use my fork that only has the ports changed. https://github.com/Mattie112/docker-nginx-proxy-manager If I'll remember to do it I will update/merge it again somewhere this week
June 7, 20233 yr I could use some help. I'm trying to use NginxProxyManager but I keep getting an "Invalid SSL certificate" error. I am not sure what I am doing wrong here. I have a cert from NPM so what am I doing wrong? Hopefully the 4 screenshots help provide context. The first screenshot is supposed to show how I successfully created a SSL cert for test3.testdomain.com. The second screenshot shows how I have test3.testdomain.com pointed to an internal ip address. The third screenshot shows that I added a DNS type A record for test3. And lastly the last screenshot shows the error. Did I miss a step? Am I doing something wrong?
June 8, 20233 yr Can you try to access your website directly? I don't use cloudflare but perhaps you can see the certificate there? If you don't know what certificate your website serves it is hard to debug from here. Perhaps you can "pause" cloudflare and then test your website here: https://www.ssllabs.com/ssltest/
June 8, 20233 yr 5 hours ago, mattie112 said: Can you try to access your website directly? I don't use cloudflare but perhaps you can see the certificate there? If you don't know what certificate your website serves it is hard to debug from here. Perhaps you can "pause" cloudflare and then test your website here: https://www.ssllabs.com/ssltest/ What do you mean by access website directly? Use my local ip address (i.e. 192.168.10.5:7878)? Edited June 8, 20233 yr by SnugglyDino
June 8, 20233 yr 4 minutes ago, SnugglyDino said: What do you mean by access website directly? Use my local ip address (i.e. 192.168.10.5:7878)? Yes for example, just to pull the certificate and to make sure it is what you expect. If you see that it is expired for example you know to start with the renewal process. If it is valid then start at CF.
June 8, 20233 yr 16 minutes ago, mattie112 said: Yes for example, just to pull the certificate and to make sure it is what you expect. If you see that it is expired for example you know to start with the renewal process. If it is valid then start at CF. I'm still confused on how to pull the certificate. So I decided to start fresh and deleted all the hosts and SSLs Certs in NginxProxyManager, A record in cloudflare and Port FWD in my router. After recreating the host, ssl cert, A record, and port fwd rule I am now getting Connection Timed out and Origin is unreachable errors. Any thoughts on what causes these two errors?
June 8, 20233 yr 38 minutes ago, SnugglyDino said: I'm still confused on how to pull the certificate. So I decided to start fresh and deleted all the hosts and SSLs Certs in NginxProxyManager, A record in cloudflare and Port FWD in my router. After recreating the host, ssl cert, A record, and port fwd rule I am now getting Connection Timed out and Origin is unreachable errors. Any thoughts on what causes these two errors? Not sure what I'm doing differently but I got things working now after starting from scratch. Thank you for offering your help and replying to my questions. Edited June 8, 20233 yr by SnugglyDino
June 8, 20233 yr I was talking about viewing the certificate (details) with your web browser. But good that it is working now
June 11, 20233 yr My certs are not renewing not sure what changed here is a snippet from the log [app ] [6/11/2023] [9:09:56 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation [app ] Failed to renew certificate npm-1 with error: Some challenges have failed. [app ] Failed to renew certificate npm-10 with error: Some challenges have failed. [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] Failed to renew certificate npm-13 with error: Some challenges have failed. [app ] Failed to renew certificate npm-2 with error: Some challenges have failed. [app ] Failed to renew certificate npm-3 with error: Some challenges have failed. [app ] Failed to renew certificate npm-4 with error: Some challenges have failed. [app ] Failed to renew certificate npm-5 with error: Some challenges have failed. [app ] Failed to renew certificate npm-6 with error: Some challenges have failed. [app ] Failed to renew certificate npm-7 with error: Some challenges have failed. [app ] Failed to renew certificate npm-8 with error: Some challenges have failed. [app ] Failed to renew certificate npm-9 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed:
June 15, 20233 yr On 6/11/2023 at 3:12 PM, Gragorg said: My certs are not renewing not sure what changed here is a snippet from the log [app ] [6/11/2023] [9:09:56 AM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation [app ] Failed to renew certificate npm-1 with error: Some challenges have failed. [app ] Failed to renew certificate npm-10 with error: Some challenges have failed. [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] Failed to renew certificate npm-13 with error: Some challenges have failed. [app ] Failed to renew certificate npm-2 with error: Some challenges have failed. [app ] Failed to renew certificate npm-3 with error: Some challenges have failed. [app ] Failed to renew certificate npm-4 with error: Some challenges have failed. [app ] Failed to renew certificate npm-5 with error: Some challenges have failed. [app ] Failed to renew certificate npm-6 with error: Some challenges have failed. [app ] Failed to renew certificate npm-7 with error: Some challenges have failed. [app ] Failed to renew certificate npm-8 with error: Some challenges have failed. [app ] Failed to renew certificate npm-9 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed: Try running certbot manually with some debug flags (-v) and see what it does.
June 16, 20233 yr Ok so I had to change my cloudflare to dns only to renew. Is there a way to renew them while they are proxied in cloudflare?
June 16, 20233 yr I don't use CF myself. But you need to be sure that the .well-known directory can be reached over unsecured http port 80
June 16, 20233 yr 3 hours ago, Gragorg said: Ok so I had to change my cloudflare to dns only to renew. Is there a way to renew them while they are proxied in cloudflare? Nope since when proxy is enabled letsencrypt (like anyone else trying to reach your domain) will be pointed to cloudflare's servers and not yours. Edited June 16, 20233 yr by Kilrah
June 16, 20233 yr 29 minutes ago, Kilrah said: Nope since when proxy is enabled letsencrypt (like anyone else trying to reach your domain) will be pointed to cloudflare's servers and not yours. Or use DNS authantication for letsencrypt Or possible: https://community.letsencrypt.org/t/cloudflare-blocking/180172/5
June 16, 20233 yr Hey guys, same problem as others, from today, cannot renew certificate and can't create new ones either. Last time i launch all of this it worked like a charm. Ports 18443 LAN to 443 WAN & 1880 LAN to 80 WAN in the router config TCP only for my Unraid server Dynamic DNS set with CF DDNS docker is working flawlessly. The only real problem is about the SSL renew/creation here I don't have a clue on what it's going on. If someone has an idea about this you're welcome ^^ Thanks a lot guys letsencrypt.log Edited June 16, 20233 yr by LuttyMiix added log file
June 16, 20233 yr This exactly the error as the previous 10 posts Make sure your website works for the .well-known folder on unsecured http port 80. If you have cloudflare see the post above. This really says it all: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: nextcloud.myserver.com Type: unauthorized Detail: 2606:4700:3034::6815:31d8: Invalid response from http://nextcloud.myserver.com/.well-known/acme-challenge/B2MWRSrn1NaJZaqWPpd4YVrWrBoqB1U11L4iIWluKFw: 403 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
June 16, 20233 yr 13 minutes ago, mattie112 said: This exactly the error as the previous 10 posts Make sure your website works for the .well-known folder on unsecured http port 80. If you have cloudflare see the post above. This really says it all: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: nextcloud.myserver.com Type: unauthorized Detail: 2606:4700:3034::6815:31d8: Invalid response from http://nextcloud.myserver.com/.well-known/acme-challenge/B2MWRSrn1NaJZaqWPpd4YVrWrBoqB1U11L4iIWluKFw: 403 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Well, putting DNS Only in CF to create works thanks a lot. What i don't get is why are we forced to do this ? Anytime the cert need to be renewed ineed to put DNS Only in CF to bypass CF ? I'm sorry for being such a newbie but even if i understand way more things that before, i don't get all ^^
June 16, 20233 yr I don't use CF so please check their forums. Either they cache it incorrectly (as it will create a new file to verify each time) or they block http/port 80.
June 16, 20233 yr 10 minutes ago, mattie112 said: I don't use CF so please check their forums. Either they cache it incorrectly (as it will create a new file to verify each time) or they block http/port 80. I'll get in touch with CF then, thanks a lot m8
June 16, 20233 yr 6 hours ago, mattie112 said: Or use DNS authantication for letsencrypt Thanks for this. Got it all setup and working like a charm with my domain proxied.
June 17, 20233 yr WebUI menu option on the docker container disappeared after upgrading to unraid 6.12.0. Anyone else seen this ?
June 17, 20233 yr 6 minutes ago, dandiodati said: WebUI menu option on the docker container disappeared after upgrading to unraid 6.12.0. Anyone else seen this ? Have you checked settings enabled and running?
June 18, 20233 yr On 6/2/2023 at 2:45 PM, debit lagos said: Did you add these to custom location or to the actual proxy files for that host? I added it to the custom location for the individual proxy.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.