-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL certificate error #2011
Comments
Any update about this issue? |
can you do *.example.com or just example.com? Anyways i have same error with just example.com after clicking on test, but not when domain is unavailable, maybe this happens if domain points to different location. I'm using cloud flare dns without proxy do i need to use dns challenge? With token I get Without dns challenge i get
UPDATE: weirdly after 3 attempts (no change in token) it did succeeded even with wildcard, i dunno what it does say about trying same thing expecting different result |
I am facing the same issue. Have enabled port forwarding for both 80 & 443. keep getting the same errors outlined in the original post |
Same Problem here. Can`t renew the or create SSL via Letsencrypt |
guessing im not the only one here today xD |
same here |
Same here |
+1 |
I'm seeing the same "Communication with the API failed, is NPM running correctly?" on NPM 2.9.19 on a Raspberry Pi using Docker. The error occurs when I test connectivity, but ultimately succeeded in requesting the certificate from Let's Encrypt. |
I'm also getting Communication with the API failed, is NPM running correctly?" after pulling :latest this morning. I'm glad its not just me, hopefully we get this fixed. Thanks!!! |
Well... u can request a certificate but only the check does currently not work. Requesting and renewing does work just fine ;) |
+1 hope solve it |
same here |
Yep. same here? |
Anyone had any luck with a older version ? |
Same issue here |
Same here, please advise |
Same here :/ |
whenever you try to see if the server reachable, docker logs will display this error. I've tried to pinpoint script that triggers but had no luck so far |
|
Same problem in all my servers. Nothing changed, worked fine till it doesnt. |
Same here. PM works fine on my Oracle Cloud hosts, but I'm facing this issue on my home server. |
same here, even install lastest version hardware |
same here. |
same. no joy. I'm new to all this and I've been beating my head thinking I messed up somewhere. |
I'm having the same issue. |
Yep, same issue. |
The wall of "same here" messages doesn't speed up the process of resolving this issue and it creates an unnecessary spam for those who follow issues via email. If you want to help, please provide additional information such as logs, your settings, info about your setup or anything else that you think might be helpful. If you want to show that you also are interested in solving this issue, consider just up-voting initial issue message, so that the counter will go up. But please, stop spamming "same here" EDIT: Want to make it clear, that I do not think bad of people who posted "same here" and just wanted to point out that it is not the most helpful approach for participating in issues, with peace and love |
Unfortunately not. I tried this before. I'm in a LXD container, where I can ssh into. It's not a port or connection issue. Manual "dry run" also worked. |
If anyone wants to give this a try: My setup is NPM docker running on the same virtual machine as all of my other docker stuff. I use AdGueard Home, with a DNS rewrite of *.mydomain.com - > Local IP of NPM. I figured there was probably some sort of problem of NPM trying to reach stuff but just getting redirected and never leaving my LAN... So I set up wireguard in the virtual machine that runs all of my docker stuff. I have a subscription to AirVPN and used their config generator. With the VPN connected, I'm able to add/renew certificates. My guess is that the VPN forces traffic to leave my LAN, which helps things renew properly. Either that, or it just randomly started working while I was messing around with it. |
I've had this before too, where it suddenly started to work again... |
I would like to weigh in here and suggest making sure that "Block common exploits" is disabled in the proxyhost settings for the particular domain you're trying to renew (re-enable it afterwards), also wait a while before doing it if you've been spamming the renew button before trying that, it might be rate limited |
Just to flag this PR I submitted seems to do the trick - #3121 - I've done renewals on a few servers since and they seem to go through OK. You can test it via the auto-built Docker image in the PR. |
I had exactly the same problem as described above. |
I am using ubuntunu+portainer+npm+uptime kuma. I want to get a certificate for uptime kuma. When I click: "Test Server Reachability" I get an error: "Communication with the API failed, is NPM running correctly?". Any help? 80 and 443 ports are available |
@baxenko where are you clicking 'Test Server Reachability'? I've got the Portainer/NPM/Uptime Kuma setup too and all are working fine (using my PR above for NPM to ensure SSL certs issued/renewed OK) |
@baxenko I'm pretty certain, at least for me, that it's network related. Probably NAT Loopback. I think NPM sends out a DNS request for your domain, gets pointed at your home network, and your router never lets anything leave. The solution for me was connecting the machine that runs NPM to a VPN. That forced stuff to leave my home network so the certificate stuff could succeed. |
I found this that seems to help a lot: https://www.reddit.com/r/nginxproxymanager/comments/166fbka/certbot_renew_internal_error/ Looks like we need a different certbot version packaged into this docker container |
@EDIflyer , @etymotic ✅ Instructions: https://gist.github.com/Vladkarok/12ed9c11282d1659ecf369028c3202e6 |
Hello everyone I had the same issue, and it turns out it has something to do with my firewall setting. |
Thanks, it has fixed my issue. Thanks for sharing the fix. The following commands ran in the container fixed the issue. |
What did you change? you allowed a different port or something? |
In my case, creating a new certificate did not work for me. The problem was not having created the subdomain in cloudflare and pointing it to my server. Once the subdomain was created in cloud fare I was able to create my new certificate without problems. En mi caso no me funcionaba crear un nuevo certificado. El problema era no haber creado el subdominio en cloudflare y apuntarlo a mi servidor. Una vez creado el subdominio en cloudflare pude crear mi nuevo certificado sin problemas. |
Okay, after a few hours of frustration, re-installs, and changing router configs, I kept getting the internal error or the communication with the API NPM running correctly? I have another subdomain outside of NPM with its own certificate, so I decided to do a force renewal and it worked right away. I was about to add a wildcard to that certificate and import it to NPM, but I decided to try it one more time. I created a new certificate from scratch with a fresh API key from Cloudflare. That's when I noticed something. When using the DNS Challenge option, the credentials file content had the example below: Cloudflare API token I replaced the token with my Cloudflare token, and it failed. I then tried it again, this time using single quotes around my token, like this: IT WORKED! I checked the credentials file to verify, and it had: dns_cloudflare_api_token = \0123456789ABCDEF0123456789ABCDEF01234567\ The weird thing was that my credentials file for my previous certificates that I could not renew did not have any quotes or slashes around the token, but they had worked up until now. Anyway, I thought I would share if anyone else was having the same problem. |
I had this issue after doing a backup of my folder I decided to create a script to fix it, this script can be executed inside the docker container (haven't tested it from the host), it will search for the most recent certificate in the afterwards you should be able to execute https://gist.github.com/yesid-bocanegra/dfa0cbf0f99a6834340613f43b6610e0 |
First time caller, long time listener. I noticed that the jc21/nginx-full has been deprecated in favor of using nginxproxymanager/nginx-full, although, I'm not sure when it was marked deprecated. Even more damning is the fact that the Strangely enough, it looks like @jc21's account pushed a new image just 12 hours ago, despite this repo not having seen a commit since last month. Even stranger, is that the new image, nginxproxymanager/nginx-full, hasn't seen an update in 9 months! I have a faint suspicion that most of the issues folks have had in this thread are due to using the deprecated image, IF it truly is deprecated. I did try spinning up a container with the following docker-compose, but the container exits with code 0 immediately, so I think the docker-compose.yaml
|
@nsaccente interesting. I haven't had a chance to play with it, but try |
@etymotic , I attached my docker-compose contents as a |
Update, it appears that my ISP has changed my IP, which has been the cause of all my troubles. Updating my domain provider's dns with my new IP did just the trick. I guess I can't put off setting up dyndns any longer 🤷 The error message provided by NPM is... vague at best... misguiding at worst. Despite this small victory, the following are still true:
For those having trouble with NPM's SSL certification feature, please make certain that the IP of your server is still valid! |
I found a fix for my issue: allocating more storage space. Running NPM in a Proxmox CT (no docker at all), and happened to catch that it was at 96% of its storage. I gave it some extra, and boom. Worked! |
Look. This might seem silly, but I was also having this problem. Turns out my problem is that I enabled basic WAF protection in my Cloudflare to block anything not coming from Spain and to block Bots. Well, obviously that blocked Let's Encrypt bot not residing on Spain. Duh. I disabled the filters and it's now working nicely. I thought I'd leave my 5 cents here if anyone else has been having problems with this. |
I had a very similar issue, along with my isp blocking port 80 and not telling me. No wonder i coudnt renew my cert. (im also in spain, maybe isps are renewing security configs?) Thought id also leave my 5 cents. |
Its not worked for me 🥲 |
Did you by any chance disable "Block Common Exploits" before renewing the cert? If not then try that (Also wait an hour or so first if you've been spamming the renew button a lot) |
Checklist
jc21/nginx-proxy-manager:latest
docker image?Describe the bug
i have a fresh NPM image running and tried to generate SSL certificate for my domain
i tried both http/dns challenges
for http challenge i get this error:
or this one:
for the second error i made sure my DNS record is configured as DNS only and not proxied on cloudflare and i have both port 80 and 443 forwarded on my WAN router
if i opted for DNS challenge i get this error
although the API key is working fine
Nginx Proxy Manager Version
v2.9.14
i tried the latest as well but i had the same issue and i saw a post here recommending downgrading helped but unfortunately it didn't help me ref. #1862
To Reproduce
Steps to reproduce the behavior:
Expected behavior
wildcard SSL certificate to be created
Operating System
ubuntu server 21.10
The text was updated successfully, but these errors were encountered: