ℹ Updated to v1: Proxy no longer works, cannot login, doesn't work, lost all settings

[frenck]

⚠️ Please do not respond to this issue with "I have the same issue" or similar. Thanks 👍

Oh hi there 👋

If you came to this issue because you are experiencing what is in the title, it probably means you:

• Have automatic updates enabled on the Nginx Proxy Manager add-on; causing you to be automatically upgraded into this breaking change release without you knowing.
• You have manually upgraded and didn't check the release notes.

This issue is here as we expected this to happen, to prevent everybody from creating the same issue this issue is pre-created with information on what is going on.

"What happened?"

I've shipped version 1 of the add-on, which has a huge breaking change:

It starts with a blank slate. You have to set up / configure the add-on from scratch.

This is why this version of the add-on has a major version bump and a big breaking change warning in the add-on release notes.

"Damn Frenck, this sucks. Why!?! 🤬"

So, this add-on hasn't received much love in the past two years. It had multiple issues:

• An external database was required (MariaDB), which caused overhead.
• The external database connection wasn't always working stable.
• Let's encrypt not always working / hard to fix/debug.
• Backups weren't complete. SSL certificates & the database weren't included in the backups.
• Restoring the MariaDB backups hasn't been reliable, making it even harder to backup this add-on correctly.
• The add-on was built at a time when the Nginx Proxy Manager didn't support anything else but MySQL/MariaDB.
• The add-on was built using a lot of workarounds, to make it work as an add-on.
• The Nginx Proxy Manager version shipped had a security issue (cvedetails.com/cve/CVE-2023-27224).

Version v1 and the newer version of this add-on addresses all of the above.

"Why didn't you migrate the data?!"

I wish I could. I've spent endless hours making that happen reliably and tried many times in the past two years. I never reached an even remotely acceptable point of making that happen.

The time has come to bite the bullet. This is why this is published as a breaking change with a major version number.

"Can I now use this add-on without the MariaDB add-on?"

Yes, the add-on will now use SQLite and no longer rely on the MariaDB add-on installed. Once upgraded and you've re-setup your proxy, it means you can remove the MariaDB add-on (if it was only used for the Nginx Proxy Manager).

"Does the backup now include everything?"

Yes, as of version 1+, backups of the Nginx Proxy Manager add-on are complete backups. This includes all configuration data and certificates.

"I don't have time for this bulls***"

Understandable. It would have helped if you read the actual release notes before upgrading. If you missed it, please restore the backup of the add-on that you made before upgrading.

Please note: Home Assistant doesn't provide a downgrade mechanism, so restoring a backup is the only correct solution.

"I don't agree with this change"

That is possible. While this change has the best intentions and, in my opinion, is the only way forward: we don't have to agree.

In that case, this add-on is no longer suitable for you. The best I can advise at this point is uninstalling it and look for a solution that suits you better.

"I have more questions!"

Please, feel free to drop them in this issue. I do want to ask you to keep the discussion here on topic, polite, and civilized. We are all just humans.

Final word

First of all: I'm deeply sorry I have to take this path that forces you to restart your proxy configuration.

Nevertheless, I do think this is the only correct way forward to resolve all issues around this add-on at this point. I hope in time you will agree.

Please accept my sincere apologies.

../Frenck

⚠️ Please do not respond to this issue with "I have the same issue" or similar. Thanks 👍

[remb0]

a very big thanks to frenck!!

[frenck]

I've published v1.0.1 to address the reported starting issue caused by an uncaught SyntaxError.

https://github.com/hassio-addons/addon-nginx-proxy-manager/releases/tag/v1.0.1

I've hidden the comments above related to that report, to keep this issue as clean as possible.

Thanks for reporting 👍

../Frenck

[felipecrs]

What to do when you can't access the web ui to reconfigure it?

chrome_yIs0nlOqG1.mp4

[frenck]

What to do when you can't access the web ui to reconfigure it?

Odd behavior, some kind of browser plugin/protection thing?
Anyways, visit https://192.168.1.10:81 in your case (the address of your HA instance, port 81, or the port you have configured in the Configuration tab -> network settings).

../Frenck

[felipecrs]

Good idea. I had disabled such port in the past. That's why the button didn't work. I reconfigured it to 81 and now even the button works. Thanks!

[ThePatricide]

No issues here, waited to upgrade after I saw these comments, had 1.0.0 already pushed to me. Now upgraded perfectly to 1.0.1 from 0.28-something and reconfigured everything. Thanks for your work!

Oow and don't beat yourself up too much on this breaking change in the first place and the typo in 1.0.0. This stuff just happens in IT. And there is no shame in making mistakes, part of the process. You're delivering excellent quality, really appreciated.

[amaduain]

Seeing the new features, I believe this change worth it, thanks a lot for the nice addon, updated and reconfigured with no issues, always read the changelogs folks!

@frenck Keep up the good work!

[frenck]

@seancmalloy This seems to be caused by the way certbot is installed in the add-on. Could you open up a separate issue for tracking? Thanks!

../Frenck

[seancmalloy]

Will do. i only have a handful of proxy records to recreate no big deal. some others will find aderusha's scripts very useful. thanks. you guys rock.

[frenck]

Run this from the old container, save the result somewhere, and you can use the info to help re-create the new config:

This makes no sense. Don't send people into supervisor-managed containers. There are many people in this eco system that don't have experience with that. I have hidden your post for that exact reason.

In case you want to glance at your old configuration, just use the phpMyAdmin add-on to view the tables in the database. Same result, no command-line magic, no need to keep an old container around either.

[SergeyPomelov]

It's a poor excuse. You knew that many users will pull this data-wipe (a.k.a update) automatically (by any standarts it's a stable and maintained releases policy). Because devs won't ask for help to migrate simple structured data? I peeked inside, IMHO, most DB admins migrate harder chunks routinely. I had more love for this addon with all the flaws, and an addon just silently wiping your data one day leaving no logical choice but trash it.

[frenck]

Thanks, @SergeyPomelov. Unfortunately, it ain't a simple database migration. If the only roadblock was a database move, yeah, sure, I agree.

You knew that many users will pull this data-wipe (a.k.a update) automatically

I certainly hope not. IMHO, enabling that option is utterly stupid. I strongly discourage auto-updating. I always have. Regardless of this add-on, any update may have unexpected changes, that it will happily auto update into.

Please note you decide to enable such update features, not me.

[bcutter]

I certainly hope not. IMHO, enabling that option is utterly stupid. I strongly discourage auto-updating. I always have. Regardless of this add-on, any update may have unexpected changes, that it will happily auto update into.

Please note you decide to enable such update features, not me.

When I started with HA back in late 2020, auto-updates were enabled by default for all add-ons. After a massive issue due to auto-updating one addon I disabled it for all my addons - reading release notes, carefully planning updates is the right update strategy (for me). Just saying because if the default for a fresh HA setup still is "auto-updates enabled by default"... rant incoming.

2 cents over, I really appreciate the communication of this update, really outstanding. Thx Frenck!

[baldisos]

I just wanted to say thank you, i've read the release notes, took the time to plan it, made notes of my old config, upgraded, re-added all of my 20 proxy hosts, re-added the Let's Encrypt DNS Challenge, and it all works like a glove again. That all was about 10-15 Minutes of work, i spent humongous amounts of time longer configuring all of this for the first time. 😁

I really appreciate being honest about why things don't work and what has to be done to resolve that. Keep it up @frenck!

[AquaMorph]

I have auto updates enabled and was able to restore from a backup without issue. Resetting up my config took about 20 minutes but I am glad this addon is now stand alone. Automatic migration would have been nice but totally understand the complications and amount of work making it not worth it.

[aceat64]

It's a poor excuse. You knew that many users will pull this data-wipe (a.k.a update) automatically (by any standarts it's a stable and maintained releases policy).

I strongly disagree. Home Assistant's auto-update feature, while useful for some add-ons, is dangerous to enable for critical services. If you'd like to help out, I'd recommend submitting a PR to HA that would enable add-on developers to flag updates as breaking and prevent auto-updating to that version. That will solve the issue for all add-ons.

Also of note, your language came across to me as overly harsh. Please remember that this ecosystem is built on free, open-source software, and maintained by volunteers.

[D-side]

How would you renew this certificates?

@Jotasct you have to request new ones, most likely. If you're having issues with that, it's probably a "general question", not about this issue, and should be asked in the general NPM discussion spaces.

[crazybadger]

I'd been worrying about this for a couple of weeks, with the 'if it ain't broke' mantra winning the internal debate! Bit the bullet yesterday though and spent an hour documenting all of my existing settings (19 proxy hosts with Letsencrypt SSL) and then did the update today and recreated everything, which probably took another hour. Everything worked as expected though, and no issues, so thanks to all involved.

[JustBeanie]

Is the option to use a proper DBMS removed? I can't seem to find a spot to re-configure MariaDB.

[tjorim]

Is the option to use a proper DBMS removed? I can't seem to find a spot to re-configure MariaDB.

No need, the add-on now uses a built-in SQLite database.

[D-side]

Sorry, this will be a longie, but will hopefully tie up most loose ends that others have brought up into something conclusive.

(edit: if you'd like a tl;dr version: the change is for the better, and though it could be done without this extensive damage, now it's too late for that, we can only learn from this and move on)

---

Frankly, this notion of "proper DBMS" amuses me. "Proper" is a completely arbitrary descriptor that merely indicates someone's (usually speaker's) approval, and that approval is quite often just a dogma they learned in a different context which may be irrelevant here. Sure, SQLite may be a different type of DBMS compared to MariaDB, in that it's embeddable rather than a network service. Sure, it's not designed for highly concurrent loads.

But NPM has no need for any of it. In the vast majority of setups its database merely records information manually put in by a single administrator (no concurrency!) and automated renewals of dozens of hosts tops every 60 days (90d TTL - 30d lead time?) each. It's a nigh-nonexistent load by "enterprise-grade DBMS" standards that powerhouses like MariaDB aim for. Sure, both can happen simultaneously, but that loses, what, milliseconds per cert renew on lock contention at worst? And it has no use for network access, since in normal operation the only connection to that database would be from just one instance of the app.

And it keeps the whole thing in a few files most of the time, which you can easily back up at any time along with the rest of the files comprising application state. If you want to back up the app state, you already have to back up its files, which in case of NPM would be certificates and certbot configurations. Using SQLite allows the rest of the data to rely on the same backup mechanism as well. It makes properly supporting operation of the app simpler without making it function any worse.

---

Still, I agree: this addon could be phased out into archived/unmaintained state and a new one with SQLite version created in its place. Nobody would have their existing setups destroyed (their existence is unfortunate, but all too likely to just dismiss), and setting up one addon or another just like it from scratch doesn't make any difference.

But the damage here is already done. At this point we can only learn and move on.

• For some it's going to be turning off unattended addon updates.
• For some, never turning on unattended updates for anything still in versions 0.x to begin with, as these can break in any conceivable way on their way to 1.0 (it's considered common enough knowledge by many software people to omit, but for the rest, generally popular Semantic Versioning states that in writing in 4th point). Still, even minor upgrades above 1.0 can end horribly (I bet many in this thread have stories they can share, I have one as recent as from a few months ago).
• For some, paying more attention to their backup routines, so that when things break like this there's at least a quick recovery plan.
• For some it might even be motivation to improve the addon infrastructure to make cases like this less likely to happen in the future.
• For some, migrating NPM to be a user-managed container rather than an addon (sure, it's not recommended to run those alongside the supervisor, but people still do it).
• Some might just not upgrade, per the adage "if it ain't broke, don't fix it". (Which is dangerous, as the specifics of "broke" keep changing over time, as issues in just about everything rise to the surface.)

…not necessarily just one of these and maybe even something not on the list.

Please pick yours and if you don't have anything new and relevant to add to this discussion, please consider if the comment you intend to write will help anyone. (And this isn't a roundabout way of saying "don't", I mean exactly what these words say, and I'm sad that I even have to emphasize this.)

[elyobelyob]

I just check the name on all posts on this thread, and if it isn’t Frenck, it’s a moan. there are 47 people watching this getting bored of the moan and did the upgrade. That last message was tldr.Frenck, thanks for the efforts you put in. Most of us get it.On 4 Feb 2024, at 23:25, Pavel Peganov ***@***.***> wrote: Sorry, this will be a longie, but will hopefully tie up most loose ends that others have brought up into something conclusive. Frankly, this notion of "proper DBMS" amuses me. "Proper" is a completely arbitrary descriptor that merely indicates someone's (usually speaker's) approval, and that approval is quite often just a dogma they learned in a different context which may be irrelevant here. Sure, SQLite may be a different type of DBMS compared to MariaDB, in that it's embeddable rather than a network service. Sure, it's not designed for highly concurrent loads. But NPM has no need for any of it. In the vast majority of setups its database merely records information manually put in by a single administrator (no concurrency!) and automated renewals of dozens of hosts tops every 60 days (90d TTL - 30d lead time?) each. It's a nigh-nonexistent load by "enterprise-grade DBMS" standards that powerhouses like MariaDB aim for. Sure, both can happen simultaneously, but that loses, what, milliseconds per cert renew on lock contention at worst? And it has no use for network access, since in normal operation the only connection to that database would be from just one instance of the app. And it keeps the whole thing in a few files most of the time, which you can easily back up at any time along with the rest of the files comprising application state. If you want to back up the app state, you already have to back up its files, which in case of NPM would be certificates and certbot configurations. Using SQLite allows the rest of the data to rely on the same backup mechanism as well. It makes properly supporting operation of the app simpler without making it function any worse. Still, I agree: this addon could be phased out into archived/unmaintained state and a new one with SQLite version created in its place. Nobody would have their existing setups destroyed (their existence is unfortunate, but all too likely to just dismiss), and setting up one addon or another just like it from scratch doesn't make any difference. But the damage here is already done. At this point we can only learn and move on. For some it's going to be turning off unattended addon updates. For some, never turning on unattended updates for anything still in versions 0.x to begin with, as these can break in any conceivable way on their way to 1.0 (it's considered common enough knowledge by many software people to omit, but for the rest, generally popular Semantic Versioning states that in writing in 4th point). Still, even minor upgrades above 1.0 can end horribly (I bet many in this thread have stories they can share, I have one as recent as from a few months ago). For some, paying more attention to their backup routines, so that when things break like this there's at least a quick recovery plan. For some it might even be motivation to improve the addon infrastructure to make cases like this less likely to happen in the future. For some, migrating NPM to be a user-managed container rather than an addon (sure, it's not recommended to run those alongside the supervisor, but people still do it). Some might just not upgrade, per the adage "if it ain't broke, don't fix it". (Which is dangerous, as the specifics of "broke" keep changing over time, as issues in just about everything rise to the surface.) …not necessarily just one of these and maybe even something not on the list. Please pick yours and if you don't have anything new and relevant to add to this discussion, please consider if the comment you intend to write will help anyone. (And this isn't a roundabout way of saying "don't", I mean exactly what these words say, and I'm sad that I even have to emphasize this.) —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[Techknowledgeman]

I just check the name on all posts on this thread, and if it isn’t Frenck, it’s a moan. there are 47 people watching this getting bored of the moan and did the upgrade. That last message was tldr.Frenck, thanks for the efforts you put in. Most of us get it.On 4 Feb 2024, at 23:25, Pavel Peganov @.> wrote: Sorry, this will be a longie, but will hopefully tie up most loose ends that others have brought up into something conclusive. Frankly, this notion of "proper DBMS" amuses me. "Proper" is a completely arbitrary descriptor that merely indicates someone's (usually speaker's) approval, and that approval is quite often just a dogma they learned in a different context which may be irrelevant here. Sure, SQLite may be a different type of DBMS compared to MariaDB, in that it's embeddable rather than a network service. Sure, it's not designed for highly concurrent loads. But NPM has no need for any of it. In the vast majority of setups its database merely records information manually put in by a single administrator (no concurrency!) and automated renewals of dozens of hosts tops every 60 days (90d TTL - 30d lead time?) each. It's a nigh-nonexistent load by "enterprise-grade DBMS" standards that powerhouses like MariaDB aim for. Sure, both can happen simultaneously, but that loses, what, milliseconds per cert renew on lock contention at worst? And it has no use for network access, since in normal operation the only connection to that database would be from just one instance of the app. And it keeps the whole thing in a few files most of the time, which you can easily back up at any time along with the rest of the files comprising application state. If you want to back up the app state, you already have to back up its files, which in case of NPM would be certificates and certbot configurations. Using SQLite allows the rest of the data to rely on the same backup mechanism as well. It makes properly supporting operation of the app simpler without making it function any worse. Still, I agree: this addon could be phased out into archived/unmaintained state and a new one with SQLite version created in its place. Nobody would have their existing setups destroyed (their existence is unfortunate, but all too likely to just dismiss), and setting up one addon or another just like it from scratch doesn't make any difference. But the damage here is already done. At this point we can only learn and move on. For some it's going to be turning off unattended addon updates. For some, never turning on unattended updates for anything still in versions 0.x to begin with, as these can break in any conceivable way on their way to 1.0 (it's considered common enough knowledge by many software people to omit, but for the rest, generally popular Semantic Versioning states that in writing in 4th point). Still, even minor upgrades above 1.0 can end horribly (I bet many in this thread have stories they can share, I have one as recent as from a few months ago). For some, paying more attention to their backup routines, so that when things break like this there's at least a quick recovery plan. For some it might even be motivation to improve the addon infrastructure to make cases like this less likely to happen in the future. For some, migrating NPM to be a user-managed container rather than an addon (sure, it's not recommended to run those alongside the supervisor, but people still do it). Some might just not upgrade, per the adage "if it ain't broke, don't fix it". (Which is dangerous, as the specifics of "broke" keep changing over time, as issues in just about everything rise to the surface.) …not necessarily just one of these and maybe even something not on the list. Please pick yours and if you don't have anything new and relevant to add to this discussion, please consider if the comment you intend to write will help anyone. (And this isn't a roundabout way of saying "don't", I mean exactly what these words say, and I'm sad that I even have to emphasize this.) —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.>

He has a history of acting like an arrogant person. He has an obvious lack of focus on end user and wants to just go around making breaking changes and then put it on us.
He knew that would happen, otherwise this post would not exist.
He may be a skilled developer, but as a person he sucks. This is only one of many conflicts he has been at the root of over unilateral decision making.
This project needs to be democratised and no single person able to make big decisions like this.

[loopy321]

@Techknowledgeman why not fork and do it yourself? Otherwise stop spamming please.

[Techknowledgeman]

@Techknowledgeman why not fork and do it yourself? Otherwise stop spamming please.

If I would I could, and conversation is not spamming, I believe in accountability, especially in community projects.
So, you aren't my mother or father and I'm not subordinate to you so zip it.

[loopy321]

@Techknowledgeman, fork it then so we can hold you accountable.

[Techknowledgeman]

@Techknowledgeman, fork it then so we can hold you accountable.

Fork you, I'm busy saving the world from itself. From attitudes and thinking like Frenck

[RASBR]

Hello @D-side
Hello @frenck

When trying to issue new Let's Encrypt certificate:

Pressing test server reachability gives:
Error
"Communication with the API failed, is NPM running correctly?"

Logs

INFO: Service Nginx Proxy Manager exited with code 256 (by signal 5)
[18:34:04] INFO: Starting the Manager...
[2/9/2024] [6:34:04 PM] [Global   ] › ℹ  info      Using Sqlite: /config/database.sqlite
[2/9/2024] [6:34:04 PM] [Migrate  ] › ℹ  info      Current database version: none
[2/9/2024] [6:34:04 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[2/9/2024] [6:34:04 PM] [Setup    ] › ℹ  info      Logrotate completed.
[2/9/2024] [6:34:04 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[2/9/2024] [6:34:04 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[2/9/2024] [6:34:06 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[2/9/2024] [6:34:06 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[2/9/2024] [6:34:06 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[2/9/2024] [6:34:06 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[2/9/2024] [6:34:06 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[2/9/2024] [6:34:06 PM] [Global   ] › ℹ  info      Backend PID 757 listening on port 3000 ...
[2/9/2024] [6:34:06 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --preferred-challenges "dns,http" --disable-hook-validation  
Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/usr/lib/python3.11/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/usr/lib/python3.11/site-packages/certbot/_internal/main.py", line 28, in <module>
    from certbot import crypto_util
  File "/usr/lib/python3.11/site-packages/certbot/crypto_util.py", line 42, in <module>
    from certbot import interfaces
  File "/usr/lib/python3.11/site-packages/certbot/interfaces.py", line 21, in <module>
    from acme.client import ClientBase
ImportError: cannot import name 'ClientBase' from 'acme.client' (/usr/lib/python3.11/site-packages/acme/client.py)

    at ChildProcess.exithandler (node:child_process:422:12)
    at ChildProcess.emit (node:events:517:28)
    at maybeClose (node:internal/child_process:1098:16)
    at ChildProcess._handle.onexit (node:internal/child_process:303:5)
[09/Feb/2024:18:34:09 +0300] - 200 200 - GET https npm.sober.onl "/api/" [Client 176.28.201.25] [Length 60] [Gzip -] [Sent-to 192.168.100.231] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "https://npm.sober.onl/nginx/certificates"
[09/Feb/2024:18:34:09 +0300] - 200 200 - GET https npm.sober.onl "/api/users/me?expand=permissions" [Client 176.28.201.25] [Length 528] [Gzip -] [Sent-to 192.168.100.231] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "https://npm.sober.onl/nginx/certificates"

Request New with challenge
When proceeding directly using the challenge for GoDaddy like I did before upgrading about three weeks ago I get the below error Which I got right after updating, and the only way I found to keep things working was to upload my certificates as custom after the update.

Error
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --email "admin@sober.onl" --domains "*.sober.onl,sober.onl" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-8"
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from certbot.main import main
File "/usr/lib/python3.11/site-packages/certbot/main.py", line 6, in
from certbot._internal import main as internal_main
File "/usr/lib/python3.11/site-packages/certbot/_internal/main.py", line 28, in
from certbot import crypto_util
File "/usr/lib/python3.11/site-packages/certbot/crypto_util.py", line 42, in
from certbot import interfaces
File "/usr/lib/python3.11/site-packages/certbot/interfaces.py", line 21, in
from acme.client import ClientBase
ImportError: cannot import name 'ClientBase' from 'acme.client' (/usr/lib/python3.11/site-packages/acme/client.py)

      at ChildProcess.exithandler (node:child_process:422:12)
      at ChildProcess.emit (node:events:517:28)
      at maybeClose (node:internal/child_process:1098:16)
      at ChildProcess._handle.onexit (node:internal/child_process:303:5)

Logs:

[09/Feb/2024:18:35:10 +0300] - 200 200 - GET https npm.sober.onl "/api/users/me?expand=permissions" [Client 176.28.201.25] [Length 528] [Gzip -] [Sent-to 192.168.100.231] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "https://npm.sober.onl/nginx/certificates"
[09/Feb/2024:18:35:11 +0300] - 200 200 - GET https ha.sober.onl "/?external_auth=1" [Client 176.28.201.25] [Length 1921] [Gzip -] [Sent-to 192.168.100.231] "Mozilla/5.0 (Linux; Android 13; SM-N985F Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/121.0.6167.164 Mobile Safari/537.36" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2041] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 7758] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 7758] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:12 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 7758] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:13 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 7758] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:13 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 151] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:13 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 151] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:13 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 151] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:13 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 120] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:17 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:18 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 2] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:18 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 7758] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[09/Feb/2024:18:35:18 +0300] - 200 200 - POST https ha.sober.onl "/api/webhook/5c398608f492cb7c0efaf6857ed039eb560e9c681bac38c81d14fa59ec64a0f5" [Client 176.28.201.25] [Length 81] [Gzip -] [Sent-to 192.168.100.231] "Home Assistant/2024.1.5-12102 (Android 13; SM-N985F)" "-"
[2/9/2024] [6:35:19 PM] [Nginx    ] › ⬤  debug     Deleting file: /config/nginx/proxy_host/19.conf
[2/9/2024] [6:35:19 PM] [Nginx    ] › ⬤  debug     Deleting file: /config/nginx/proxy_host/19.conf.err
[2/9/2024] [6:35:19 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "syscall": "unlink",
  "code": "ENOENT",
  "path": "/config/nginx/proxy_host/19.conf.err"
}
[2/9/2024] [6:35:19 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[2/9/2024] [6:35:19 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates via GoDaddy for Cert #9: *.sober.onl, sober.onl
[2/9/2024] [6:35:19 PM] [SSL      ] › ℹ  info      Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_godaddy_secret = Q6ZoPaR5U9rva1Kc5Nm9aL
dns_godaddy_key = gHVX1Xdypxf6_SwUzE1VEtwejxKAbqGvVP4' > '/etc/letsencrypt/credentials/credentials-9' && chmod 600 '/etc/letsencrypt/credentials/credentials-9' && pip install certbot-dns-godaddy~=0.2.0  && certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-9" --agree-tos --email "admin@sober.onl" --domains "*.sober.onl,sober.onl" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-9"
2024/02/09 18:35:19 [warn] 173#173: protocol options redefined for 0.0.0.0:443 in /config/nginx/proxy_host/10.conf:14
[2/9/2024] [6:35:20 PM] [Nginx    ] › ℹ  info      Reloading Nginx
2024/02/09 18:35:20 [warn] 173#173: protocol options redefined for 0.0.0.0:443 in /config/nginx/proxy_host/10.conf:14
[2/9/2024] [6:35:20 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-9" --agree-tos --email "admin@sober.onl" --domains "*.sober.onl,sober.onl" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-9"
Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/usr/lib/python3.11/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/usr/lib/python3.11/site-packages/certbot/_internal/main.py", line 28, in <module>
    from certbot import crypto_util
  File "/usr/lib/python3.11/site-packages/certbot/crypto_util.py", line 42, in <module>
    from certbot import interfaces
  File "/usr/lib/python3.11/site-packages/certbot/interfaces.py", line 21, in <module>
    from acme.client import ClientBase
ImportError: cannot import name 'ClientBase' from 'acme.client' (/usr/lib/python3.11/site-packages/acme/client.py)

Any advise to solve this before things break down?
Thanks in advance
RS

[D-side]

ImportError: cannot import name 'ClientBase' from 'acme.client' (/usr/lib/python3.11/site-packages/acme/client.py)

@RASBR looks like #513

[RASBR]

Hi @D-side
Sadly I have no experience/knowledge at all in the SSL things, that's why I was very pleased with NPM to start with. I read through #513 but honestly I couldn't find some straight forward solution.

Before the update I used to have a docker container on a separate host. When it failed I switched to the HA add-on of NPM. my question:
Should I uninstall the add-on and revert back to the docker host server? Which tag should I install so it can work automatically?
Thanks
RS

[D-side]

honestly I couldn't find some straight forward solution.

@RASBR that's just where the discussion about that specific issue is at. If there's no solution there, then in all likelihood somebody has yet to identify and post it.

Sadly, yes, if the feature is broken in the current version of the addon, you may very well be better served by alternative installation methods. I myself can't help with that I'm afraid, but NPM's community might.

[Jodajoth]

nvm i did the final step of the SSL config and after that it works!

Hello @frenck ,
I have 0.12.3 installed and when I look via the webgui I have nothing configured but the addon is working(when I stop the addon the resolving to my duckdns stops working).

After I update it also stops working and I tried configuring a proxy host without success (could be mistakes from my part). Is there some way of seeing if the addon is using some background config?
My HA is running in a virtualbox docker by btw
thanks in advance,
Joep

[RASBR]

Hello @D-side
Hello @frenck

in regards to the GoDaddy autorenewal or new certificate issuance error in this post, has there been any break throughs? or updates?

or what do you recommend for a none experienced guy (in regards to certificates and SSL) as an alternative?

I appreciate any guidance as I have less than a week before my certificates expire.
Regards,
R.S

[D-side]

@RASBR I'm afraid I can't help since I stopped using this addon and HassOS entirely (for reasons unrelated to this issue) and I don't have access to GoDaddy to check anything (because of the ongoing war).

Outside of leaving HassOS (which is probably a significant amount of work), I can only think of either restoring a prior backup of NPM (if you have one) or finding another addon (haven't tried any, got nothing to recommend, but I know Nginx, Caddy and Traefik work alright in general, so addons with them probably exist).

You can also subscribe to #513 and receive all the updates on it as they appear. I'm not watching it.

[RASBR]

@D-side I will start looking for alternatives to NGINX to be ready in case there is no solution.

Thanks you for taking the time to reply. much appreciated.

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[hensing]

I had exactly the same problems and tried then to move over to the letsencrypt add-on, that didn't work either...

Here I got at least another error messages from certbot:
Turns out: I seems, that for newer versions of certbot you need a CAA DNS record for your domain.
Once added it worked perfectly with the LE-add-on.

Moving back to NPM (and deleting all old configs manually) I was able to get a new cert using a dns challenge in nginx-proxy-manager 🥳

Hope it helps for you too!