Blocked IP address / Nginx Proxy Manager and let's encrypt certificate

I contact you because I think my IP was blocked, I tried to used Nginx Proxy Manager, made multiple test to deploy server and connect with a domain name, it fails multiple times until now that I have my domain name links to it but I have a problem now to generate a certificate and I think that it kinda not appreciate my multiple tries...

My domain is:
api-blog.duckdns.com

I try to figure it out on a Raspberry Pi 4B model

Please find below the line with the log error :

[2/18/2023] [9:25:37 AM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-32" --agree-tos --authenticator webroot --email [redacted] --preferred-challenges "dns,http" --domains "api-oblog.duckdns.org"

I've found this answer from the community :

Can anybody help me ?

Thank you

PS: I join to this ticket the complete logs
_nginx-app-1_logs.txt (10.4 KB)

Welcome to the community @yumi-code

Thanks for providing the detailed log. The key error in that is:

An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb586dab0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

Your system DNS lookups are not working (name resolution failed). This is not related to a blocked IP (which are fairly rare).

What do these commands show?

curl -I https://acme-v02.api.letsencrypt.org/directory

curl -I https://google.com
4 Likes

Hi @MikeMcQ,

Thank you :slight_smile:

The first command show :

yumi@raspberrypi:~ $ curl -I https://acme-v02.api.letsencrypt.org/directory
HTTP/2 200
server: nginx
date: Sun, 19 Feb 2023 16:02:51 GMT
content-type: application/json
content-length: 756
cache-control: public, max-age=0, no-cache
replay-nonce: 327CJvW2OAYtXi8IrWhnHPaUuuChEcCeAfVItZQw3fVGuBo
x-frame-options: DENY
strict-transport-security: max-age=604800

And the second :

yumi@raspberrypi:~ $ curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
date: Sun, 19 Feb 2023 16:03:54 GMT
expires: Sun, 19 Feb 2023 16:03:54 GMT
cache-control: private, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+410; expires=Tue, 18-Feb-2025 16:03:54 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

I thought that maybe I tried so much to ask for a certificate ...

Thanks for your help

4 Likes

Those prove two things. One, that your IP is not blocked and two that the DNS resolving seems good now.

Does the cert request still fail? Maybe it was temp problem or one that is now fixed.

If it fails can you upload the detailed log again? Thanks

4 Likes

@MikeMcQ I wouldn't be surprised if NPM (:nauseated_face:) was running in Docker.

4 Likes

Yes it's still fail and @Osiris right, I forgot to give this details that Nginx Proxy Manager runs in Docker.

I think I have to restart all. I'll keep you informed.

3 Likes

We regularly see Docker instances with DNS trouble. I don't know anything about Docker, so can't help you with fixing that.

By the way, this is not really a "ticket", which would imply this is some kind of official support system with tickets. Although it ís the official Let's Encrypt support channel, this more a Community (hence the subdomain :wink:) with mainly volunteers replying (although often there's also [valuable] input from the LE staff). So I wouldn't say this is a "ticket" but more just a "thread" on a support forum :slight_smile:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.