Cannot create cert with NGINX on TrueNAS

My domain is: brodieman.us

I ran this command: Proxy Host Request a new SSL cert

It produced this output: PermissionError: [Errno 1] Operation not permitted: '/etc/letsencrypt/renewal/npm-6.conf'

The operating system my web server runs on is (include version): TrueNAS ElectricEel-24.10.1

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I just installed TrueNAS and I am installing NGINX Proxy Manager (I had this running on my old NAS fine). When I try and create an SSL cert from the Proxy Host I get the permissions error above. I have looked, permissions appear to be correct, the user the app is running on should have permissions to the folder.

Thanks for any help!

That sounds like a system configuration problem which is probably best addressed at the NPM support forum.

Debugging NPM is difficult as it often hides the essential info of what happened. Like in this case. NPM looks to have some kind of trouble reading or writing its own conf file. Maybe it created it wrong and a different program can't read it. Hard to say. The NPM forum is better equipped to instruct you about this.

2 Likes

I do have other posts out there in different areas (I cannot access my HTTPS site until I resolve this).

The logs said to reach out here so I figured I would try. I am assuming it's either TrueNAS OS or the TrueNAS app.

Thanks

1 Like

Yeah, fair enough to try here. NPM uses a program named Certbot to get the certificates. And, Certbot links to this forum for any error. Literally any error even if used to get a cert from Google rather than Let's Encrypt for example :slight_smile:

We see NPM problems often enough to know whether it is something we can assist with or not. I am confident this problem is better addressed with NPM.

3 Likes

I have been playing around, now I am getting

too many certificates (5) already issued for this exact set of domains in the last 168h0m0s

Does it register something on Let's Encrypts end?

Yes, that's an error from Let's Encrypt when you exceed its Rate Limits. The full error message provides a link to more details and the date/time when you can try again. The NPM system probably doesn't make it easy to see but you might find that in Certbot's .../letsencrypt.log

We can see from the public Certificate Transparency logs you have gotten a bunch of certs for actual subdomain. If your system is not using these certs that, again, is an NPM problem.

The details about Rate Limits are also here: Rate Limits - Let's Encrypt

2 Likes

Is that local then or would my old setup count? Currently I deleted the new setup and I am going to try and start again. Is there something I have to delete for other instances or is it only for the current instance?

It is any cert from any system by anyone (for those domain names). It is in the (permanent) Let's Encyrypt database, if you will. LE actually issued those certs and used resources to do so. That is what is being limited. The LE Staging system is best used when testing. I don't know how you do that with NPM.

From the page I linked

Up to 5 certificates can be issued per exact same set of hostnames every 7 days. This is a global limit, and all new order requests, regardless of which account submits them, count towards this limit. The ability to request new certificates for the same exact set of hostnames refills at a rate of 1 certificate every 34 hours.

1 Like

The certs never got created on my end. I assume them, I am screwed for 7 days for the domain actual.brodieman.us?

Not correct. Your system requested the certs and got them. That it "lost" them is a problem for the NPM people to sort out.

1 Like

Sorry, yeah, that is kind of what I meant. It was created on LE end but my system never got them or was able to save them. I assume I am going to have to wait 7 days to try again?

Asked and answered already

2 Likes

Thanks sorry!

1 Like