Can't create SSL certificate

My domain is:
shevchenko.online

I did this:
Tried adding SSL certificate for a subdomain in NginxProxyManager (via NameCheap API)

It produced this output:
I'm getting the following error
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Unable to determine zone identifier for emby.shevchenko.online using zone names: ['emby.shevchenko.online', 'shevchenko.online', 'online']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at /opt/nginx-proxy-manager/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:410:5)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

The operating system my web server runs on is (include version):
I'm running UnRaid 7.0.0

My hosting provider, if applicable, is:
domain is hosted on nic.ua, but i'm using Namecheap for my DNS

I can login to a root shell on my machine (yes or no, or I don't know):
I have full access to my Unraid server, if that what it means

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
NGM certbot version 3.1.0

Additional info:
NGM can't see this subdomain as reachable. I'm getting either "Failed to check the reachability due to a communication error with site24x7.com" or "There is no server available at this domain" or "There is a server found at this domain but it returned an unexpected status code Invalid domain or IP. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running."
The output seems to be random, I found no particular logic in what message I see, however it may stay the same for some time and only change in some time.

Hello @valiksheva, welcome to the Let's Encrypt community.

Please show the output of sudo certbot certificates

I do not believe HTTPS is being served on Port 443

HTTP on Port 80 response of HTTP/1.1 302 Found

$ curl -k -Ii http://emby.shevchenko.online:80
HTTP/1.1 302 Found
Server: openresty
Date: Fri, 21 Feb 2025 21:23:50 GMT
Connection: keep-alive
Location: web/index.html
X-Served-By: emby.shevchenko.online

HTTP on Port 443 response of HTTP/1.1 400 Bad Request

$ curl -k -Ii http://emby.shevchenko.online:443
HTTP/1.1 400 Bad Request
Server: openresty
Date: Fri, 21 Feb 2025 21:24:00 GMT
Content-Type: text/html
Content-Length: 252
Connection: close

HTTPS on Port 443 fails to respond

$ curl -k -Ii https://emby.shevchenko.online:443
curl: (35) OpenSSL/3.0.13: error:0A000458:SSL routines::tlsv1 unrecognized name

And here is a list of issued certificates for emby.shevchenko.online crt.sh | emby.shevchenko.online

Hi.
Thanks for fast response!

certbot certificates shows

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certificates found.

sudo does not work for this docker on Unraid, I hope it does not matter.

I tried to find a debug file but it is nowhere to be found...

Ok, I found a workaround. I can just generate SSL without DNS challenge and it seems to work. However, its is stills wierd that it does not with DNS challenge, because as you see I managed to do this before with a bunch of certificates generated earlier.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.