Can't get Certificate with Nginx Proxy Manager for homeserver ip

Help
1

My domain is: lemmyslab.duckdns.org
I installed Nginx proxy manager in a docker container on my home server.
I got a domain from duckdns.org (lemmyslab.duckdns.org).

I followed along with this youtube tutorial to set up let's encrypt for my home server ip adress (https://www.youtube.com/watch?v=qlcVx-k-02E). I did everything as mentioned, but when I want to generate the certificate I get the following errors:

Sometimes this:

      Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-25" --agree-tos --email "weihrauch.business@gmail.com" --domains "lemmyslab.duckdns.org" --authenticator dns-duckdns --dns-duckdns-credentials "/etc/letsencrypt/credentials/credentials-25" --dns-duckdns-propagation-seconds 120
      Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
      The resolution lifetime expired after 5.403 seconds: Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.
      Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

And sometimes this:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-21" --agree-tos --email "weihrauch.business@gmail.com" --domains "lemmyslab.duckdns.org" --authenticator dns-duckdns --dns-duckdns-credentials "/etc/letsencrypt/credentials/credentials-21" --dns-duckdns-propagation-seconds 120
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Encountered exception during recovery: certbot.errors.PluginError: HTTPSConnectionPool(host='www.duckdns.org', port=443): Max retries exceeded with url: /update?token=redacted&domains=lemmyslab.duckdns.org&txt=&clear=true (Caused by NameResolutionError(": Failed to resolve 'www.duckdns.org' ([Errno -2] Name or service not known)"))
The resolution lifetime expired after 5.403 seconds: Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.11 UDP port 53 answered The DNS operation timed out.
Ask for help or search for solutions at https://community.letsencrypt.org/. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

I put my ip into the duckdns ip field and used the api key for the DNS Challange within nginx proxy manager.

I also exposed the ports 80, 81 and 443 in my docker compose file.

Could this be a problem with my router?

2

We hate Nginx Proxy Manager.

That said, it looks like some DNS resolution failure. Try restarting your docker daemon.

4 Likes
3

A restart didn't work.
Do you have suggestions for an alternative service that is kinda user user-friendly for beginners?

4

The problem is clearly the DNS service at 127.0.0.11 [is unable to reach a DNS resolve]:

I would not rule out the other pieces to the puzzle in your search to correct that, like:

  • the DNS service itself [why is it using itself for DNS? the Internet is full of free caching DNS services]
  • docker [DNS settings may be missing/misconfigured]
  • firewalls [local firewalls - within the container and the host, as well as the router/firewall]
  • routing [does the container correctly route to the Internet?]
2 Likes
5

hmm...
K.I.S.S. principle.
Using NPM is far from that.

And rightly so; Nginx Proxy Manager usually overcomplicates things and is largely to blame for the problem it creates and makes so very difficult to find/correct.

3 Likes
6

Use a webserver by itself, nginx is fine on its own. Add certbot.

If you want everything in an easy to use container, use Caddy. By itself.

4 Likes
7

@l2xu You should change your DuckDNS token immediately! It was leaked in one of the queries in the log in your first post. I've removed it from your post, but it has been on the internet for about 2 hours now.

7 billion people could have issued a certificate for your hostname without you knowing. Heck, I just issued a (staging!) certificate just now (to verify it actually was your token).

4 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.