Challenges have failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cirosanchez.me

I ran this command: idk, im using nginx proxy manager?

It produced this output: LearnSpigot: Paste

My web server is (include version): nginx v2.11.2

The operating system my web server runs on is (include version): ubuntu 22.04

My hosting provider, if applicable, is: holynodes

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Portainer 2.19.5, Nginx 2.11.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.10.0

Looks like everything goes according to plan with adding and removing the TXT challenge using Cloudflare, but for some reason the Let's Encrypt resolver can't find it. Maybe the 10 seconds propogation time is just too short? Any way to increase that in NPM?

Also, nginx seems to be working just fine, is there any reason why NPM would opt for the dns-01 challenge instead of the much simpeler http-01 challenge? You're not requesting a wildcard certificate which would mandate the dns-01 challenge..

Maybe 2 questions for the NPM support channel(s)

Yes as @Osiris suggests, you need to wait at least 30 seconds for cloudflare DNS updates to reach all the nameservers. I believe this is called "Propagation Seconds" in the nginx proxy manager UI: HomeLab: Nginx-Proxy-Manager: Setup SSL Certificate with Domain Name in Cloudflare DNS | by Life-is-short--so--enjoy-it | Medium

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.