Create new ssl on nginx revers proxy fails

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dash.tmdev.pro

I ran this command: used web interface in Nginx Reverse Proxy server (running in Docker)

It produced this output: Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version): Nginx Proxy Manager v2.11.3

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes (bash in container)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Nginix

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.11.0

2

Welcome @tmurj

I see your DNS is proxied at Cloudflare so you are using its CDN. Am I correct in thinking you are trying to get a cert for your Origin server behind the CDN?

If so, have you considered using the Cloudflare CA Origin cert instead? I am not sure how NPM supports that but they may have docs. Without NPM you just use the Cloudflare panels, request one very long-lived cert (like 15 years life) and then install it on your Origin.

Otherwise we will need to see the log produced by Certbot. Sadly, NPM does not make it easy to debug such problems.

Or, maybe it is that all requests I tried to your domain got a 403 Forbidden reply. Could be related to this

curl -i http://dash.tmdev.pro/.well-known/acme-challenge/Test404
HTTP/1.1 403 Forbidden
Server: cloudflare

and also "home" page

curl -i https://dash.tmdev.pro
HTTP/2 403
server: cloudflare
4 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.