Creating certificate with Nginx

Hello,

I installed unraid an ngixn proxy managers.
Everything went smooth until I want to make a lets encrypt certificate.

This is the error I'm getting.

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-12" --agree-tos --authenticator webroot --email "hello@sermonbob.be" --preferred-challenges "dns,http" --domains "homeassistant.sermonbob.be"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:399:12)
at ChildProcess.emit (node:events:526:28)
at maybeClose (node:internal/child_process:1092:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

Unfortunately the """error""" you're seeing is a complete and utterly useless message from NPM where it actually made the ACTUAL and relevant error message from Certbot disappear. NPM is a complete waste of time/development effort and just a piece of (#)$()# in my opinion (regarding it's way it handles Certbot anyway).

That said, could you perhaps please show the contents of the file /var/log/letsencrypt/letsencrypt.log? Hopefully it contains something useful. When posting the output, please put three backticks (```) above and below the output for better formatting on the Community.

Also, I noticed from the Server reply of homeassistant.sermonbob.be ("Python/3.10 aiohttp/3.8.1") that it's directly connecting to your Home Assistant. So it seems your nginx is completely bypassed? In that case it would make sense nginx/NPM would fail.

2022-10-26 02:46:09,337:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-10-26 02:46:09,337:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-14', '--agree-tos', '--authenticator', 'webroot', '--email', 'hello@sermonbob.be', '--preferred-challenges', 'dns,http', '--domains', 'homeassistant.sermonbob.be']
2022-10-26 02:46:09,338:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-10-26 02:46:09,356:DEBUG:certbot._internal.log:Root logging level set at 30
2022-10-26 02:46:09,358:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-10-26 02:46:09,363:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x148f22b1a780>
Prep: True
2022-10-26 02:46:09,364:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x148f22b1a780> and installer None
2022-10-26 02:46:09,364:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-10-26 02:46:09,370:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/791975102', new_authzr_uri=None, terms_of_service=None), f1872171a3a7c5bb71082bec44b95cc8, Meta(creation_dt=datetime.datetime(2022, 10, 24, 14, 22, 7, tzinfo=<UTC>), creation_host='c5ea9a0c50ca', register_to_eff=None))>
2022-10-26 02:46:09,371:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-10-26 02:46:09,373:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-10-26 02:46:09,811:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-10-26 02:46:09,812:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Oct 2022 09:46:09 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "ffoiHgA514A": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-10-26 02:46:09,813:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for homeassistant.sermonbob.be
2022-10-26 02:46:09,818:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0010_key-certbot.pem
2022-10-26 02:46:09,822:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-certbot.pem
2022-10-26 02:46:09,823:DEBUG:acme.client:Requesting fresh nonce
2022-10-26 02:46:09,823:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-10-26 02:46:09,960:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-10-26 02:46:09,961:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Oct 2022 09:46:09 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FDYqU7kA6PQsSNCYLEYGBvoCUeseR90ApJp3scs9lQhQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-10-26 02:46:09,961:DEBUG:acme.client:Storing nonce: 891FDYqU7kA6PQsSNCYLEYGBvoCUeseR90ApJp3scs9lQhQ
2022-10-26 02:46:09,961:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "homeassistant.sermonbob.be"\n    }\n  ]\n}'
2022-10-26 02:46:09,963:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzkxOTc1MTAyIiwgIm5vbmNlIjogIjg5MUZEWXFVN2tBNlBRc1NOQ1lMRVlHQnZvQ1Vlc2VSOTBBcEpwM3NjczlsUWhRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "arBI3xF4QDnhy8csx-ehQ8wacn8uS8ETIZklTFAIkZJ-rhRFdTOIKI2Rg6AfkrM9qrrLF2AKkBV9NuO_Qyd3ROpDPdroxZMHmKA250S0fBcKbcmkB1NhvoV7zEDl3dB699mj42t4v-OmSplSlbix-4EL02VoeA4IRTmddEPLgTXQ_DUXFJzIaayC08n31JE6G3xGMpRB8oH4rrzuSeJ6O9vzgqhhY3YNiUlxBHBuvzaeZWk_Osx9a4JfegaZHrgwjNihsWa501UUydoyb8YzXDHyU5JF_TMq_J-NhG4WQynYn4GiK90wzoAn0cPeT3GaW83Mc98kNRMUvUz7dpoGSw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImhvbWVhc3Npc3RhbnQuc2VybW9uYm9iLmJlIgogICAgfQogIF0KfQ"
}
2022-10-26 02:46:10,330:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 351
2022-10-26 02:46:10,331:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 26 Oct 2022 09:46:10 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 791975102
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/791975102/138088951697
Replay-Nonce: 891F18ZZuXDsZbKZs_8exTmrc9LZcjH1wffz1zvmzcqTq3I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-11-02T09:46:10Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "homeassistant.sermonbob.be"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/168885404297"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/791975102/138088951697"
}
2022-10-26 02:46:10,331:DEBUG:acme.client:Storing nonce: 891F18ZZuXDsZbKZs_8exTmrc9LZcjH1wffz1zvmzcqTq3I
2022-10-26 02:46:10,331:DEBUG:acme.client:JWS payload:
b''
2022-10-26 02:46:10,333:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168885404297:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzkxOTc1MTAyIiwgIm5vbmNlIjogIjg5MUYxOFpadVhEc1piS1pzXzhleFRtcmM5TFpjakgxd2ZmejF6dm16Y3FUcTNJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjg4ODU0MDQyOTcifQ",
  "signature": "Ky0aBIjSbqzL6AbY0xr2ctrnH8WV_xzi576919ADC6KZ5GncPie5qaJIYDwU7lU9l_4pZ033N6n8df4CA0mz3dGkU0WP7FwjwK8V1zuWCVhAejtXLhMeHhmMVyDwOEQgHBf0crgHDXTnG-VT3sWkB4qM_AZDYPMBZl5XUYHUM-rcSOFIyMAzEWed8LGqFsrWUo0c4qCbEGl9Jf7V01cZAA71xe5Uw2Za6yRXolNAabCNNlbu-Rg82HGLW-ZZmGH7NxTrS9xJ9DPdxEbA8elF7fjdlHKrOoFwmAlaJwUnDvtFFdQpjzivpzCPNn4miB1gJyP7lHxPqRkAHzXuqdtAcQ",
  "payload": ""
}
2022-10-26 02:46:10,493:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168885404297 HTTP/1.1" 200 810
2022-10-26 02:46:10,494:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Oct 2022 09:46:10 GMT
Content-Type: application/json
Content-Length: 810
Connection: keep-alive
Boulder-Requester: 791975102
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1DFARJNGhn7esP5usq_JBbVfa5buIaLzeWS1-8xHpXrLb6c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "homeassistant.sermonbob.be"
  },
  "status": "pending",
  "expires": "2022-11-02T09:46:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/gQY1vA",
      "token": "BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/pL_GCQ",
      "token": "BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/-4XCUA",
      "token": "BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w"
    }
  ]
}
2022-10-26 02:46:10,494:DEBUG:acme.client:Storing nonce: 1DFARJNGhn7esP5usq_JBbVfa5buIaLzeWS1-8xHpXrLb6c
2022-10-26 02:46:10,494:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-10-26 02:46:10,494:INFO:certbot._internal.auth_handler:http-01 challenge for homeassistant.sermonbob.be
2022-10-26 02:46:10,495:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2022-10-26 02:46:10,495:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2022-10-26 02:46:10,498:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w
2022-10-26 02:46:10,499:DEBUG:acme.client:JWS payload:
b'{}'
2022-10-26 02:46:10,501:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/gQY1vA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzkxOTc1MTAyIiwgIm5vbmNlIjogIjFERkFSSk5HaG43ZXNQNXVzcV9KQmJWZmE1YnVJYUx6ZVdTMS04eEhwWHJMYjZjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjg4ODU0MDQyOTcvZ1FZMXZBIn0",
  "signature": "Q7JRgJDq0R-Td6M7iIDXAAg8MUrCubYo9cTXJ9rPdmja1RixwfYvZuzCV-ccTDs4YcUL_Dfx3FkG1iGS_9ieViHNyxly0mySvmxlJn7U7F_TsdUrLcFJGtsPQv9MItlhacWN2bioPu9VvcheIj3XqqcmZ12U4AEB9hJ9wfCOhgUn_3eDu_0PGM8F5inNaxM7ZyyWmUgt9CvdKWKS1Id3gs5wNyWGwPyg0osoDJt9vM67Ts-mFhJEvig1yOR7qL4wKJNvrzYNT982z56tLGiRpF1Oyy-tv3cmGJOFeuPuhD0I8-WFvKaM6VSZ-YgG50qTGl63U14tQRv0fRczjmwI2Q",
  "payload": "e30"
}
2022-10-26 02:46:10,665:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/168885404297/gQY1vA HTTP/1.1" 200 187
2022-10-26 02:46:10,666:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Oct 2022 09:46:10 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 791975102
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/168885404297>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/gQY1vA
Replay-Nonce: 1AADxOChnLniSO7CnS8YKzczddDXr26KtVCt2WxeIJEf2eQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/gQY1vA",
  "token": "BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w"
}
2022-10-26 02:46:10,666:DEBUG:acme.client:Storing nonce: 1AADxOChnLniSO7CnS8YKzczddDXr26KtVCt2WxeIJEf2eQ
2022-10-26 02:46:10,666:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-10-26 02:46:11,667:DEBUG:acme.client:JWS payload:
b''
2022-10-26 02:46:11,669:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168885404297:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzkxOTc1MTAyIiwgIm5vbmNlIjogIjFBQUR4T0NobkxuaVNPN0NuUzhZS3pjemRkRFhyMjZLdFZDdDJXeGVJSkVmMmVRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjg4ODU0MDQyOTcifQ",
  "signature": "T62zPd-H-nHuOnAGJ8Wc-_OtigknFGNXqHkf9mJoOC1h0_VtuRQFdVE8UKQjDEpzQsLO4ue8SdqSXCgM6K4f63j3Med8LN8AVM-i8trINcfq8fre6kO3L_zvtUWEoA1t4dbPMf7BzdGRUxkWxElsoFG63QLjl-IR3KjFN5itlzabQC4G6PW580FkujkoubNsecaHeAOtsJxrFlEt4LIqvu30PWbXtiQX64ZwUbUP05EJc0LdDkAj7ZXHt5_u5BS0v6K-pzeHCuCLK1lIKlrrM6QGLmHBN6wWqReQ71CklbYP-l2ee7uRsxqsCuJBCPoSDpmFN6ESx3BHoxGFBcAyxQ",
  "payload": ""
}
2022-10-26 02:46:11,821:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168885404297 HTTP/1.1" 200 1075
2022-10-26 02:46:11,822:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Oct 2022 09:46:11 GMT
Content-Type: application/json
Content-Length: 1075
Connection: keep-alive
Boulder-Requester: 791975102
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AAD65GpLa0p8ptB1zmGNri3706eu_mitjfNNdpPcSOO_UI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "homeassistant.sermonbob.be"
  },
  "status": "invalid",
  "expires": "2022-11-02T09:46:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "83.217.151.212: Invalid response from http://homeassistant.sermonbob.be/.well-known/acme-challenge/BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168885404297/gQY1vA",
      "token": "BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w",
      "validationRecord": [
        {
          "url": "http://homeassistant.sermonbob.be/.well-known/acme-challenge/BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w",
          "hostname": "homeassistant.sermonbob.be",
          "port": "80",
          "addressesResolved": [
            "83.217.151.212"
          ],
          "addressUsed": "83.217.151.212"
        }
      ],
      "validated": "2022-10-26T09:46:10Z"
    }
  ]
}
2022-10-26 02:46:11,822:DEBUG:acme.client:Storing nonce: 1AAD65GpLa0p8ptB1zmGNri3706eu_mitjfNNdpPcSOO_UI
2022-10-26 02:46:11,823:INFO:certbot._internal.auth_handler:Challenge failed for domain homeassistant.sermonbob.be
2022-10-26 02:46:11,823:INFO:certbot._internal.auth_handler:http-01 challenge for homeassistant.sermonbob.be
2022-10-26 02:46:11,823:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: homeassistant.sermonbob.be
  Type:   unauthorized
  Detail: 83.217.151.212: Invalid response from http://homeassistant.sermonbob.be/.well-known/acme-challenge/BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2022-10-26 02:46:11,823:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-10-26 02:46:11,823:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-10-26 02:46:11,824:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-10-26 02:46:11,824:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/BkyV8w6aC3hv56_oICHAA1jpDaXcvV7TabZtgG6YP0w
2022-10-26 02:46:11,824:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-10-26 02:46:11,825:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1715, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-10-26 02:46:11,826:ERROR:certbot._internal.log:Some challenges have failed.

OK, this is in line with what my edit said above. HomeAssistant replies with a 404 file not found because nginx is bypassed.

By the way, your main website seems to be hosted on Google Cloud, but homeassistant.sermonbob.be on your own (Telenet) premise, right? If so, where are you actually running the NPM you're now using? At Google Cloud or at your own server at home where your HA actually runs?

My domain name is on siteground and there I created an A record with my home IP adress. I want to access my HA remotely and securly

And you're running this nginx/NPM where exactly?

Unraid as a docker

But on your Siteground hosting or at home?

Because as I said earlier, when connecting to homeassistant.sermonbob.be I'm getting direct access to your Home Assistant when looking at the Server header, so no nginx what so ever.

At home on my NUC server.

In that case you should make sure external port 80 is portmapped to internal port 80 in Docker/nginx instead of to the HomeAssistant instance. And the same for port 443.

By the way, currently your port 443 is configured as HTTP and not as HTTPS.

This is in my Unraid settings.

image1596×166 3.51 KB

This is in my home router forwarding.

Screenshot 2022-10-26 at 14.35.011608×1092 56.6 KB

So as I suspected, you've portmapped external port 80 (and 443?!?) directly to HomeAssistant. So completely bypassing whatever is running on Unraid/Docker/NPM/nginx/whatever.

So I just remove them from my port forwarding?

No, there should be a portmap, but just not to HomeAssistant directly, but to your nginx instance.

I have a feeling you might want to read up more about networking in general (or your setup in general) before you'll try go get a certificate

Ok, thx.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.