Error with certbot authentification

My domain is hephaestus.thezion.one and I am trying to run Pterodactyl Panel using SSL with Nginx Proxy Manager and Cloudfare. I am running Pterodactyl Panel and Nginx Proxy Manager in dockers (with docker-compose) on Ubuntu 22.04.1 LTS on Oracle Cloud. I generated a SSL Origin Server certificate on Cloudflare and I put the certificate and the key here /etc/letsencrypt/live/hephaestus.thezion.one/fullchain.pem /etc/letsencrypt/live/hephaestus.thezion.one/privkey.pem. Cloudflare is configured to like this for DNS:
Imgur

Imgur
Nginx Proxy manager is configured like this:
Imgur
Imgur
Imgur

Pterodactyl conf is this: `server_tokens off;

server {
listen 80;
server_name hephaestus.thezion.one;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
server_name hephaestus.thezion.one;

root /var/www/pterodactyl/public;
index index.php;

access_log /var/log/nginx/pterodactyl.app-access.log;
error_log  /var/log/nginx/pterodactyl.app-error.log error;

# allow larger file uploads and longer script runtimes
client_max_body_size 100m;
client_body_timeout 120s;

sendfile off;

# SSL Configuration
ssl_certificate /etc/letsencrypt/live/hephaestus.thezion.one/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hephaestus.thezion.one/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;

# See https://hstspreload.org/ before uncommenting the line below.
# add_header Strict-Transport-Security "max-age=15768000; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header X-Frame-Options DENY;
add_header Referrer-Policy same-origin;

location / {
    try_files $uri $uri/ /index.php?$query_string;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_redirect off;
	proxy_buffering off;
	proxy_request_buffering off;
}

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTP_PROXY "";
    fastcgi_intercept_errors off;
    fastcgi_buffer_size 16k;
    fastcgi_buffers 4 16k;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    include /etc/nginx/fastcgi_params;
}

location ~ /\.ht {
    deny all;
}

}`

When is start the docker with the panel I receive these errors:
Imgur
Pterodactyl runs on 82 and 442 ports, because on 80 and 443 runs the Nginx Proxy Manager.
What is the problem with this situation?

Copying the Cloudflare Origin CA certs to that location will cause Certbot to fail. Certbot places symlinks to its own cert files in that folder and will fail when it see other files there.

That isn't the reason for the 404 "invalid response" error in your standalone request though.

If you have valid Cloudflare Origin CA cert why do you even need one from Let's Encrypt?

2 Likes

How can I put the Cloudflare Origin CA cert on the Pterodactyl Panel? I don't want another cert from Let's Encrypt, but this is how Pterodactyl Panel works with SSL.

That's a great question for Pterodactyl support or your hosting service :slight_smile:

2 Likes

If you have a working Proxy...
Why don't you use it?
[and put Pterodactyl behind it]

2 Likes

First I did this, but then I had a problem with a plugin for Pterodactyl and I want to try this, but is more simple to put it behind the proxy. Thanks,

1 Like