Hello good evening. i need your help please

I have been searching and searching and I have not been able to find a solution to this error, I ask the AI's and they tell me different things and it does not work.

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1105:16)
at ChildProcess._handle.onexit (node:internal/child_process:305:5)

I am recently starting to use docker and I want to use nginix proxy manager + duck dns to get a ssl certificate and I get that.

You have chosen one of the hardest systems to debug when it goes wrong. NPM hides the original error and instead shows useless info (among other things).

If you can find and post the contents of the below log file we may be able to help. If you can't, we will need far more info than what you have provided. Without that log, please fill out as much as you can from the form you were shown when posting in the Help area. I include that form below

/tmp/letsencrypt-log/letsencrypt.log

=====================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

Domain: minubepersonal.duckdns.org
certbot: 2.8.0

how to mount the container:

nginx version:
version: '3.8'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt

what the log showed:

2024-02-19 03:10:43,140:DEBUG:certbot._internal.main:certbot version: 2.8.0
2024-02-19 03:10:43,140:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-02-19 03:10:43,140:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-22', '--agree-tos', '--authenticator', 'webroot', '--email', 'hostingmiopags@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'minubepersonal.duckdns.org']
2024-02-19 03:10:43,140:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-02-19 03:10:43,173:DEBUG:certbot._internal.log:Root logging level set at 30
2024-02-19 03:10:43,189:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-02-19 03:10:43,189:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fea145471d0>
Prep: True
2024-02-19 03:10:43,189:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fea145471d0> and installer None
2024-02-19 03:10:43,190:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-02-19 03:10:43,332:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1555040237', new_authzr_uri=None, terms_of_service=None), 18c04b77fc1046b1e4882d3a504c3509, Meta(creation_dt=datetime.datetime(2024, 2, 5, 16, 37, 30, tzinfo=), creation_host='e853712e3f58', register_to_eff=None))>
2024-02-19 03:10:43,333:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-02-19 03:10:43,342:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-02-19 03:10:43,764:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-02-19 03:10:43,765:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Feb 2024 03:10:43 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"fWqWFW9HPzQ": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-02-19 03:10:43,768:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for minubepersonal.duckdns.org
2024-02-19 03:10:43,775:DEBUG:acme.client:Requesting fresh nonce
2024-02-19 03:10:43,775:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-02-19 03:10:43,886:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-02-19 03:10:43,886:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Feb 2024 03:10:43 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: uxcsyfQjksdEGdlHLyUjkD7bdNrr8-hVFRQhs7Ui1U2oA2e0KFk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2024-02-19 03:10:43,886:DEBUG:acme.client:Storing nonce: uxcsyfQjksdEGdlHLyUjkD7bdNrr8-hVFRQhs7Ui1U2oA2e0KFk
2024-02-19 03:10:43,886:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "minubepersonal.duckdns.org"\n }\n ]\n}'
2024-02-19 03:10:43,900:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU1NTA0MDIzNyIsICJub25jZSI6ICJ1eGNzeWZRamtzZEVHZGxITHlVamtEN2JkTnJyOC1oVkZSUWhzN1VpMVUyb0EyZTBLRmsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "POlRtgNsiDaMZm0IUvnM6UlB8g_-fBYAxUMR-CoyzUuCF7clP8OYwC9bZPkCE6D8I26T_TJbq5VyMbIVFujhI_j2liKxQfzpUhd7HbVSB0hqaGFsVCnmmF-nv8aynmWcn7wDsiS2rW-Pg5CfrN0VThYILiTw_bfSkSEehaYlPj1r13Skg0lbGuYg55TJwVS8aQ1h2oUXjtFwtmaWu2X8UXA4MgqbSBmvhHdb5UYb70i559lBQR4Xq-Vq1_e_xNPj-BYsI2-Er3QOQHX7GwVRjz9PXxwJEVc0Uc2WpVxg_Jgd8yB0kTJc6azBBE9rulRh1GYzCcOGYa5F_QiCpo32zw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1pbnViZXBlcnNvbmFsLmR1Y2tkbnMub3JnIgogICAgfQogIF0KfQ"
}
2024-02-19 03:10:44,044:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 213
2024-02-19 03:10:44,044:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Mon, 19 Feb 2024 03:10:43 GMT
Content-Type: application/problem+json
Content-Length: 213
Connection: keep-alive
Boulder-Requester: 1555040237
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: uxcsyfQjQjszt1Dwj0Yt8eP96iVYXYuUfG-e5VpkrZEvLehVcvo

{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/",
"status": 429
}
2024-02-19 03:10:44,044:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1869, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 137, in new_order
response = self._post(self.directory['newOrder'], order)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 365, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 738, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 751, in _post_once
response = self._check_response(response, content_type=content_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 602, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
2024-02-19 03:10:44,047:ERROR:certbot._internal.log:An unexpected error occurred:
2024-02-19 03:10:44,047:ERROR:certbot._internal.log:Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

You are using the --webroot method which is an HTTP Challenge.

The key error message in that log is below

The above isn't that helpful because you are now temporarily blocked from trying too many times and failing. You will need to wait an hour and try again. If you know how to have NPM use the Let's Encrypt staging system you could try right now as that is the proper LE system for testing.

Or, you can post a log from earlier. Certbot usually keeps older logs but I don't know if NPM retains them.

But, I can make a good guess why your earlier tries failed ... HTTP requests to your domain fail to reach your server. This can be for any number of reasons such as a firewall, the wrong IP in the DNS or bad port assignment in docker. Some residential ISP even block port 80. You need to get HTTP requests working before trying to get certs.

The Let's Debug test site is a helpful tool while debugging a new system setup. You should review and adjust your system setup until this site gives good result

Update: For help configuring your system try the NPM github

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.