Internal Error: Trouble acquiring SSL Certs with Nginx Proxy Manager

Hello Friends:

With apologies that this question (or similar) has probably been asked before. My search didn't unearth one similar enough to my situation (or maybe I didn't understand the replies). Here's my situation:

Initial detail:

  1. My DNS provider: NameCheap (a.k.a., NC)
  2. On NC, I created subdomain: app.example.com
  3. Using a DNS 'A' record, I've pointed that subdomain to my home ISP IP-Address (let pretend that it's: 10.20.30.40).
  4. On my ISP Router, I've port-forwarded ports 80 and 443 to a Fedora/Linux PC configured to run the Nginx Proxy Manager (via its Docker container). This, indidentally, is also the proxy host (the only one that will be managed).
  5. The IP address of that Fedora/Linux PC is: 192.168.1.5
  6. On NC, I generated an API KEY for use with Nginx Proxy Manager (i.e., for its SSL Certs request form).

So, I can successfully reach and log into the Nginx Proxy Manager listening at: http://192.168.1.5:81

I complete the Host details tab as well as the SSL tab for my proxy host entry (again, it's the Fedora/Linux PC), including:

  1. Substituting in my NC API KEY.
  2. Selecting the Use a DNS Challenge method.
  3. Selecting the I Agree to the Let's Encrypt Terms of Service.

Sadly, when I submit the form, I receive the rejection below, which indicates in part:

namecheap._ApiError: 2030288 - Cannot complete this command as this domain is not using proper DNS servers

Error output:

jdoe@fedora$ docker logs --follow nginx-proxy-manager

[12/5/2024] [4:29:05 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf
[12/5/2024] [4:29:05 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf.err
[12/5/2024] [4:29:05 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "code": "ENOENT",
  "syscall": "unlink",
  "path": "/data/nginx/proxy_host/1.conf.err"
}
[12/5/2024] [4:29:05 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[12/5/2024] [4:29:05 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[12/5/2024] [4:29:05 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[12/5/2024] [4:29:05 PM] [Certbot  ] › ▶  start     Installing namecheap...
[12/5/2024] [4:29:05 PM] [Global   ] › ⬤  debug     CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir  certbot-dns-namecheap~=1.0.0  && deactivate
[12/5/2024] [4:29:06 PM] [Certbot  ] › ☒  complete  Installed namecheap
[12/5/2024] [4:29:06 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates via Namecheap for Cert #13: app.example.com
[12/5/2024] [4:29:06 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-13' --agree-tos --email 'jdoe@example.com' --domains 'app.example.com' --authenticator 'dns-namecheap' --dns-namecheap-credentials '/etc/letsencrypt/credentials/credentials-13' 
[12/5/2024] [4:29:06 PM] [Global   ] › ⬤  debug     CMD: certbot certonly --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-13' --agree-tos --email 'jdoe@example.com' --domains 'app.example.com' --authenticator 'dns-namecheap' --dns-namecheap-credentials '/etc/letsencrypt/credentials/credentials-13' 
[12/5/2024] [4:29:13 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[12/5/2024] [4:29:13 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[12/5/2024] [4:29:13 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[12/5/2024] [4:29:13 PM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Encountered exception during recovery: lexicon._private.providers.namecheap._ApiError: 2030288 - Cannot complete this command as this domain is not using proper DNS servers
An unexpected error occurred:
lexicon._private.providers.namecheap._ApiError: 2030288 - Cannot complete this command as this domain is not using proper DNS servers
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

PS: I'm in contact with NameCheap, but their responses so far haven't been well-written. I'm awaiting better responses from them.

Thank you in advance for your help. :smiling_face:

2 Likes

Welcome back!

Withholding your actual domain name will certainly make getting help from this forum harder.

Error says something about proper DNS servers—verify that your domain's NSes point to NameCheap's nameservers. You can also try running it through this service: https://dnsviz.net/ — it may or may not unearth if something is amiss.

4 Likes

Hello again.

Well, working with NameCheap I was able to unearth the source of this issue, which I hope will help others encountering it.

NameCheap offers three DNS solution infrastructures:

  1. BasicDNS
  2. PremiumDNS
  3. Web Hosting DNS

The third solution is automatically applied to domains whose websites are hosted atop NameCheap's Web Hosting product. Sadly, the DNS solution infrastructure packaged into that Web Hosting product isn't exposed to NameCheap's API (only the first two options are). I was able to confirm this with another domain I own that uses BasicDNS, and the Nginx Proxy Manager SSL Cert request succeeded it.

I certainly hope these details help others. NameCheap won't pose an issue unless your domain is tied to it's Web Hosting DNS solution (i.e., API requests for Let's Encrypt SSL Certificates will succeed for domains using their BasicDNS or PremiumDNS solution).

4 Likes

A post was split to a new topic: net::ERR_CERT_AUTHORITY_INVALID