Internal Error When Adding Let’s Encrypt Certificate in Nginx Proxy Manager

Hi everyone,

I’m facing an issue while trying to add a Let’s Encrypt SSL certificate in Nginx Proxy Manager for the domain equipopi.duckdns.org. Below is the error I receive along with relevant logs and setup details.

Error Message:

less

Copiar código

Add Let's Encrypt Certificate
Internal Error
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:519:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:1151:5)

Logs:

rust

Copiar código

2024-09-29 13:36:27 app-1  | [9/29/2024] [11:36:27 AM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf
2024-09-29 13:36:27 app-1  | [9/29/2024] [11:36:27 AM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf.err
2024-09-29 13:36:27 app-1  | [9/29/2024] [11:36:27 AM] [Nginx    ] › ⬤  debug     Could not delete file: {
2024-09-29 13:36:27 app-1  |   "errno": -2,
2024-09-29 13:36:27 app-1  |   "code": "ENOENT",
2024-09-29 13:36:27 app-1  |   "syscall": "unlink",
2024-09-29 13:36:27 app-1  |   "path": "/data/nginx/proxy_host/1.conf.err"
2024-09-29 13:36:27 app-1  | }
2024-09-29 13:36:32 app-1  | [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #6: equipopi.duckdns.org
2024-09-29 13:36:32 app-1  | [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "josemanuel060407@icloud.com" --preferred-challenges "dns,http" --domains "equipopi.duckdns.org" 
2024-09-29 13:37:21 app-1  | [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
2024-09-29 13:37:21 app-1  | Some challenges have failed.
2024-09-29 13:37:21 app-1  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Setup Details:

  • Platform: Nginx Proxy Manager
  • Domain: equipopi.duckdns.org
  • Error occurs when trying to obtain an SSL certificate from Let’s Encrypt
  • Let’s Encrypt account is properly configured
  • Ports 80 and 443 are open and accessible

Troubleshooting Steps Taken:

  • Verified DNS settings
  • Confirmed that ports 80 and 443 are open and not blocked by firewall
  • Restarted Nginx Proxy Manager
  • Attempted to renew/reissue the certificate multiple times

Does anyone have any ideas on what might be causing this issue or suggestions for further troubleshooting? Any help would be appreciated.

Thank you in advance!

Best regards,

1 Like

Please provide the /tmp/letsencrypt-log/letsencrypt.log log file as mentioned in the Certbot error.

Also please note that with NPM is very hard to debug issues with Certbot/ACME for some reason (probably incompetence of the developers) and that this also makes NPM a rather disliked piece of software on this Community. Meaning that if for some reason you're not easily able to find the /tmp/letsencrypt-log/letsencrypt.log, please refer to the NPM Community on how and where to find it.

1 Like

I agree with everything Osiris said. But, we have been seeing repeated problems with people using duckdns in recent weeks.

And, this may be affecting you right now. See failures querying their servers: equipopi.duckdns.org | DNSViz

The log file Osiris requested might help to know for sure. But, asking duckdns support about the query failures is probably best.

3 Likes

The file I found is letsencrypt-requests_access.log and the content is as follows:

[29/Sep/2024:10:28:36 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/yv_I7SUe2982BgEYb686TkKVbZ0B7SwCZZfSlWxMFZ0" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:10:28:50 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/yv_I7SUe2982BgEYb686TkKVbZ0B7SwCZZfSlWxMFZ0" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:10:28:54 +0000] 404 - GET http equipopi.duckdns.org "/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=activity" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:10:28:54 +0000] 404 - GET http equipopi.duckdns.org "/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=spreed" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:10:28:54 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/yv_I7SUe2982BgEYb686TkKVbZ0B7SwCZZfSlWxMFZ0" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:10:50:23 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/BzqjyLg5Ij3BclnAPx2Bsba6ofV7waBMV3xKjLHCP0s" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:10:50:41 +0000] 404 - GET http equipopi.duckdns.org "/ocs/v2.php/apps/notifications/api/v2/notifications" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:10:50:41 +0000] 404 - PUT http equipopi.duckdns.org "/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:10:50:41 +0000] 404 - GET http equipopi.duckdns.org "/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=spreed" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:10:50:41 +0000] 404 - GET http equipopi.duckdns.org "/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=activity" [Client 172.19.0.1] [Length 183] [Gzip 3.21] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0" "-"
[29/Sep/2024:11:05:05 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/RxYScHFwUqyk8Q5uqvGkg3KAMVbneDQe-rVEu8ONo_s" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:11:05:18 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/RxYScHFwUqyk8Q5uqvGkg3KAMVbneDQe-rVEu8ONo_s" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:11:05:25 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/RxYScHFwUqyk8Q5uqvGkg3KAMVbneDQe-rVEu8ONo_s" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:11:05:45 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/RxYScHFwUqyk8Q5uqvGkg3KAMVbneDQe-rVEu8ONo_s" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:11:20:25 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/pOhKtX5ReCnGTMqwElqDDyec7w6ZtiSJ39DCiBEoicA" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
[29/Sep/2024:11:36:57 +0000] 200 - GET http equipopi.duckdns.org "/.well-known/acme-challenge/_es7N--E7vej3SFlR-agQ0mbby6hJ4vDZmr76uOa_lg" [Client 172.19.0.1] [Length 87] [Gzip -] "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"

That's not the Certbot log I was referring to.

1 Like