Interner Error | ssl certifcate

image768×908 81.2 KB

I want to create a ssl certifcate but this comes out

Error in docker log:

[5/2/2023] [8:03:12 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf
[5/2/2023] [8:03:12 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf.err
[5/2/2023] [8:03:12 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "syscall": "unlink",
  "code": "ENOENT",
  "path": "/data/nginx/proxy_host/2.conf.err"
}
[5/2/2023] [8:03:12 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/2/2023] [8:03:17 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #12: subdomain.de
[5/2/2023] [8:03:17 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-12" --agree-tos --authenticator webroot --email "mail@outlook.de" --preferred-challenges "dns,http" --domains "subdomain.de"
[5/2/2023] [8:03:20 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_12.conf
[5/2/2023] [8:03:20 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/2/2023] [8:03:20 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-12" --agree-tos --authenticator webroot --email "mail@outlook.de" --preferred-challenges "dns,http" --domains "subdomain.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

LG
TheDoDo

You got a cert on May2 so what did you change since then? And, why do you need another cert after getting one so recently?

The messages you show are not specific for Let's Encrypt. We could look at the below log to see if anything has gone wrong but the other error messages look like problems with the ACME SSL Client setup and not LE.

If you could copy the letsencrypt.log to a .txt file and use the upload button on this forum post. Or, if you copy/paste the (long) output of the whole file please add 3 backticks before and after like:
```
contents of /tmp/letsencrypt-log/letsencrypt.log
```

i never had a zergatik
it does not find the /tmp/letsencrypt-log/letsencrypt.log

[5/3/2023] [7:22:28 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/1.conf
[5/3/2023] [7:22:28 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/3/2023] [7:23:40 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf
[5/3/2023] [7:23:40 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "syscall": "unlink",
  "code": "ENOENT",
  "path": "/data/nginx/proxy_host/2.conf"
}
[5/3/2023] [7:23:40 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/2.conf.err
[5/3/2023] [7:23:40 PM] [Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "syscall": "unlink",
  "code": "ENOENT",
  "path": "/data/nginx/proxy_host/2.conf.err"
}
[5/3/2023] [7:23:40 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/3/2023] [7:23:45 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #3: portainer.the-dodo.de
[5/3/2023] [7:23:45 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-3" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de" 
[5/3/2023] [7:23:48 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_3.conf
[5/3/2023] [7:23:48 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/3/2023] [7:23:48 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-3" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de" 
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Try using:
sudo cat /tmp/letsencrypt-log/letsencrypt.log

Then you may need to [re]make the directory.

I have created the file in the pfahrt and tried this again

image519×614 16.9 KB

and the error is

[5/3/2023] [7:35:34 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf
[5/3/2023] [7:35:34 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf.err
[5/3/2023] [7:35:34 PM] [Nginx ] › ⬤ debug Could not delete file: {
"errno": -2,
"syscall": "unlink",
"code": "ENOENT",
"path": "/data/nginx/proxy_host/2.conf.err"
}
[5/3/2023] [7:35:34 PM] [Nginx ] › info Reloading Nginx
[5/3/2023] [7:35:39 PM] [SSL ] › info Requesting Let'sEncrypt certificates for Cert #6: portainer.the-dodo.de
[5/3/2023] [7:35:39 PM] [SSL ] › info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
[5/3/2023] [7:35:41 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_6.conf
[5/3/2023] [7:35:41 PM] [Nginx ] › info Reloading Nginx
[5/3/2023] [7:35:41 PM] [Express ] › warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Wait an hour and retry.

okay ...

Is the directory ready?

Please show:
ls -l /tmp/letsencrypt-log/
sudo cat /tmp/letsencrypt-log/letsencrypt.log

I have the same promble when I use npm, and I got this in letsencrypt.log

2023-05-04 13:29:29,674:DEBUG:certbot._internal.main:certbot version: 2.4.0
2023-05-04 13:29:29,675:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-05-04 13:29:29,675:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-1', '--agree-tos', '--authenticator', 'webroot', '--email', 'rundaz@icloud.com', '--preferred-challenges', 'dns,http', '--domains', 'npm.rumda.cn']
2023-05-04 13:29:29,675:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-05-04 13:29:29,686:DEBUG:certbot._internal.log:Root logging level set at 30
2023-05-04 13:29:29,687:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-05-04 13:29:29,689:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f6ada570e10>
Prep: True
2023-05-04 13:29:29,689:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f6ada570e10> and installer None
2023-05-04 13:29:29,689:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None2023-05-04 13:29:29,813:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-05-04 13:29:29,815:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:4432023-05-04 13:30:18,390:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 429, in connect
    tls_in_tls=tls_in_tls,
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
    sock, context, tls_in_tls, server_hostname=server_hostname
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
socket.timeout: _ssl.c:1039: The handshake operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 499, in send
    timeout=timeout,
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 788, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/retry.py", line 550, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/packages/six.py", line 770, in reraise
    raise value
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen
    chunked=chunked,
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 389, in _make_request
    self._raise_timeout(err=e, url=url, timeout_value=conn.timeout)
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 341, in _raise_timeout
    self, url, "Read timed out. (read timeout=%s)" % timeout_value
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1579, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 830, in _init_le_client
    acc, acme = _determine_account(config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 739, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 207, in register
    acme = acme_from_config_key(config, key)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 72, in acme_from_config_key
    directory = acme_client.ClientV2.get_directory(config.server, net)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 303, in get_directory
    return messages.Directory.from_json(net.get(url).json())
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 678, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 620, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 578, in send
    raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
2023-05-04 13:30:18,392:ERROR:certbot._internal.log:An unexpected error occurred:
2023-05-04 13:30:18,392:ERROR:certbot._internal.log:requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

[5/4/2023] [1:06:12 PM] [SSL ] › info Renewing SSL certs close to expiry...
[5/4/2023] [1:06:12 PM] [IP Ranges] › info Fetching IP Ranges from online services...
[5/4/2023] [1:06:12 PM] [IP Ranges] › info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/4/2023] [1:06:12 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v4
[5/4/2023] [1:06:12 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v6
[5/4/2023] [1:06:12 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [1:06:12 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [1:06:12 PM] [SSL ] › info Renew Complete
[5/4/2023] [2:06:12 PM] [SSL ] › info Renewing SSL certs close to expiry...
[5/4/2023] [2:06:12 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [2:06:12 PM] [SSL ] › info Renew Complete
[5/4/2023] [3:06:12 PM] [SSL ] › info Renewing SSL certs close to expiry...
[5/4/2023] [3:06:12 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [3:06:12 PM] [SSL ] › info Renew Complete
[5/4/2023] [3:18:28 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf
[5/4/2023] [3:18:28 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/2.conf.err
[5/4/2023] [3:18:28 PM] [Nginx ] › ⬤ debug Could not delete file: {
"errno": -2,
"syscall": "unlink",
"code": "ENOENT",
"path": "/data/nginx/proxy_host/2.conf.err"
}
[5/4/2023] [3:18:28 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [3:18:33 PM] [SSL ] › info Requesting Let'sEncrypt certificates for Cert #8: portainer.the-dodo.de
[5/4/2023] [3:18:33 PM] [SSL ] › info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
[5/4/2023] [3:18:36 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_8.conf
[5/4/2023] [3:18:36 PM] [Nginx ] › info Reloading Nginx
[5/4/2023] [3:18:36 PM] [Express ] › warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

@Rumdaz, please open your own HELP TOPIC.

Probably incorrect:

what do you mean ?

I mean...
Perhaps the current permissions don't allow the software to use that file.
Under which user does it run?

so Nginx Proxy manager runs on docker ... and I also make the ssl requests through it
with the user permissions I unfortunately dont know