OMV5, NGINX and Let´s Encrypt renewing certificates

Hi

I have had problems renewing the certificates for my domain and subdomains.
I run OMV5 with NGINX and I have subdomains for wordpress, Airsonic, Netdata, pwndrop etc.
Renewing is same problem on all domains and subdomains.
From NGINX I get "internal error" no matter what I do and same error in the NGINX log as described below.
I am NOT a power user but i'll manage...
I have had this problem since 2 months. Had not had the time to fix it since it's not critical.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: brynare.com

I ran this command:

It produced this output:

[Nginx ] › :information_source: info Reloading Nginx

[9/22/2021] [8:43:06 PM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates for Cert #111: music.brynare.com
[9/22/2021] [8:43:11 PM] [Express ] › :warning: warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-111" --agree-tos --email "gnarf@protonmail.com" --preferred-challenges "dns,http" --domains "music.brynare.com"

My web server is (include version):

Wordpress (can't reach it due to certificate issue)

The operating system my web server runs on is (include version): OMV5

My hosting provider, if applicable, is: Porkbun

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Certbot 1.19.0

Hi @Gnarf, welcome to the LE community forum :slight_smile:

Is that about the time your started using CloudFlare?
If not, then have you previously been able to renew any cert through CloudFlare?

Hi and thanks for your answer!

I've had my server up and running about 1.5 years without problems. The autorenew function has had problems on some occasions but now I can't even manually update certificates.
I haven't done any changes to the domain or Cloudflare.

1 Like

OK, let's see what we can do.

Please show the output of:
certbot certificates

And the public contents of this file:
/etc/letsencrypt.ini

And the file:
/etc/letsencrypt/renewal/npm-111.conf

Hi
certbot certificates output:


No certificates found.


The two files does not exist.

Looks like all config and certificates has disappeared but how can that be and why can't I create new ones? I have also tried creating new ones instead of renewing but same error message appear. Will a fresh install om NGINX help you think?

How is that possible?
Are you on the right server?

1 Like

Yes sir, I have only one server and I am logged in as root.

Then you need to go back a few steps...
And get a (new) cert.

I've already tried that. I deleted and got a new but no luck =(

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Socket.<anonymous> (internal/child_process.js:444:11)
at Socket.emit (events.js:314:20)
at Pipe.<anonymous> (net.js:675:12)

[9/23/2021] [7:58:03 PM] [SSL ] › :information_source: info Renewing SSL certs close to expiry...
[9/23/2021] [8:03:46 PM] [SSL ] › :heavy_multiplication_x: error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-16 with error: Some challenges have failed.
Failed to renew certificate npm-17 with error: Some challenges have failed.
Failed to renew certificate npm-20 with error: Some challenges have failed.
Failed to renew certificate npm-21 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-16/fullchain.pem (failure)
/etc/letsencrypt/live/npm-17/fullchain.pem (failure)
/etc/letsencrypt/live/npm-20/fullchain.pem (failure)
/etc/letsencrypt/live/npm-21/fullchain.pem (failure)
4 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Socket. (internal/child_process.js:444:11)
at Socket.emit (events.js:314:20)

Creating a new certificates via NGINX gives "internal error" in NGINX and this in the logs:

[9/23/2021] [8:44:16 PM] [Nginx ] › :information_source: info Reloading Nginx

[9/23/2021] [8:44:16 PM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates for Cert #119: drop.brynare.com

[9/23/2021] [8:44:30 PM] [Nginx ] › :information_source: info Reloading Nginx

[9/23/2021] [8:44:30 PM] [Express ] › :warning: warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-119" --agree-tos --email "gnarf@protonmail.com" --preferred-challenges "dns,http" --domains "drop.brynare.com"

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Some challenges have failed.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[9/23/2021] [8:46:38 PM] [Nginx ] › :information_source: info Reloading Nginx

[9/23/2021] [8:46:40 PM] [Nginx ] › :information_source: info Reloading Nginx

There is not enough information to work with.

The last Lets Encrypt certificate you had expired 2021-04-12 crt.sh | brynare.com

1 Like

Problably right... Have had a very busy summer. The server has been up and runing however those things have not been functioning...

I've tried that as well. The other day i'v even tried getting a cloudflkare cert with 15years of expiry time...so I guess the problem is not in the Certbot but somewhere elsa... still clueless

@Gnarf What problem are you trying to resolve?

When I visit your site with a browser I get an "Error 1020" from Cloudflare. These are not related to certificates but to firewall settings. I got the same msg with music.brynare.com and drop.brynare.com.

Further, using openssl I see your server sends the Cloudflare cert you got in June which is good thru Jun 2022. I don't see that your past Lets Encrypt certificates are being used.

See this Cloudflare community topic to fix the 1020 message:

1 Like

Thank you! I will try that

1 Like