Problem creating Cert with nginx proxy manager

My domain is: zaonpt.com

I ran this command: create "New SSL Certificate" on Ngnix

It produced this output:
Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-10" --agree-tos --authenticator webroot --email "joaohorta@gmail.com" --preferred-challenges "dns,http" --domains "pass.zaonpt.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:326:12)
at ChildProcess.emit (node:events:369:20)
at maybeClose (node:internal/child_process:1067:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

My web server is (include version): Raspberry Pi 4b 4GB

The operating system my web server runs on is (include version): OpenMediaVault 5

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes Nginx Proxy Manager

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i don't know :frowning:

Hi @zaonpt, and welcome to the LE community forum :slight_smile:

Requires the webroot path to be included.

Furthermore, using:

Seem to be hiding important error messages, like:
Fetching http://pass.zaonpt.com/.well-known/acme-challenge/wA_oLWAFYZVRilEXHeYVi1xqIQmUYpHgH6SgeXrpJsI: Timeout during connect (likely firewall problem)
See test: Let's Debug (letsdebug.net)

Also, since you are obviously still learning how to do this, please using the staging environment first, with: --dry-run

I'm a newbie here, can you help me with that pls?
what is that and do I do it?

There are several problems:

  1. The HTTP (TCP port 80) challenge requests can't reach your RPi.
    Make sure the router is port forwarding correctly.
  2. --webroot requires -w /path/to/documents/
    [use the exact same document root path specified in your vhost config for that FQDN]
  3. You need to use --dry-run (while testing) or you will likely hit a rate limit.
    [once the testing is completed you can remove the --dry-run and actually get a real cert]

I dont see "staging" in the Env variables. where should i put the --dry-run?
Also the firewall problem in the "letsdebug" might be my router blockin all this?

  1. It is correct, although my router might be blocking it? is it possible?
  2. 1st: where i write this? 2dn: what documents lol
  3. where i write --dry-run? im using webinterface with nginx on RPI

last.

You need a functional HTTP site before you can secure it.
Can the Internet reach?: http://pass.zaonpt.com/

  • LE can't reach it.
  • Let's Debug can't reach it
  • I can't reach it either.

That is your biggest problem right now.

the plan is to use a reverse proxy to direct data to each stack (tcp port). I do have few sites, on the 80 its nginx proxy manager that should direct (once I figure the SSL certificates problem) to each site.

@rg305 Note that the certbot command is probably integrated in that horrible "nginx proxy manager" thing.. Which is embedded in a Docker container and uses NodeJS......... Sooooo, good luck debugging that :stuck_out_tongue:

1 Like

Yes it is :slight_smile:


My router port forwarding

Geez it's way too late for me to tackle that big of a monster!

nite e nite

1 Like

Are you sure the portmap to 191.168.1.40 for port 80 is correct? (Note: rhetorical question)

2 Likes

OMFG how didnt i see that what???!!??!?!
gonna fix and report back in a mom.

2 Likes

HTTP on port 80 seems to be working now :wink:

2 Likes

HAHAHAHAHAAHHA fixed

i feel really bad to lose you guys time.

I will slap my self ahahaha

3 Likes

Thank you for posting the portmap screenshot. Without it, this thread could have been a whole lot longer :wink:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.