Some challenges have failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: raspslabhomer.duckdns.org

I ran this command:

It produced this output:

My web server is (include version):raspberry pi

The operating system my web server runs on is (include version):Ubuntu 23.10

My hosting provider, if applicable, is:duckdns.org

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.5.0

Hi I hope someone can help me I have installed nginx proxy manager on docker. But when I try to add a proxy host i get Internal Error when I look in the portainer logs I get back [1/10/2024] [5:33:01 PM] [Express ] › warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "myemailaddress" --preferred-challenges "dns,http" --domains "my domain"

I have more logs in the container at tmp/letsencrypt-log if needed.

Regards

Please show us. That line doesn't tell us very much. You might also want to show us your docker-compose.yml (don't publish secrets)

Hi @kevinebanks, and welcome to the LE community forum

Is that Nginx Proxy Manager?

This is my docker compose file and it is for Nginx Proxy Manager.

version: '3.8'
---
volumes:
  nginxproxymanager-data:
  nginxproxymanager-ssl:
  nginxproxymanager-db:
services:
  nginxproxymanager:
    image: jc21/nginx-proxy-manager:2.10.3
    ports:
      - 82:80
      - 81:81
      - 443:443
    environment:
      - DB_MYSQL_HOST=nginxproxymanager-db
      - DB_MYSQL_PORT=3306
      - DB_MYSQL_USER=****
      - DB_MYSQL_PASSWORD=****
      - DB_MYSQL_NAME=****
    volumes:
      - nginxproxymanager-data:/data
      - nginxproxymanager-ssl:/etc/letsencrypt
  nginxproxymanager-db:
    image: jc21/mariadb-aria:10.4.15
    environment:
      - MYSQL_ROOT_PASSWORD=*****
      - MYSQL_DATABASE=****
      - MYSQL_USER=*****
      - MYSQL_PASSWORD=*****
    volumes:
      - nginxproxymanager-db:/var/lib/mysql

You're exposing npm port 80 as host port 82?

That's not going to work. Validation needs port 80 (external)

o.k. change the docker compose file back to 80:80 , 81:81 , 443:443 stop all other container in portainer. when I run docker up getting error below. no other containers are running on docker.

Error response from daemon: driver failed programming external connectivity on endpoint nginxproxymanager-nginxproxymanager-1 (e50df1d358915c8eef9af2c3bdc6ac41b0bed2115b2bbde53d1d2fe0711506a6): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

Check wiith sudo ss -tlpn src :80

It should tell you what is keeping port 80 "in use" -- if it doesn't show anything, you can either wait, restart networking, or reboot.

this is the output not sure way apache

sudo ss -tlpn src :80

State   Recv-Q  Send-Q  Local Address:Port  Peer Address:Port  Process
LISTEN  0       511                 *:80               *:*     users:(("apache2",pid=65671,fd=4),("apache2",pid=65670,fd=4),("apache2",pid=852,fd=4))

There's an apache2 server running. You're the only person that knows if it's supposed to be running or not.

o.k. have sudo apt-get purge apache2 run sudo ss -tlpn src :80 again

State   Recv-Q  Send-Q  Local Address:Port  Peer Address:Port  Process
LISTEN  0       4096          0.0.0.0:80         0.0.0.0:*     users:(("docker-proxy",pid=294192,fd=4))
LISTEN  0       4096             [::]:80            [::]:*     users:(("docker-proxy",pid=294199,fd=4))

tried adding new proxy host same error

Check with docker ps --filter "publish=80"

docker ps --filter "publish=80"

CONTAINER ID  IMAGE                            COMMAND  CREATED         STATUS         PORTS                        NAMES
cca4f81ba895  jc21/nginx-proxy-manager:2.10.3  "/init"  16 minutes ago  Up 16 minutes  0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginxproxymanager-nginxproxymanager-1

It's running already, then. What happens if you docker compose up?

proxy manager container starts o.k. I tried adding new proxy host via duckdns same error in proxy manager container logs warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "myemailaddress" --preferred-challenges "dns,http" --domains "my domain"

That tells me nothing. What does the log say?

_nginxproxymanager-nginxproxymanager-1_logs (1).txt (4.5 KB)

Had to edit secrets

Your domain name is not a secret, and I need the certbot log, not the NPM log.

It looks like something else is answering:

$ curl -iL raspslabhomer.duckdns.org
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Wed, 10 Jan 2024 20:33:28 GMT
Content-Length: 19

404 page not found

o.k. np is this the certbot if not could you let me know where located.
letsencrypt.txt (18.5 KB)

_duckdns_logs (1).txt (4.3 KB)

This is the interesting part:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: raspslabhomer.duckdns.org
  Type:   unauthorized
  Detail: 80.229.136.201: Invalid response from http://raspslabhomer.duckdns.org/.well-known/acme-challenge/yQV316-Duc6NjEDa5Woyr2XgHkV11P3JH9_A7OMLF90: 404

Are you sure requests to 80.229.136.201:80 reach your NPM container? Did you configure port forwarding on your home router?