-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM No Longer Issues SSL Certificates with Cloudflare (includling recent update 2.11.3) #3831
Comments
I'm also having this problem. I was able to get a let's encrypt cert issued two days ago, but now I'm getting various certbot errors. I've been beating my head against this for more than a day now.
|
Jumping on this train myself. I have been running NPM on portainer for the last year or so and ran into the issue a day or two ago. I thought it was something on my side so I spun up a new VM and installed docker and portainer on it. Same error message as before
|
I encountered the same issue as well. Two to three days ago, I purchased a new server and successfully applied for a certificate for a .top domain using Cloudflare's API on the server. Yesterday, I rebuilt the server system and reinstalled the certificate, but the application failed. To verify the source of the problem, I tried to use the certificate on another server that is still in use, but it also failed. After a day of investigation, I determined that the issue is related to the .top domain. Applying for a certificate for such a domain results in the aforementioned error code, while .xyz certificates can be successfully applied in the same environment. |
confirmed, my .top domain is unworkable, but my .cn works, just the same environment. |
There are currently two bugs, one is the NPM version issue, the latest version may present the problem mentioned in the code, it's fine to downgrade to a lower version or use the latest test version, just a heads up, there might be network issues in Mainland China, which was just discovered during the testing process and hasn't been encountered before. The second is the issue with the .top domain, it seems no one has solved it yet, only waiting for the official fix. |
Just did the steps outlined and they worked for me! |
|
I was able to get this working as well. Thanks for the heads up. ** Update *** - Adding the steps from Reddit in case something happens: Got it to work! Using 2.11.1 (may work on latest, but I rolled back to 2.11.1 and it works). Follow these steps: docker exec -it /bin/bash For future people, if for some reason this doesn't work try doing pip uninstall certbot-dns-cloudflare For some reason even if you reinstall the plugin after upgrading pip it will always pull the version that it was installed. |
This does not work on v2.11.1 or the latest image. I have tested this on two systems that were wiped clean. Still results in "Internal Error". |
Not sure what is going on for you, but I was able to get it working with these steps specifically. docker exec -it nginx-app-1 /bin/bash My NPM version in the bottom left says: v2.11.2 © 2024Theme by [Tabler] On Login to the container I am prompted with: and: pip list | grep cloud I'm curious if your message is exactly the same, or different. I can check some versions if that helps, just let me know. |
Removing and adding the certbot-dns-cloudflare fixed the problem for me. |
tbh this sounds really similar to #3592 (workaround in the issue) |
I tried to uninstall and reinstall certbot-dns-cloudflare, but I'm getting an error that it requiers python 3.8, and I looked for it with apt but it looks like the latest verstion avilable inside the container is 3.7
Tried with old versions of the container and with the latest too. ;/ |
doing this inside the container fixed the issue
|
Definitely it is, I am on the same conditions, when I simultaneously added a SSL |
Issue persists even with update 2.11.3. I've contacted my ISP, Let's Encrypt forums, Cloudflare forums.... nothing. A few things that I notice on my fourth clean installation of NPM:
NPM does create an SSL certificate through Cloudflare when using a DNS challenge token, however the connection times out, rendering the SSL certificate useless. It seems the update did nothing to help Cloudflare users...... Frustrating |
I have confirmed, it's Let's Encrypt that caused the issue, I tried other none .top domains, they work fine, I even tried using ACME to get a ssl certificate, and only the .top domain failed, so I think there's nothing to do with Nginx Proxy Manger. |
Hi all, I was having this problem for HOURS and was banging my head all day today. I figured something out about this. In Cloudflare, for my API token, I only had the Zone -> DNS permission for "Edit" enabled. YOU NEED TO MAKE SURE YOU HAVE Zone -> DNS -> Read ALONGSIDE the Edit. You need both or this will not work! Global API keys will not work either. |
Checklist
jc21/nginx-proxy-manager:latest
docker image?Describe the bug
NPM can no longer issue SSL certificates with Cloudfare. I receive "Internal Error" or, when using a DNS challenge, the webpage never loads.
Nginx Proxy Manager Version
latest and dev
To Reproduce
Steps to reproduce the behavior:
Expected behavior
An SSL is issued....
Log.
Deleting file: /data/nginx/proxy_host/2.conf
Deleting file: /data/nginx/proxy_host/2.conf.err
Could not delete file: {
"errno": -2,
"code": "ENOENT",
"syscall": "unlink",
"path": "/data/nginx/proxy_host/2.conf.err"
}
CMD: /usr/sbin/nginx -t -g "error_log off;"
Reloading Nginx
CMD: /usr/sbin/nginx -s reload
Requesting Let'sEncrypt certificates for Cert #6: hass.domain.cc
Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "hass.domain.cc"
Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "hass.domain.cc"
CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "hass.domain.cc"
Deleting file: /data/nginx/temp/letsencrypt_6.conf
CMD: /usr/sbin/nginx -t -g "error_log off;"
Reloading Nginx
CMD: /usr/sbin/nginx -s reload
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
Operating System
Rasbian OS headless
Additional context
This worked just fine two days ago but now it's completely broken. I went and asked the community at letsencrypt.org, however they were persistent that lets encrypt was working fine and that the problem was my domain (hass.domain.cc) not being reachable by HTTP, when I want my domain to be reached only by HTTPS.
I followed the steps at #3824 and those steps did not help. The goal is to get a local server hosted on a port sent through NGM and to my subdomain, and finally issued through HTTPS from Cloudflare. I now have 20 subdomains offline because of this.
The text was updated successfully, but these errors were encountered: