Let's Encrypt certificate request gives error after installing 1.0.1
clousberg opened this issue · 12 comments
Situation
My firewall has a rule to forward external port 80 to internal ip of Home Assistant and port 980.
My NPM has been configured to have the 'HTTP Entrance port' on 980.
DNS has been configured to send request to sub.domain.com to my WAN IP. (yes, in real life sub.domain.com is my real sub-domain)
The last < 1.0 release of NPM worked with the same settings, so nothing changed in here.
I uninstalled the previous NPM and deleted all NPM folders I could find.
After this I installed version 1.0.1.
Problem
"Test Server Reachability" gives "Communication with the API failed, is NPM running correctly?"
"Requesting a new certificate" gives "Internal error", and:
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-10" --agree-tos --authenticator webroot --email "my@email.com" --preferred-challenges "dns,http" --domains "sub.domain.com"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
at ChildProcess.exithandler (node:child_process:422:12)
at ChildProcess.emit (node:events:517:28)
at maybeClose (node:internal/child_process:1098:16)
at ChildProcess._handle.onexit (node:internal/child_process:303:5)
"NPM log" shows:
[1/13/2024] [10:26:01 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #10: sub.domain.com
[1/13/2024] [10:26:01 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-10" --agree-tos --authenticator webroot --email "my@email.com" --preferred-challenges "dns,http" --domains "sub.domain.com"
[1/13/2024] [10:26:17 PM] [Nginx ] › ⬤ debug Deleting file: /config/nginx/temp/letsencrypt_10.conf
[1/13/2024] [10:26:17 PM] [Nginx ] › ℹ info Reloading Nginx
[1/13/2024] [10:26:17 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-10" --agree-tos --authenticator webroot --email "my@email.com" --preferred-challenges "dns,http" --domains "sub.domain.com"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
V1.0.1
Same issue on my side also
After entering shell inside docker container i got the following from letsencrypt.log
docker exec <container name> /bin/bash
cd /tmp/letsencrypt-log
cat letsencrypt.log
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: xxx.xxxxxxx.duckdns.org
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for xxxxxxxx.duckdns.org - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
had the same issue, after waiting some minutes NPM was able to create the certificates.
tried again today to request a certificate at Let's Encrypt, but without success.
Same result as on Sunday.
I don't use Duckdns as I have my own domain.
Also have a similar issue. Using duckdns.
After waiting for several hours it still does not work to create certificates.
I overcame the problem this way: on the router, while receiving the certificate, I opened port 80 - 80.
As far as I know, port 80 should be opened anyway that certbot can be working correctly
As far as I know, port 80 should be opened anyway that certbot can be working correctly
Previously I managed with ports 8123 - 80, but not this time
I have to open the ports 80 and 443 on my FritzBox that NPM is working properly. This was before the update the case and from my perspective nothing changed there.
I have to open the ports 80 and 443 on my FritzBox that NPM is working properly. This was before the update the case and from my perspective nothing changed there.
I thought so too until I started looking for the problem
climbed to https://letsdebug.net/ and found out that he could not access port 80
Strange tool. For my site dns-01 is working but http-01 not. But I requested these days several new certificates?
finally solved the issue!
I thought I hadn't changed anything on my router/firewall, but that was not correct.
Just after the last refresh of the certificate in the previous NPM I added some country restrictions to my firewall.....yes, and this blocked the call from Let's Encrypt to my NPM instance......
I missed this information as my logging wasn't showing the block of the call...
So.....NPM 1.0..1 is running as desired again 😃
(and sorry for any confusing)
Has anyone found a fix to this?