Nginx problem with ssl certificate and lets encrypt

Murdock73 · 18. September 2024

Hi all,

i've installed Nginx proxy manager in a docker on my OMV7.

WebUI is accessible and i've configured a pair of proxy in http with success.

But when I try to get the ssl certificate..... No way!!!!

My ISP router doesn't make possible the forwarding of port 80 (it's reserved) so i've used the port 90 but the SSL request always says "internal error". So i've tried using the DNS challenge with duckdns but, after a longer time, same message: "internal error".

The other problem is that i can't find the log

Code

app-1  | [9/17/2024] [10:16:56 PM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
app-1  | Some challenges have failed.
app-1  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

I can't find the /tmp/letsencrypt-log/letsencrypt.log file, nor the log directory. In the docker compose folder i found some logs but the letsencrypt-requests_error.log file it's empty.

The /tmp folder does not contain any log/file related to Nginx.

Where's is my fault?

Thanks in advance for any help.

Here's my compose configuration for the Nginx proxy manager

Code

services:
  app:
    image: 'docker.io/jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '90:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Alles anzeigen

raulfg3 · 18. September 2024

You need to configure your Router to redirect all request of port 80 to port 90 (to your OMV IP) and same for port 443 ( I use port 444 for that).

If your ISP router doesn't make possible the forwarding of port 80 (it's reserved) , you need to see how to change this.

example: I have a O2 router that reserve port 80 for O2 maintenance, only need to enter on advanced parameters and disble remote monitoring, to free port 80, so now I can use letsencrypt.

please see my signature.

Murdock73 · 21. September 2024

Thanks raulfg3 for your reply, and for your NPM guide too.

I've contacted the isp for the port forwarding of the port 80 but with no succes at the moment. No workaround found

Thormir84 · 22. September 2024

If you need to create a certificate for a container with MACVLAN, you need (for the first request but not for renew) to redirect port 81 (i don't know why, but it works).

I don't know if this works for your problem with port 80, but you can try.

IMPORTANT: Close port 81 immediately after the test, or your NPM will be public accessible.

Murdock73 · 30. September 2024

Today my ISP allowed my router to forward port 80, the certificates creation now works

thanks

Jetzt mitmachen!