It seems I am having problems to update my SSL certificates:
[07/Sep/2021:13:12:19 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/api/webhook/a0a69523ad0240975cf1960414a68d7140e35c4f0fce97333e5e2146b2bc2e7f" [Client 83.135.88.74] [Length 433] [Gzip -] [Sent-to 192.168.178.108] "Home Assistant/2021.8 (io.robbie.HomeAssistant; build:2021.216; iOS 14.7.1)" "-"
[07/Sep/2021:13:12:20 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/auth/token" [Client 83.135.88.74] [Length 220] [Gzip -] [Sent-to 192.168.178.108] "Home Assistant/2021.8 (io.robbie.HomeAssistant; build:2021.216; iOS 14.7.1) Alamofire/5.4.3" "-"
[07/Sep/2021:13:12:27 +0200] - 101 101 - GET https abcdef.qwertz.duckdns.org "/api/websocket" [Client 83.135.88.74] [Length 189843] [Gzip -] [Sent-to 192.168.178.108] "Home Assistant/2021.8 (io.robbie.HomeAssistant; build:2021.216; iOS 14.7.1)" "-"
[07/Sep/2021:13:22:05 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/api/webhook/a0a69523ad0240975cf1960414a68d7140e35c4f0fce97333e5e2146b2bc2e7f" [Client 83.135.88.74] [Length 245] [Gzip -] [Sent-to 192.168.178.108] "Home Assistant/2021.8 (io.robbie.HomeAssistant; build:2021.216; iOS 14.7.1)" "-"
[07/Sep/2021:13:22:05 +0200] - 101 101 - GET https abcdef.qwertz.duckdns.org "/api/websocket" [Client 83.135.88.74] [Length 163] [Gzip -] [Sent-to 192.168.178.108] "Home Assistant/2021.8 (io.robbie.HomeAssistant; build:2021.216; iOS 14.7.1)" "-"
[9/7/2021] [1:28:32 PM] [SSL ] āŗ ā¹ info Renewing SSL certs close to expiry...
[07/Sep/2021:13:30:43 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/api/webhook/77da5ad6e8ce8e93aa59b796f8c0d0714d7e420a0e704d86ad93b0e3544120aa" [Client 83.135.88.74] [Length 42] [Gzip -] [Sent-to 192.168.178.108] "okhttp/4.9.1" "-"
[9/7/2021] [1:36:09 PM] [SSL ] āŗ ā error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Challenge failed for domain ghijkl.qwertz.duckdns.org
Failed to renew certificate npm-2 with error: Some challenges have failed.
Challenge failed for domain mnopqrs.qwertz.duckdns.org
Failed to renew certificate npm-4 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-2/fullchain.pem (failure)
/etc/letsencrypt/live/npm-4/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:315:20)
at maybeClose (internal/child_process.js:1048:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)
[07/Sep/2021:13:45:46 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/api/webhook/77da5ad6e8ce8e93aa59b796f8c0d0714d7e420a0e704d86ad93b0e3544120aa" [Client 83.135.88.74] [Length 42] [Gzip -] [Sent-to 192.168.178.108] "okhttp/4.9.1" "-"
[07/Sep/2021:13:45:46 +0200] - 200 200 - POST https abcdef.qwertz.duckdns.org "/api/webhook/77da5ad6e8ce8e93aa59b796f8c0d0714d7e420a0e704d86ad93b0e3544120aa" [Client 83.135.88.74] [Length 42] [Gzip -] [Sent-to 192.168.178.108] "okhttp/4.9.1" "-"
Connection Error: Error: read ECONNRESET
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Both certificates (ghijkl.qwertz.duckdns.org, mnopqrs.qwertz.duckdns.org) have been deleted months ago. Why is nginx still trying to update them?
The problem is that because of this my still active certificates are also not updated!
These forums have generally been super helpful for me, but so far I havenāt seen anyone describing the exact issue Iām having.
I have Nginx Proxy Manager installed on my homeassistant instance on my raspberry pi. Iāve got it all set up so I can access homeassistant.mydomain.com and it takes me to my homeassistant instance. Excellent!
Now I want to expose other things on my local network using additional subdomains. I go through the same steps to add additional proxy hosts for these new subdomains (which Iāve pointed to my public IP address via my DNS) but when I visit any of the subdomains it takes me to my homeassistant login page instead of the destination IP address Iāve set.
Iāve tried doing this to access my synology server, plex server, and even tried to access the Nginx Proxy Manager this way and they all had the same behavior of just routing me to my Home Assistant instance. Iāve played with http vs https, web sockets support enabeld vs not, and am running out of ideas.
I donāt have much background managing networks so a lot of this is new for me, and Iād appreciate any suggestions about what I may be missing!
When I try to generate a new SSL Certificate I get a message that says Internal Error and I donāt know how to troubleshoot that further. So I was just trying to use no SSL and route with http.
Just to try all options I tried using my existing certificate and ā¦ that worked! Wow, not sure why/how I didnāt try that combo. Thank you! Thank you!
Can you confirm that your router has the port forward menu accessible and you forwarded ports 443 and 80?
Without further information about your internet connection (mobile/wired/PPPOE/FTTH/FTTB/etc.) and your LAN (ie. HA directly connected to the ISPās router or double NAT, either by running through a second router or having HA as a VM running with NAT instead of bridged adapter etc.) it would be difficult to provide any advice.
I open login invitation remotely.
It means this: The provider gives me the Internet with a wire, I connect it to the router via PPPOE with a login and password, the provider gives me (and maybe not only me) a dynamic IP, I convert it to a domain name using duckdns .org, on the network I have a normal subnet with a mask of 24, dns 8.8.8.8, just discovered that I can log in remotely with the add-on disabled, which means the duckdns add-on decides it for me. now it is clear why I can log in remotely. then the ports are forwarded, but they are not used by those for whom they are intended. this is bad.
Just to be sure: on the router, the port 80 is forwarded to 80 and 443 is forwarded to 443 (not to 8123) of the device running NPM addon (which might be or might be not the same as the one running HA)?
And you have registered a domain with DuckDNS and installed the DuckDNS addon from the addon store and that shows you something like
NOCHANGE
[14:35:35] INFO: OK
11.22.33.44
?
Have you tried to use before other reverse proxy server from the addon store (such as NGINX Home Assistant SSL proxy)?
My guess is that Letās Encrypt doesnāt renew your previous hasubdomain1.domain.duckdns.org to be used on the new installation so you could try with a new subdomain.
Does someone know how bugs in Nginx proxy manager can be addressed?
I wrote an issue on github because after deleting two Proxy Hosts and their SSL certificates, Nginx proxy manager still tries to update them although they do not exist. This produces an error and all other still existing SSL cerificates are not updated.
But nobody is reacting on the issue since months! This is really sad!