Installed DuckDNS and got a domain. Was suggested to us Nginx Proxy Manager. Followed the gif in the docs. Both ports forwarded. When trying to add SSL to the host it just throws Internal Error. I tried using homeassistant as the URL and just the IP address. No change. What else do I need to do?
I’m wanting to use the Nginx proxy manager and am getting the exact same issue,
“192.168.86.207:81 says Internal Error” was a solution ever found for this
[4/9/2020] [4:51:07 PM] [Express ] › warning Command failed: /usr/bin/certbot certonly --non-interactive --config “/etc/letsencrypt.ini” --cert-name “npm-14” --agree-tos --email “[email protected]” --preferred-challenges “dns,http” --webroot --domains “xxxxxx.duckdns.org”
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxx.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification…
Challenge failed for domain xxxxxx.duckdns.org
http-01 challenge for xxxxxx.duckdns.org
Cleaning up challenges
Some challenges have failed.
After spending quite a few hours, trying to set this up I have come down to the following things that worked for me, maybe it will help someone:
First create a duckdns account and setup the DuckDNS addon on Hass.io. If you have your own domain you can add a subdomain A record to resolve to your public IP and not use DuckDNS at all.
if you use DuckDNS, allow DuckDNS addon to create the cert
Forward Port 80 on Router to Port 80 of Hass.io IP
Forward Port 443 on Router to Port 443 of Hass.io IP
It will even help if your Hassio instance on your network gets the same IP every time
For the above 2 make sure your ISP does not block those 2 ports. It is very important that when a https request is made to the domain, it needs to resolve to the Hassio machine.
Comment out/remove the http: line from your configuration.yaml (I had to do this to get it to work)
Next steps are what is described in this addon’s documentation
Now add the domain in NGinx Proxy Manager, set the scheme to http, forward hostname/ip to 192.168.x.x (this should be the IP of your Hassio) and port to 8123
The domain should now be accessible without https (this is why you had port 80 mapped to Hassio)
Now edit the Proxy entry, go to SSL tab, select "Request a new SSL certificate", select "Force SSL" and click save
That should be it, now your Hassio interface should be accessible at https://your.domain.com
I’m following your steps, but I’m facing some issues,
I did forward the ports on my router I installed the NGinx Proxy Manager i create teh proxy host to
I have the same issue
I installed the addon
on my router I forwarded both public ports 80 and 443 to the IP address where he NPM is installed on my HASS
I am able to login into NPM admin page and change password ets.
I cannot get a Letsencrypt SSL certificate it gives me an internal error and it fails
I set the proxy to forward my duckdns subdomain to my local IP address of the HASS install on port 8123. when I try accessing thru the subdomain without SSL it also fails
Please help If you can.
Maybe its too late but, are you trying from your local ip or your ddns domain? I was doing it from my ddns and allways fail. Use your local ip on nginx dashboard
Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "j**********[email protected]" --preferred-challenges "dns,http" --domains "homeassistant.h*****s.org"
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for homeassistant.h*****s.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain homeassistant.h*****s.org
http-01 challenge for homeassistant.h*****s.org
Cleaning up challenges
Some challenges have failed.
at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:315:20)
at maybeClose (internal/child_process.js:1048:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)
HA NPM Reg
Copy to clipboard
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] permissions: applying...
[fix-attrs.d] permissions: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Add-on: Nginx Proxy Manager
Manage Nginx proxy hosts with a simple, powerful interface
-----------------------------------------------------------
Add-on version: 0.11.0
You are running the latest version of this add-on.
System: Home Assistant OS 5.13 (amd64 / qemux86-64)
Home Assistant Core: 2021.5.5
Home Assistant Supervisor: 2021.04.3
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] mysql.sh: executing...
[cont-init.d] mysql.sh: exited 0.
[cont-init.d] nginx.sh: executing...
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] npm.sh: executing...
[cont-init.d] npm.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[17:53:41] INFO: Starting NGinx...
[17:53:41] INFO: Starting the Manager...
[5/21/2021] [5:53:42 PM] [Migrate ] › ℹ info Current database version: 20210210154703
[5/21/2021] [5:53:42 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[5/21/2021] [5:53:42 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/21/2021] [5:53:43 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[5/21/2021] [5:53:43 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[5/21/2021] [5:53:43 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[5/21/2021] [5:53:43 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[5/21/2021] [5:53:43 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[5/21/2021] [5:53:43 PM] [Global ] › ℹ info Backend PID 537 listening on port 3000 ...
[5/21/2021] [5:53:44 PM] [Nginx ] › ℹ info Reloading Nginx
[5/21/2021] [5:53:44 PM] [SSL ] › ℹ info Renew Complete
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
[5/21/2021] [5:54:50 PM] [Nginx ] › ℹ info Reloading Nginx
[5/21/2021] [5:54:50 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #31: homeassistant.h*****s.org
[5/21/2021] [5:54:56 PM] [Nginx ] › ℹ info Reloading Nginx
[5/21/2021] [5:54:56 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-31" --agree-tos --email "j**********[email protected]" --preferred-challenges "dns,http" --domains "homeassistant.h*****s.org"
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for homeassistant.h*****s.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain homeassistant.h*****s.org
http-01 challenge for homeassistant.h*****s.org
Cleaning up challenges
Some challenges have failed.
I am still unable to get nginx Proxy manager to work properly… i’m constantly met with errors even when following the directions to the T… can anyone help please?
ui says: Internal Error
log says:
[10/26/2021] [9:08:34 AM] [Nginx ] › ℹ info Reloading Nginx
[10/26/2021] [9:08:34 AM] [SSL ] › ℹ info Renew Complete
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
[10/26/2021] [9:31:50 AM] [Nginx ] › ℹ info Reloading Nginx
[10/26/2021] [9:31:50 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #1: XXXXredacted.duckdns.org
[10/26/2021] [9:32:03 AM] [Nginx ] › ℹ info Reloading Nginx
[10/26/2021] [9:32:03 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "XXXXredacted.duckdns.org"
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for XXXXredacted.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain XXXXredacted.duckdns.org
http-01 challenge for XXXXredacted.duckdns.org
Cleaning up challenges
Some challenges have failed.