Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LE cert - error 403 #3746

Closed
Elkropac opened this issue May 9, 2024 · 1 comment
Closed

LE cert - error 403 #3746

Elkropac opened this issue May 9, 2024 · 1 comment
Labels
bug

Comments

@Elkropac
Copy link

Elkropac commented May 9, 2024

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug

I'm unable to renew LE certs, the challenge ends with error 403. I have some accesslist on our hosts, i tried to disable them all (make all hosts publicly accessible) and it did not help.
I get

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cbd.xxxxx.cz
  Type:   unauthorized
  Detail: x.x.x.x: Invalid response from http://cbd.xxxxx.cz/.well-known/acme-challenge/gmuFi83UI1DIsfp_jBx3VIntvA6kw0V84Ql3CLngo3o: 403

I tried to get url http://cbd.xxxxx.cz/.well-known/acme-challenge/gmuFi83UI1DIsfp_jBx3VIntvA6kw0V84Ql3CLngo3o from several remote hosts, i got 404 mostly (which is ok, because the file is there only during certbot challenge), but i also got 403 from one server, which puzzles me.

Nginx Proxy Manager Version

2.11.2 initialy, now v2.10.4 from image jc21/nginx-proxy-manager:github-pr-3325 , because our HTTPS port is geoip filtered, so we cannot get http to https redirect on certbot

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

Screenshots

Operating System

VM is debian11, using docker package 20.10.5+dfsg1-1+deb11u2
docker compose is

version: "3"
services:
  app:
#    image: jc21/nginx-proxy-manager:github-pr-2038
#    image: jc21/nginx-proxy-manager:2.11.2
    image: jc21/nginx-proxy-manager:github-pr-3325
#    image: jc21/nginx-proxy-manager:latest
    restart: always
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
      - '2353:2353'
      - '7277:7277'
      - '8095:8095'
    environment:
      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'
    volumes:
      # Make sure this config.json file exists as per instructions above:
      - /mnt/btrfs/system/docker_data/nginxproxymanager/data/config:/app/config
      - /mnt/btrfs/system/docker_data/nginxproxymanager/data/data:/data
      - /mnt/btrfs/system/docker_data/nginxproxymanager/data/letsencrypt:/etc/letsencrypt

Additional context
@Elkropac Elkropac added the bug label May 9, 2024
@Elkropac
Copy link
Author

Elkropac commented May 13, 2024
edited

Hi, sorry for creating this issue. Reqests for validation were probably blocked by our firewall as botnet intrusion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Elkropac