-
|
I'm encountering an issue where the here is the error from CommandError: Saving debug log to /tmp/certbot-log/letsencrypt.log
An unexpected error occurred:
Bad Request :: Curve is not of type secp256r1 or prime256v1
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log/letsencrypt.log or re-run Certbot with -v for more details.
at /app/lib/utils.js:18:13
at ChildProcess.exithandler (node:child_process:427:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)I believe happens because the ACME client needs to use the secp256r1 (also known as prime256v1) curve for Elliptic Curve Cryptography (ECC) key generation, as required by many CAs, including Buypass.com and Google Public CA. Expected Behavior |
Beta Was this translation helpful? Give feedback.
Answered by
vineethmn
Jan 11, 2025
Replies: 13 comments
-
|
do you know if buypass supports rsa 4096 keys? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
it does support by default as per their community forums. and I am able to get certificate with in separate dedicated certbot instance. However, we need to specify |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
rsa will be supported with the next release, the question is if they support rsa 4096, if nit then I need to add an option to change they key size |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
can you amybe try the new release and set the keytype to rsa and retry? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I tried the latest image with keytype set to rsa. the certificate is getting issued from Buypass.com CA. however the proxy host that uses the latest certificates after upgrade (to latest image) went offline. now i am getting default congratulation page. tried to delete and create new proxy host on different ip same issue. sites works on old certificate. weird!
here is the logs from proxy Certificate issuance with latest image (keytype set to rsa) npmplus | [SSL ] › ℹ info Requesting Certbot certificates via Cloudflare for Cert #26: mydomain.com
npmplus | [Global ] › ⬤ debug CMD: certbot --logs-dir /tmp/certbot-log --work-dir /tmp/certbot-work --config-dir /data/tls/certbot --config /etc/certbot.ini --agree-tos --non-interactive --no-eff-email --register-unsafely-without-email certonly --cert-name npm-26 --domains mydomain.com --server https://api.buypass.com/acme/directory --authenticator dns-cloudflare --dns-cloudflare-credentials /tmp/certbot-credentials/credentials-26
npmplus | [SSL ] › ℹ info Requesting a certificate for mydomain.com
npmplus |
npmplus | Successfully received certificate.
npmplus | Certificate is saved at: /data/tls/certbot/live/npm-26/fullchain.pem
npmplus | Key is saved at: /data/tls/certbot/live/npm-26/privkey.pem
npmplus | This certificate expires on 2025-07-09.
npmplus | These files will be updated when the certificate renews.
npmplus | NEXT STEPS:
npmplus | - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
npmplus |
npmplus | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
npmplus | If you like Certbot, please consider supporting our work by:
npmplus | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
npmplus | * Donating to EFF: https://eff.org/donate-le
npmplus | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
npmplus |
npmplus | [Global ] › ⬤ debug CMD: openssl x509 -in /data/tls/certbot/live/npm-26/fullchain.pem -subject -noout
npmplus | [Global ] › ⬤ debug CMD: openssl x509 -in /data/tls/certbot/live/npm-26/fullchain.pem -issuer -noout
npmplus | [Global ] › ⬤ debug CMD: openssl x509 -in /data/tls/certbot/live/npm-26/fullchain.pem -dates -noout
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
logs when adding proxy host with new certificate npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/14.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
same with another domain npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/8.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Express ] › ⚠ warning nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus |
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/8.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/9.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/11.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-26.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-26.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/12.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-25.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-25.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
logs when using old certs npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/13.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/13.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
which ca did the older cert used? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
additionally, the certbot generated two certs named viper@srv02:~/nginx/npm$ sudo ls -l tls/certbot/live/
total 132
drwxrwx--- 2 root root 4096 Jan 8 15:27 npm-1
drwxrwx--- 2 root root 4096 Jan 8 19:57 npm-10
-rwxrwx--- 1 root root 471 Jan 8 19:57 npm-10.der
drwxrwx--- 2 root root 4096 Jan 8 20:26 npm-15
-rwxrwx--- 1 root root 316 Jan 8 20:29 npm-15.der
drwxrwx--- 2 root root 4096 Jan 8 20:28 npm-16
-rwxrwx--- 1 root root 316 Jan 8 20:29 npm-16.der
drwxrwx--- 2 root root 4096 Jan 9 11:18 npm-18
-rwxrwx--- 1 root root 315 Jan 9 11:19 npm-18.der
drwxrwx--- 2 root root 4096 Jan 10 12:10 npm-19
-rwxrwx--- 1 root root 315 Jan 10 12:13 npm-19.der
-rwxrwx--- 1 root root 472 Jan 8 15:29 npm-1.der
drwxrwx--- 2 root root 4096 Jan 8 15:30 npm-2
drwxrwx--- 2 root root 4096 Jan 10 21:58 npm-22
-rwxrwx--- 1 root root 315 Jan 10 22:04 npm-22.der
drwxrwx--- 2 root root 4096 Jan 10 22:07 npm-24
-rwxrwx--- 1 root root 315 Jan 10 22:08 npm-24.der
drwxr-xr-x 2 root root 4096 Jan 11 17:50 npm-25
drwxr-xr-x 2 root root 4096 Jan 11 17:51 npm-26
-rwxrwx--- 1 root root 471 Jan 8 15:31 npm-2.der
drwxrwx--- 2 root root 4096 Jan 8 15:40 npm-3
-rwxrwx--- 1 root root 472 Jan 8 15:46 npm-3.der
drwxrwx--- 2 root root 4096 Jan 8 15:41 npm-4
-rwxrwx--- 1 root root 472 Jan 8 15:46 npm-4.der
drwxrwx--- 2 root root 4096 Jan 8 15:42 npm-5
-rwxrwx--- 1 root root 472 Jan 8 15:46 npm-5.der
drwxrwx--- 2 root root 4096 Jan 8 15:43 npm-6
-rwxrwx--- 1 root root 471 Jan 8 15:46 npm-6.der
drwxrwx--- 2 root root 4096 Jan 8 19:28 npm-7
-rwxrwx--- 1 root root 471 Jan 8 19:28 npm-7.der
drwxrwx--- 2 root root 4096 Jan 8 19:53 npm-9
-rwxrwx--- 1 root root 471 Jan 8 19:54 npm-9.der
-rwxrwx--- 1 root root 740 Jan 8 15:27 README
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$ sudo find / -name npm-26.der
viper@srv02:~/nginx/npm$ sudo find / -name npm-25.der
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$ sudo ls -l tls/certbot/live/npm-26/
total 4
lrwxrwxrwx 1 root root 30 Jan 11 17:51 cert.pem -> ../../archive/npm-26/cert1.pem
lrwxrwxrwx 1 root root 31 Jan 11 17:51 chain.pem -> ../../archive/npm-26/chain1.pem
lrwxrwxrwx 1 root root 35 Jan 11 17:51 fullchain.pem -> ../../archive/npm-26/fullchain1.pem
lrwxrwxrwx 1 root root 33 Jan 11 17:51 privkey.pem -> ../../archive/npm-26/privkey1.pem
-rw-r--r-- 1 root root 692 Jan 11 17:51 README
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$ sudo ls -l tls/certbot/live/npm-25/
total 4
lrwxrwxrwx 1 root root 30 Jan 11 17:50 cert.pem -> ../../archive/npm-25/cert1.pem
lrwxrwxrwx 1 root root 31 Jan 11 17:50 chain.pem -> ../../archive/npm-25/chain1.pem
lrwxrwxrwx 1 root root 35 Jan 11 17:50 fullchain.pem -> ../../archive/npm-25/fullchain1.pem
lrwxrwxrwx 1 root root 33 Jan 11 17:50 privkey.pem -> ../../archive/npm-25/privkey1.pem
-rw-r--r-- 1 root root 692 Jan 11 17:50 README
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$
looking through the viper@srv02:~/nginx/npm$ sudo grep -i der nginx/proxy_host/14.conf.err
more_set_headers 'Alt-Svc: h3=":443"; ma=86400';
ssl_stapling_file /data/tls/certbot/live/npm-26.der;
include conf.d/include/proxy-headers.conf;
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$
viper@srv02:~/nginx/npm$ sudo grep -i der nginx/proxy_host/15.conf.err
more_set_headers 'Alt-Svc: h3=":443"; ma=86400';
ssl_stapling_file /data/tls/certbot/live/npm-25.der;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-headers.conf;
viper@srv02:~/nginx/npm$tried manually copy the certificate, but no luck. same error sudo openssl x509 -outform der -in /home/viper/nginx/npm/tls/certbot/live/npm-26/cert.pem -out /home/viper/nginx/npm/tls/certbot/live/npm-26.der
|
Beta Was this translation helpful? Give feedback.
0 replies
-
it was Zerossl |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
can you restart the container and send me the starp up logs (the part between starting services and the information about the PUID/UID), please? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Sure, there you go viper@srv02:~/nginx$ docker compose up
[+] Running 4/4
✔ Network nginx_server-farm Created 0.1s
✔ Container nginx-mariadb-1 Created 0.1s
✔ Container phpmyadmin Created 0.0s
✔ Container npmplus Created 0.0s
Attaching to mariadb-1, npmplus, phpmyadmin
mariadb-1 | 2025-01-11 13:14:33+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.5+maria~ubu2204 started.
mariadb-1 | 2025-01-11 13:14:33+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
mariadb-1 | 2025-01-11 13:14:33+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.5+maria~ubu2204 started.
npmplus |
npmplus | -------------------------------------
npmplus | _ _ ___ __ __ _
npmplus | | \ || . \| \ \ ___ | | _ _ ___
npmplus | | || _/| || . \| || | |[_-[
npmplus | |_\_||_| |_|_|_|| _/|_| \__|/__/
npmplus | |_|
npmplus | -------------------------------------
npmplus | Version: 2.12.2+f45e2c6
npmplus | Date: Sat Jan 11 18:44:33 IST 2025
npmplus | -------------------------------------
npmplus |
npmplus | At least one env or the template version changed, all hosts will be regenerated.
phpmyadmin | [migrations] started
mariadb-1 | 2025-01-11 13:14:33+00:00 [Note] [Entrypoint]: MariaDB upgrade not required
phpmyadmin | [migrations] 01-nginx-site-confs-default: skipped
phpmyadmin | [migrations] 02-default-location: skipped
phpmyadmin | [migrations] done
mariadb-1 | 2025-01-11 13:14:33 0 [Note] Starting MariaDB 10.11.5-MariaDB-1:10.11.5+maria~ubu2204 source revision 7875294b6b74b53dd3aaa723e6cc103d2bb47b2c as process 1
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Number of transaction pools: 1
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Using ARMv8 crc32 + pmull instructions
mariadb-1 | 2025-01-11 13:14:33 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb-1 | 2025-01-11 13:14:33 0 [Warning] mariadbd: io_uring_queue_init() failed with errno 1
mariadb-1 | 2025-01-11 13:14:33 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Completed initialization of buffer pool
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: File system buffers for log disabled (block size=4096 bytes)
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: End of log at LSN=424995
phpmyadmin | ───────────────────────────────────────
phpmyadmin |
phpmyadmin | ██╗ ███████╗██╗ ██████╗
phpmyadmin | ██║ ██╔════╝██║██╔═══██╗
phpmyadmin | ██║ ███████╗██║██║ ██║
phpmyadmin | ██║ ╚════██║██║██║ ██║
phpmyadmin | ███████╗███████║██║╚██████╔╝
phpmyadmin | ╚══════╝╚══════╝╚═╝ ╚═════╝
phpmyadmin |
phpmyadmin | Brought to you by linuxserver.io
phpmyadmin | ───────────────────────────────────────
phpmyadmin |
phpmyadmin | To support LSIO projects visit:
phpmyadmin | https://www.linuxserver.io/donate/
phpmyadmin |
phpmyadmin | ───────────────────────────────────────
phpmyadmin | GID/UID
phpmyadmin | ───────────────────────────────────────
phpmyadmin |
phpmyadmin | User UID: 1001
phpmyadmin | User GID: 1001
phpmyadmin | ───────────────────────────────────────
phpmyadmin | Linuxserver.io version: 5.2.1-ls178
phpmyadmin | Build-date: 2025-01-06T16:31:38+00:00
phpmyadmin | ───────────────────────────────────────
phpmyadmin |
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: 128 rollback segments are active.
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: log sequence number 424995; transaction id 1137
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
mariadb-1 | 2025-01-11 13:14:33 0 [Note] Plugin 'FEEDBACK' is disabled.
mariadb-1 | 2025-01-11 13:14:33 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
mariadb-1 | 2025-01-11 13:14:33 0 [Note] Server socket created on IP: '0.0.0.0'.
mariadb-1 | 2025-01-11 13:14:33 0 [Note] Server socket created on IP: '::'.
mariadb-1 | 2025-01-11 13:14:33 0 [Note] mariadbd: ready for connections.
mariadb-1 | Version: '10.11.5-MariaDB-1:10.11.5+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
phpmyadmin | using keys found in /config/keys
mariadb-1 | 2025-01-11 13:14:33 0 [Note] InnoDB: Buffer pool(s) load completed at 250111 13:14:33
npmplus | no DEFAULT_CERT_ID set, using dummycerts.
phpmyadmin | [custom-init] No custom files found, skipping...
phpmyadmin | [ls.io-init] done.
npmplus |
npmplus | -------------------------------------
npmplus | User: root
npmplus | PUID: 0
npmplus | User ID: 0
npmplus | PGID: 0
npmplus | Group ID: 0
npmplus | -------------------------------------
npmplus |
npmplus | Running in stand-alone mode...
npmplus |
npmplus | LINEAGE RESULT REASON
npmplus | npm-1 not updated valid staple file on disk
npmplus | npm-10 not updated valid staple file on disk
npmplus | npm-15 not updated valid staple file on disk
npmplus | npm-16 not updated valid staple file on disk
npmplus | npm-18 not updated valid staple file on disk
npmplus | npm-19 not updated valid staple file on disk
npmplus | npm-2 not updated valid staple file on disk
npmplus | npm-22 not updated valid staple file on disk
npmplus | npm-24 not updated valid staple file on disk
npmplus | npm-25 failed to update good
npmplus | npm-26 failed to update good
npmplus | npm-3 not updated valid staple file on disk
npmplus | npm-4 not updated valid staple file on disk
npmplus | npm-5 not updated valid staple file on disk
npmplus | npm-6 not updated valid staple file on disk
npmplus | npm-7 not updated valid staple file on disk
npmplus | npm-9 not updated valid staple file on disk
npmplus |
npmplus | Starting services...
npmplus | 2025/01/11 18:44:35 [notice] 599#599: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
npmplus | [Global ] › ℹ info Using MySQL configuration
npmplus | [Migrate ] › ℹ info Current database version: 20241230192345
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /usr/local/nginx/conf/conf.d/default.conf
npmplus | [Certbot ] › ▶ start Installing cloudflare...
npmplus | [Global ] › ⬤ debug CMD: pip install --upgrade --no-cache-dir certbot-dns-cloudflare
npmplus | [Certbot ] › ☒ complete Installed cloudflare
npmplus | [IP Ranges] › ℹ info Fetching IP Ranges from online services...
npmplus | [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/1.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [SSL ] › ℹ info Certbot Renewal Timer initialized
npmplus | [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
npmplus | [Global ] › ℹ info Backend PID 601 listening on port 48681
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/2.conf
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/3.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/4.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/5.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/6.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/7.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/9.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] d2i_OCSP_RESPONSE_bio("/data/tls/certbot/live/npm-26.der") failed (SSL: error:068000A8:asn1 encoding routines::wrong tag error:0688010A:asn1 encoding routines::nested asn1 error error:0688010A:asn1 encoding routines::nested asn1 error:Field=responseStatus, Type=OCSP_RESPONSE)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/10.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/13.conf
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/14.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] d2i_OCSP_RESPONSE_bio("/data/tls/certbot/live/npm-26.der") failed (SSL: error:068000A8:asn1 encoding routines::wrong tag error:0688010A:asn1 encoding routines::nested asn1 error error:0688010A:asn1 encoding routines::nested asn1 error:Field=responseStatus, Type=OCSP_RESPONSE)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
npmplus | [Global ] › ⬤ debug CMD: nginx -tq
npmplus | [Global ] › ⬤ debug CMD: nginxbeautifier -s 4 /data/nginx/proxy_host/15.conf
npmplus | [Nginx ] › ✖ error nginx: [emerg] BIO_new_file("/data/tls/certbot/live/npm-25.der") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-25.der, rb) error:10000080:BIO routines::no such file)
npmplus | nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
npmplus |
npmplus | [Global ] › ⬤ debug CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver --quiet
npmplus | [Nginx ] › ℹ info Reloading Nginx
npmplus | [Global ] › ⬤ debug CMD: nginx -s reload
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
npm-25 and npm-26 are the buypass certs right? if yes then it seems like buypass does not support ocsp stapling at all, you can disable ocsp stapling via env, see compose.yaml |
Beta Was this translation helpful? Give feedback.
0 replies
-
if you want to create them by hand you need to use the |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
you are right, disabling viper@srv02:~/nginx/npm$ sudo grep -i der nginx/proxy_host/17.conf
more_set_headers 'Alt-Svc: h3=":443"; ma=86400';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include conf.d/include/proxy-headers.conf;
viper@srv02:~/nginx/npm$
compose options - "ACME_MUST_STAPLE=false"
- "ACME_OCSP_STAPLING=false" |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
Zoey2936
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you are right, disabling
staplingwill do the job. issue seems fixed. :)compose options