I followed this tutorial to create local certificates for my home server, but now it failed to renew automatically and I have no clue waht to do. Can anybody assist me in debugging, please? https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/
I’m using duckdns.org, added mydomain.duckdns.org and the local IP of my home server. In Nginx-Proxy-Manager I have created the respective wildcard certificate. The log of my NPM container reports the following:
[3/10/2024] [1:55:50 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via DuckDNS for Cert #6: *.mydomain.duckdns.org, mydomain.duckdns.org
[3/10/2024] [1:55:50 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --disable-hook-validation --no-random-sleep-on-renew
[3/10/2024] [1:55:50 PM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --disable-hook-validation --no-random-sleep-on-renew
[3/10/2024] [1:55:53 PM] [Express ] › ⚠ warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Failed to renew certificate npm-6 with error: The DNS response does not contain an answer to the question: mydomain.duckdns.org. IN TXT
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Of course, but I don’t know what it means or what to do with it otherwise I obviously wouldn’t have create this post!?
Does the debug log not have more info?
Here’s the full log from /tmp/letsencrypt-log/letsencrypt.log. https://notebin.de/?4859b67f1b29f0e2#8G6vSon5PUGUHoZvMYD3zKwx8hkJeCV9xQM4TWFSvudM
Did you replace your domain with mydomain.duckdns.org in the logs, or did you just not configure the client with your domain? I’m not sure how it would have ever worked if that was the case, though. Either way, it tells you the DNS challenge record is missing.
I replaced my actual domain with “mydomain”.