[Bug Report] Failed to Start on Developer Build

[shedowe19]

npmplus_logs.txt
Here are the Logs, you can see after:

"2024/09/20 11:07:25 [notice] 1715#1715: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/21/0)"

Failed:

/app/lib/utils.js:19
					reject(new error.CommandError(stderr, isError));
					       ^
CommandError
    at /app/lib/utils.js:19:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:519:28)
    at maybeClose (node:internal/child_process:1105:16)
    at Socket.<anonymous> (node:internal/child_process:457:11)
    at Socket.emit (node:events:519:28)
    at Pipe.<anonymous> (node:net:338:12) {
  previous: undefined,
  code: Error: Command failed: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --quiet --no-reload-webserver
  
      at genericNodeError (node:internal/errors:984:15)
      at wrappedFn (node:internal/errors:538:14)
      at ChildProcess.exithandler (node:child_process:422:12)
      at ChildProcess.emit (node:events:519:28)
      at maybeClose (node:internal/child_process:1105:16)
      at Socket.<anonymous> (node:internal/child_process:457:11)
      at Socket.emit (node:events:519:28)
      at Pipe.<anonymous> (node:net:338:12) {
    code: 1,
    killed: false,
    signal: null,
    cmd: 'certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --quiet --no-reload-webserver'
  },
  public: false
}

Node.js v20.15.1

[shedowe19]

Here are the Complete Start Code:

---

---

| \ || . | \ \ ___ | | _ _ ___
| || /| || . | || | |[-[
|_||| ||||| /|| _|/__/
|_|

Version: 2.11.3+23ff8eb
Date: Fri Sep 20 11:06:19 CEST 2024
User: root
PUID: 0
User ID: 0
PGID: 0
Group ID: 0

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/data/tls/custom/npm-35/fullchain.pem"
reading config file /etc/logrotate
acquired lock on state file /data/etc/logrotate.statusReading state from file: /data/etc/logrotate.status
Allocating hash table for state file, size 64 entries
Creating new state
Creating new state

Handling 1 logs

rotating pattern: /data/nginx/*.log after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /data/nginx/access.log
Now: 2024-09-20 11:06
Last rotated at 2024-09-20 00:00
log does not need rotating (log has been rotated at 2024-09-20 00:00, which is less than a day ago)
considering log /data/nginx/stream.log
Now: 2024-09-20 11:06
Last rotated at 2024-06-21 20:00
log does not need rotating (log is empty)
not running postrotate script, since no logs were rotated
[SETTING UP STORAGE -] {0} @ {0/s}
[20-Sep-2024 11:06:19] NOTICE: fpm is running, pid 1658
[20-Sep-2024 11:06:19] NOTICE: ready to handle connections
[Global ] › ℹ info Using Sqlite: /data/etc/npm/database.sqlite

WebSocket server ready to accept new client connections
[Migrate ] › ℹ info Current database version: none
[Certbot ] › ▶ start Installing cloudflare...
[Certbot ] › ☒ complete Installed cloudflare
[Setup ] › ℹ info Added Certbot plugins cloudflare
[IP Ranges] › ℹ info Fetching IP Ranges from online services...
[IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[SSL ] › ℹ info Certbot Renewal Timer initialized
[IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[Global ] › ℹ info Backend PID 1663 listening on port 48693 ...
[Nginx ] › ℹ info Starting Nginx
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 11:06:20 [warn] 1715#1715: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/data/tls/custom/npm-35/fullchain.pem"
2024/09/20 11:06:20 [notice] 1715#1715: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/21/0)

/app/lib/utils.js:19
reject(new error.CommandError(stderr, isError));
^
CommandError
at /app/lib/utils.js:19:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:519:28)
at maybeClose (node:internal/child_process:1105:16)
at Socket. (node:internal/child_process:457:11)
at Socket.emit (node:events:519:28)
at Pipe. (node:net:338:12) {
previous: undefined,
code: Error: Command failed: certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --quiet --no-reload-webserver

  at genericNodeError (node:internal/errors:984:15)
  at wrappedFn (node:internal/errors:538:14)
  at ChildProcess.exithandler (node:child_process:422:12)
  at ChildProcess.emit (node:events:519:28)
  at maybeClose (node:internal/child_process:1105:16)
  at Socket.<anonymous> (node:internal/child_process:457:11)
  at Socket.emit (node:events:519:28)
  at Pipe.<anonymous> (node:net:338:12) {
code: 1,
killed: false,
signal: null,
cmd: 'certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --quiet --no-reload-webserver'

},
public: false
}

Node.js v20.15.1
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
0% OK: 95 MiB in 97 packages
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
0% OK: 95 MiB in 97 packages
'/usr/local/nginx/conf/conf.d/include/coreruleset/plugins/README.md' -> '/data/etc/modsecurity/crs-plugins/README.md'
'/usr/local/nginx/conf/conf.d/include/coreruleset/plugins/empty-after.conf' -> '/data/etc/modsecurity/crs-plugins/empty-after.conf'
'/usr/local/nginx/conf/conf.d/include/coreruleset/plugins/empty-before.conf' -> '/data/etc/modsecurity/crs-plugins/empty-before.conf'
'/usr/local/nginx/conf/conf.d/include/coreruleset/plugins/empty-config.conf' -> '/data/etc/modsecurity/crs-plugins/empty-config.conf'
no DEFAULT_CERT_ID set, using dummycerts.
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
0% OK: 95 MiB in 97 packages
Working on file: /data/nginx/custom/events.conf
Working on file: /data/nginx/custom/http.conf
Working on file: /data/nginx/custom/http_top.conf
Working on file: /data/nginx/custom/root_top.conf
Working on file: /data/nginx/custom/server_dead.conf
Working on file: /data/nginx/custom/server_proxy.conf
Working on file: /data/nginx/custom/server_redirect.conf
Working on file: /data/nginx/custom/server_stream.conf
Working on file: /data/nginx/custom/server_stream_tcp.conf
Working on file: /data/nginx/custom/server_stream_udp.conf
Working on file: /data/nginx/custom/stream.conf
Working on file: /data/nginx/custom/stream_top.conf
Working on file: /data/nginx/default.conf
Working on file: /data/nginx/ip_ranges.conf
Working on file: /data/nginx/proxy_host/1.conf
Working on file: /data/nginx/proxy_host/10.conf
Working on file: /data/nginx/proxy_host/11.conf
Working on file: /data/nginx/proxy_host/12.conf
Working on file: /data/nginx/proxy_host/13.conf
Working on file: /data/nginx/proxy_host/16.conf
Working on file: /data/nginx/proxy_host/17.conf
Working on file: /data/nginx/proxy_host/2.conf
Working on file: /data/nginx/proxy_host/21.conf
Working on file: /data/nginx/proxy_host/23.conf
Working on file: /data/nginx/proxy_host/28.conf
Working on file: /data/nginx/proxy_host/29.conf
Working on file: /data/nginx/proxy_host/3.conf
Working on file: /data/nginx/proxy_host/30.conf
Working on file: /data/nginx/proxy_host/4.conf
Working on file: /data/nginx/proxy_host/5.conf
Working on file: /data/nginx/proxy_host/6.conf
Working on file: /data/nginx/proxy_host/7.conf
Working on file: /data/nginx/proxy_host/8.conf
Working on file: /data/nginx/proxy_host/9.conf
Success.
removed '/usr/local/nginx/logs/nginx.pid'
removed '/run/nginx-1.sock'
removed '/run/nginx-10.sock'
removed '/run/nginx-11.sock'
removed '/run/nginx-12.sock'
removed '/run/nginx-13.sock'
removed '/run/nginx-16.sock'
removed '/run/nginx-17.sock'
removed '/run/nginx-2.sock'
removed '/run/nginx-21.sock'
removed '/run/nginx-23.sock'
removed '/run/nginx-28.sock'
removed '/run/nginx-29.sock'
removed '/run/nginx-3.sock'
removed '/run/nginx-30.sock'
removed '/run/nginx-4.sock'
removed '/run/nginx-5.sock'
removed '/run/nginx-6.sock'
removed '/run/nginx-7.sock'
removed '/run/nginx-8.sock'
removed '/run/nginx-9.sock'
removed '/run/php83.sock'

[Zoey2936]

Hi, can you please execute this inside the container please:
certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver; echo $?

[shedowe19]

/app # certbot-ocsp-fetcher.sh -c /data/tls/certbot -o /data/tls/certbot/live --no-reload-webserver; echo $?
Running in stand-alone mode...

LINEAGE RESULT  REASON
npm-10  not updated     valid staple file on disk
npm-11  not updated     valid staple file on disk
npm-12  not updated     valid staple file on disk
npm-14  not updated     valid staple file on disk
npm-15  not updated     valid staple file on disk
npm-16  not updated     valid staple file on disk
npm-17  not updated     valid staple file on disk
npm-18  not updated     valid staple file on disk
npm-2   failed to update        leaf certificate expired
npm-20  not updated     valid staple file on disk
npm-21  not updated     valid staple file on disk
npm-23  not updated     valid staple file on disk
npm-25  not updated     valid staple file on disk
npm-26  not updated     valid staple file on disk
npm-27  not updated     valid staple file on disk
npm-3   not updated     valid staple file on disk
npm-34  not updated     valid staple file on disk
npm-36  not updated     valid staple file on disk
npm-37  not updated     valid staple file on disk
npm-6   not updated     valid staple file on disk
npm-7   not updated     valid staple file on disk
npm-8   not updated     valid staple file on disk
npm-9   not updated     valid staple file on disk


Install the BSD utility `column` for properly formatted output.
If the version of `column` supports the `--output-separator` flag,
the output will be formatted as TSV.

[shedowe19]

Here are the Output

[shedowe19]

/app # openssl x509 -enddate -noout -in /data/tls/certbot/live/npm-2/fullchain.pem
notAfter=Aug 26 07:18:15 2024 GMT

?

[Zoey2936]

Did you removed a number at the end of the output?

[shedowe19]

Weird npm-6 is pm.clawsucht.de (Nginx Proxy Manager) and the npm-2 is the pm.clawsucht.de (Expired Certificate).

After i deleted npm-2 Folder in certbot, it give no more Failures.

[Zoey2936]

So it works with npm-2 deleted?

[shedowe19]

Yes but now i have another Problem: ```
2024-09-20 13:16:29,906:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-09-20 13:16:29,907:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2024-09-20 13:16:29,907:DEBUG:certbot._internal.main:Arguments: ['--logs-dir', '/tmp/certbot-log', '--work-dir', '/tmp/certbot-work', '--config-dir', '/data/tls/certbot', '--config', '/data/tls/certbot/config.ini', '--cert-name', 'npm-39', '--domains', 'analytics.clawsucht.de', '--authenticator', 'dns-cloudflare', '--dns-cloudflare-credentials', '/data/tls/certbot/credentials/credentials-39', '--email', '[email protected]']
2024-09-20 13:16:29,907:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-09-20 13:16:29,917:DEBUG:certbot._internal.log:Root logging level set at 30
2024-09-20 13:16:29,918:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-cloudflare and installer None
2024-09-20 13:16:29,918:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-cloudflare', value='certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7fe979df8110>
Prep: True
2024-09-20 13:16:29,918:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7fe979df8110> and installer None
2024-09-20 13:16:29,918:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-cloudflare, Installer None
2024-09-20 13:16:30,622:DEBUG:acme.client:Sending GET request to https://acme.zerossl.com/v2/DV90.
2024-09-20 13:16:30,623:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme.zerossl.com:443
2024-09-20 13:16:30,833:DEBUG:urllib3.connectionpool:https://acme.zerossl.com:443 "GET /v2/DV90 HTTP/11" 200 645
2024-09-20 13:16:30,833:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 20 Sep 2024 11:16:30 GMT
Content-Type: application/json
Content-Length: 645
Connection: keep-alive
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains

{
"newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
"newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
"newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
"revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
"keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
"meta": {
"termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
"website": "https://zerossl.com",
"caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
"externalAccountRequired": true
}
}
2024-09-20 13:16:30,833:DEBUG:certbot._internal.main:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 741, in _determine_account
acc, acme = client.register(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/client.py", line 209, in register
regr = perform_registration(acme, config, tos_cb)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/client.py", line 248, in perform_registration
raise errors.Error(msg)
certbot.errors.Error: Server requires external account binding. Please use --eab-kid and --eab-hmac-key.
2024-09-20 13:16:30,834:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 741, in _determine_account
acc, acme = client.register(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/client.py", line 209, in register
regr = perform_registration(acme, config, tos_cb)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/client.py", line 248, in perform_registration
raise errors.Error(msg)
certbot.errors.Error: Server requires external account binding. Please use --eab-kid and --eab-hmac-key.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 1582, in certonly
le_client = _init_le_client(config, auth, installer)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 833, in _init_le_client
acc, acme = _determine_account(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/certbot/_internal/main.py", line 754, in _determine_account
raise errors.Error(
certbot.errors.Error: Unable to register an account with ACME server. Server requires external account binding. Please use --eab-kid and --eab-hmac-key.
2024-09-20 13:16:30,835:ERROR:certbot._internal.log:Unable to register an account with ACME server. Server requires external account binding. Please use --eab-kid and --eab-hmac-key.

[shedowe19]

Okay, i must Register on ZeroSSL and now i have the 2 Things i need. ^^

Now the Ticket can Close

[shedowe19]

Perfect ^^

[shedowe19]

2024/09/20 14:08:33 [notice] 1655#1655: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/21/0)
[Certbot  ] › ▶  start     Installing cloudflare...
[Certbot  ] › ☒  complete  Installed cloudflare
[SSL      ] › ℹ  info      Requesting Certbot certificates via Cloudflare for Cert #43: lxc.clawsucht.de
[SSL      ] › ℹ  info      Command: certbot --logs-dir /tmp/certbot-log --work-dir /tmp/certbot-work --config-dir /data/tls/certbot certonly --config "/data/tls/certbot/config.ini" --cert-name "npm-43" --domains "lxc.clawsucht.de" --authenticator dns-cloudflare --dns-cloudflare-credentials "/data/tls/certbot/credentials/credentials-43" --email "[email protected]" 
[SSL      ] › ℹ  info      Requesting a certificate for lxc.clawsucht.de
Waiting 10 seconds for DNS changes to propagate
Successfully received certificate.
Certificate is saved at: /data/tls/certbot/live/npm-43/fullchain.pem
Key is saved at:         /data/tls/certbot/live/npm-43/privkey.pem
This certificate expires on 2024-12-19.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/23.conf
[Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/23.conf
[Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "code": "ENOENT",
  "syscall": "unlink",
  "path": "/data/nginx/proxy_host/23.conf"
}
[Nginx    ] › ⬤  debug     Deleting file: /data/nginx/proxy_host/23.conf.err
[Nginx    ] › ⬤  debug     Could not delete file: {
  "errno": -2,
  "code": "ENOENT",
  "syscall": "unlink",
  "path": "/data/nginx/proxy_host/23.conf.err"
}
[Nginx    ] › ℹ  info      Reloading Nginx
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: "ssl_stapling" ignored, issuer certificate not found for certificate "/data/tls/dummycert.pem"
2024/09/20 14:10:36 [warn] 1655#1655: deleting socket /run/nginx-23.sock

And the next error when i create new certificate, the old npm not deleted and when i manually delete it give the error

[Zoey2936]

for your last commt, what is the issue exactly?