I followed this tutorial to create local certificates for my home server, but now it failed to renew automatically and I have no clue waht to do. Can anybody assist me in debugging, please? https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/
I’m using duckdns.org, added mydomain.duckdns.org and the local IP of my home server. In Nginx-Proxy-Manager I have created the respective wildcard certificate. The log of my NPM container reports the following:
[3/10/2024] [1:55:50 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via DuckDNS for Cert #6: *.mydomain.duckdns.org, mydomain.duckdns.org
[3/10/2024] [1:55:50 PM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --disable-hook-validation --no-random-sleep-on-renew
[3/10/2024] [1:55:50 PM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --disable-hook-validation --no-random-sleep-on-renew
[3/10/2024] [1:55:53 PM] [Express ] › ⚠ warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Failed to renew certificate npm-6 with error: The DNS response does not contain an answer to the question: mydomain.duckdns.org. IN TXT
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
You must log in or # to comment.
I had issues with DNS checks and traced it to my pihole. I changed that container’s resolv.conf to use cloudflare DNS and it has been working fine since. It was with Caddy so needed to change over to use IPs.