The Nginx Proxy Manager sets the cert names to some unuasual names realated to its internal config.
root@nginxproxymanager:/etc/letsencrypt/live# ls
npm-11 npm-13 npm-15 npm-17 npm-19 npm-21 npm-23 npm-25 npm-27 npm-29 npm-33 npm-36 npm-39 npm-41 npm-45 npm-50 npm-52 npm-54 npm-6 README
npm-12 npm-14 npm-16 npm-18 npm-20 npm-22 npm-24 npm-26 npm-28 npm-32 npm-34 npm-37 npm-40 npm-43 npm-48 npm-51 npm-53 npm-55 npm-9
coudl you add an option that it would set the domainname on the reciving client. because at the moment the same name appears on the client.
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: [chan 0] Max packet in: 32768 bytes
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: [chan 0] Max packet out: 32768 bytes
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: Secsh channel 0 opened.
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: [chan 0] Sesch channel 0 request ok
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: INFO:paramiko.transport.sftp: [chan 0] Opened sftp connection (server version 3)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: _sftp_mkdir: path=/var/cache/certdeploy/npm-50, mode=None
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] stat(b'/var/cache/certdeploy/npm-50')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: _sftp_mkdir: path=/var/cache/certdeploy, mode=None
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] stat(b'/var/cache/certdeploy')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] mkdir(b'/var/cache/certdeploy/npm-50', None)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Copying /etc/letsencrypt/live/npm-50/chain.pem to /var/cache/certdeploy/npm-50/chain.pem
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/chain.pem', 'wb')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/chain.pem', 'wb') -> 687831
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] close(687831)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] stat(b'/var/cache/certdeploy/npm-50/chain.pem')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Copying /etc/letsencrypt/live/npm-50/fullchain.pem to /var/cache/certdeploy/npm-50/fullchain.pem
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/fullchain.pem', 'wb')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/fullchain.pem', 'wb') -> 687832
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] close(687832)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] stat(b'/var/cache/certdeploy/npm-50/fullchain.pem')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Copying /etc/letsencrypt/live/npm-50/privkey.pem to /var/cache/certdeploy/npm-50/privkey.pem
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/privkey.pem', 'wb')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] open(b'/var/cache/certdeploy/npm-50/privkey.pem', 'wb') -> 687833
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] close(687833)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport.sftp: [chan 0] stat(b'/var/cache/certdeploy/npm-50/privkey.pem')
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: INFO:paramiko.transport.sftp: [chan 0] sftp session closed.
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: [chan 0] EOF sent (0)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: INFO:certdeploy-server: Pushed /etc/letsencrypt/live/npm-50 to certdeploy@[x.x.x.x]]:33774 in 1 attempts
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Done pushing /etc/letsencrypt/live/npm-50 to certdeploy@[x.x.x.x]:33774
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:paramiko.transport: [chan 0] EOF received (0)
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: INFO:certdeploy-server: Done pushing all lineages to certdeploy@[x.x.x.x]]:33774
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Finished pushing to certdeploy@x.x.x.x]:33774
Aug 27 22:00:22 nginxproxymanager certdeploy-server[12034]: DEBUG:certdeploy-server: Queue length is 0, worker count is 0
and on the client
root@dash:~# cat /var/log/certdeploy/certdeploy*
DEBUG:certdeploy-client: New service SystemdUnit from config: config={'type': 'systemd', 'name': 'apache2.service'}
DEBUG:certdeploy-client: timeout = False, self.timeout = False
DEBUG:certdeploy-client: New service: <SystemdUnit: action=restart, filters={}, name=apache2.service, timeout=False>
DEBUG:certdeploy-client: Running daemon
DEBUG:certdeploy-client: Opening socket on port 33774 at address
INFO:certdeploy-client: Listening for incoming connections at 0.0.0.0:33774
INFO:certdeploy-client: Got connection from ('x.x.x.x', 33620)
DEBUG:certdeploy-client: stat: path=/var/cache/certdeploy/npm-50
DEBUG:certdeploy-client: stat: path=/var/cache/certdeploy
DEBUG:certdeploy-client: mkdir: path=/var/cache/certdeploy/npm-50, attr=?--------- 1 0 0 0 (unknown date) ?
DEBUG:certdeploy-client: open: path=/var/cache/certdeploy/npm-50/chain.pem, flags=577, attr=?--------- 1 0 0 0 (unknown date) ?
DEBUG:certdeploy-client: open: open /var/cache/certdeploy/npm-50/chain.pem with flags=577 and mode=384 (default mode)
DEBUG:certdeploy-client: open: fdopen /var/cache/certdeploy/npm-50/chain.pem with mode=wb
DEBUG:certdeploy-client: stat: path=/var/cache/certdeploy/npm-50/chain.pem
DEBUG:certdeploy-client: open: path=/var/cache/certdeploy/npm-50/fullchain.pem, flags=577, attr=?--------- 1 0 0 0 (unknown date) ?
DEBUG:certdeploy-client: open: open /var/cache/certdeploy/npm-50/fullchain.pem with flags=577 and mode=384 (default mode)
DEBUG:certdeploy-client: open: fdopen /var/cache/certdeploy/npm-50/fullchain.pem with mode=wb
DEBUG:certdeploy-client: stat: path=/var/cache/certdeploy/npm-50/fullchain.pem
DEBUG:certdeploy-client: open: path=/var/cache/certdeploy/npm-50/privkey.pem, flags=577, attr=?--------- 1 0 0 0 (unknown date) ?
DEBUG:certdeploy-client: open: open /var/cache/certdeploy/npm-50/privkey.pem with flags=577 and mode=384 (default mode)
DEBUG:certdeploy-client: open: fdopen /var/cache/certdeploy/npm-50/privkey.pem with mode=wb
DEBUG:certdeploy-client: stat: path=/var/cache/certdeploy/npm-50/privkey.pem
on the other side i don't get the certs updated correctly.
root@nginxproxymanager:/etc/letsencrypt/live# cat /etc/certdeploy/server.yml
---
privkey_filename: /etc/certdeploy/server_key
log_filename: /var/log/letsencrypt/certdeploy.log
log_level: DEBUG
sftp_log_filename: /var/log/letsencrypt/certdeploy_sftp.log
sftp_log_level: DEBUG
client_configs:
- address: x.x.x.x
port: 33774
needs_chain: true
needs_fullchain: true
needs_privkey: true
pubkey: ssh-ed25519 .........
domains:
- dash........
on the client side
root@dash:~# cat /etc/certdeploy/client.yml
---
destination: /etc/letsencrypt/live
update_services:
- type: systemd
name: apache2.service
log_filename: /var/log/certdeploy/certdeploy.log
log_level: DEBUG
file_permissions:
mode: 0o600
directory_mode: 0o700
owner: root
group: root
sftpd:
listen_port: 33774
privkey_filename: /etc/certdeploy/client_key
server_pubkey_filename: /etc/certdeploy/server_key.pub
log_filename: /var/log/certdeploy/certdeploy_sftp.log
log_level: CRITICAL
so where i have a config problem ?
by the way when i get everything working i will create an howto for install on debian with virtualenv systemd config and tempfile.d config, logrotate.d ....
The Nginx Proxy Manager sets the cert names to some unuasual names realated to its internal config.
coudl you add an option that it would set the domainname on the reciving client. because at the moment the same name appears on the client.
and on the client
on the other side i don't get the certs updated correctly.
on the client side
so where i have a config problem ?
by the way when i get everything working i will create an howto for install on debian with virtualenv systemd config and tempfile.d config, logrotate.d ....