Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Deleting a certificate without detaching it from the hosts breaks NPM #4288

Open
Grishkaone opened this issue Jan 10, 2025 · 0 comments
Open

[BUG] Deleting a certificate without detaching it from the hosts breaks NPM #4288

Grishkaone opened this issue Jan 10, 2025 · 0 comments
Labels
bug

Comments

@Grishkaone
Copy link

Grishkaone commented Jan 10, 2025
edited
Loading

Describe the bug
I use NPM on a Rasberry Pi. Data is stored in 2 volumes: one for /data and another for /etc/letsencrypt.
I have 13 hosts which are all sub-domains of my main domain.
I generate a Let's Encrypt wildcard certificate with a DNS challenge.
All this worked very well.

I recently changed registrar for my domain. Once the migration was completed with the DNS zones up and running, I had to change the method of generating the wildcard certificate (change of API and identifier).

It's not possible to edit this information in NPM. I therefore deleted the certificate, with a view to creating a new one. The deletion was carried out without error. Afterwards, it was impossible to do anything in the back office. I was unlocated and couldn't relocate. I restarted the container, but nothing changed.

There's an error nginx proxy manager nginx: [emerg] cannot load certificate: what I understand is that the 13 hosts that are still attached to the certificate are trying to load it without success since it's no longer there. I no longer have access to the BO to detach hosts from the certificate.

To get back in control, here are the steps I took:

  1. Connect to the container console
  2. Open /data/nginx/proxy_host/
  3. Delete all *.conf files

Then I was able to reconnect to the BO, the hosts are still there, but no certificates are linked to them.
I could set up my new certificate and attach it to each host one by one. The *.conf files were regenerated at this point.

Nginx Proxy Manager Version
2.11.3

To Reproduce
On a configuration with several hosts attached to a wildcard certificate.

  1. Open the SSL Certificates tab
  2. Click on the menu to the right of the certificate and select Delete.
  3. Confirm deletion.
    NPM becomes unusable.

Expected behavior
I can see several solutions.

  1. Prohibit deletion of a certificate attached to an active host. Add a warning when deleting the certificate to indicate that x hosts are bound to this certificate and not allow deletion until they have been manually detached.
  2. Automate the process. A message similar to solution 1, but indicating that deletion will automatically detach the certificate from each host beforehand, with a checkbox to indicate agreement.

Screenshots
No screenshot, sorry, everything work fine now.

Operating System
Linux 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
Debian version : 11.11

Additional context
I'm in no hurry to reproduce this problem. I'm not in a position to say whether the fact that it's a wildcard certificate is relevant to causing the bug.
There's another solution that I haven't tried: restore the certificates from a backup of the volume, which should work to restore a functional back office.
@Grishkaone Grishkaone added the bug label Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Grishkaone