I am trying to add a cert in NGINX Proxy Manager. I get “internal error” on the web ui. In the logs I see permission error “PermissionError: [Errno 1] Operation not permitted: ‘/etc/letsencrypt/renewal/npm-6.conf’”
I have been looking and it appears permissions are fine. I can use the console from the app and make and delete folders\files. The app makes the file for the cert but it’s empty.
Thanks for any help. I need SSL for one app to run properly, so this is a must.
Nginx creates a cert for accessing a webui via a domain name say,
Eg, I’ve setup Nginx to use my domain name internally to access my applications, one such is Portainer for example, I’ve it setup as port.mydomainname:
This screenshot from my mobile shows a cert installed while connecting to Portainer through nginx whereas;
This screenshot, on the same mobile device afew seconda later, connecting to Portainer though IP:Port does not have a cert, I could be wrong but I dont think Nginx saves the cert on the device but only while being routed through Nginx with a domain name.
Edit: apparently I cant spell on mobile.
There is a spot in the install to move the storage for certs. It does create a folder\file for sure.
Does that not just move the folder for where the Nginx cert is saved? But still only be applied when routing through an nginx name?
I am going to be honest, I have no idea.
However, I can see the files get created. I have the backup of my old config (which will not restore) and I can see the files and see they have things in them
When I try and add one now, in TNAS, I get this permissions error. Clearly it’s trying to write something and cannot. However, as stated, the permissions appear fine (unless I am missing something).
Clearly it’s creating some files and cannot edit them based on this. The files are created but empty.
PermissionError: [Errno 1] Operation not permitted: ‘/etc/letsencrypt/renewal/npm-6.conf’
Think i misinterpreted your original query btw, had a google on your error and didnt really come up with much in the way of success, may be worth deleting NPM and then starting afresh, sometimes is the best route.
I have done this several times actually. I am at a loss. I don’t know what else to try.
How are you installing Nginx btw, through the app store or a compose file btw?
And how are you adding the cert? Any guide you are following? I could compare with how I’ve set it up and see if anything differs?
I am installing the app from TNAS app store, yes. I am not following a guide as I have done it before (on my old NAS with a compose file).
However, there is not much to it. I changed the config and cert path (as show in the install config) to a dataset and I changed the ports (I did try an install where the ports are default too, same issue).
Have you tried the old compose file that works on your old nas? Obviously not a perfect solution but if it works on the old nas, could be a quick fix to just copy across the compose file?
I have not as I would prefer to use the “official” app from TrueNAS. I have been at this for hours and have multiple posts in multiple locations. Hoping to figure out the official way.
If I have nothing after days, I might try that. I can still access the program locally just not from outside my house. Not ideal but doable for a short time.
Just check the permissions again. Only the owner can have read and write permissions on the dataset where NPM is saving the certs; even the group has to be read only. I also had to change the permissions on the dataset back to UNIX (but that does make things easier to set). It has something to do with certbot not allowing a certificate to be created if someone else can change it. (but Im definitely not an expert)
But the file npm-*.conf is getting created, so the permissions should be right? Its just the file is empty. I have also tried setting the UID in the settings to 0 to test, same error. Just to verify, which user should I be looking for? The UID set in the settings of the app, yes?
How have you installed NPM?
I installed it via the TNAS apps catalog
Sorry, I should alsohave asked what version of TN - is it via docker or kubernetes
I am running the newest version of Scale. I know the thread has grown. If you did not see Lets Encrypt has verified the cert was created on their end. It just is not getting saved to the apps on my end.
okay - so set your UID to be the same as the owner of the dataset you have used for “Nginx Proxy Manager Certs Storage” in your setup. And then make sure that the permissions on your dataset are = owner Read/Write/Execute; owner Read/execute; other none
Yep Lets encrypt will verify each time (and eventually time out); this is a saving issue and certbot wont save it to your folder if anyone apart from the owner can write to the save location
The owner is root and I have set the UID\GID to 0 in the app settings. Same error.
Again, not an expert, but root does have special priveleges and I am not sure if you can ever stop the root GROUP from being able to write. Change your UID to something else. I have a user named “docker” this is what my permssions look like (i think its 755 but youd need to check)