Website certificate revoked

[SimonJohnCastle]

Hi

Fist, Thanks for pushing the NPM forward.
Initially I started with the original NPM project and went through the process of creating certificates for my backend services which run on separate docker networks. All works well.

Im in need of njs support so your NPMPlus looks like a good up to date candidate, Thank you.

When I go through the same setup procedure as before all looks well until I access one of the proxied services.
I get a Website certificate revoked by www.eset.com in my browser complaining:

"The certificate used by this server has been marked as untrustworthy and the connection is not safe.
This error was caused by a missing OCSP response, which has to be present and valid because OCSP Must-Staple is used"

Any ideas what could be wrong ?
I cant use hosted network as I need to isolate the backend services.
Could this be the cause of the problem ?

Thanks in advance
.... Simon

[Zoey2936]

can you maybe send me the logs of NPMplus?

[Zoey2936]

you created the cert b using the built-in certbot, right?

[SimonJohnCastle]

Im Using Dynu via the user interface, it all looks to work correctly I get files in the tls/certbot folder that look ok.

I attach the output from docker logs, are there any others of interest.

I have played with "NPM_CERT_ID=1" to see if that helped rather then sending the dummy, but it doesn't help.

[Zoey2936]

you exposed your dns token, I will delete the log

[SimonJohnCastle]

Thank you, I will be more carfull

[Zoey2936]

you can try to open the file at /opt/npm/tls/certbot/config.ini, there you set must-stable to false, delete your certs and recreate them, then it should work, I think you have dns problems, you can also try to add:

    dns:
      - 9.9.9.9
      - 149.112.112.112
      - 2620:fe::fe
      - 2620:fe::fe:9
      - 1.1.1.2
      - 1.0.0.2
      - 2606:4700:4700::1112
      - 2606:4700:4700::1002
      - 94.140.14.14
      - 94.140.15.15
      - 2a10:50c0::ad1:ff
      - 2a10:50c0::ad2:ff

to your compose file and retry (that will make the compose file to use quad9/cloudflare/adguards dns servers)

[Zoey2936]

(I would prefer option 2)

[SimonJohnCastle]

Thank you, adding the dns to my compose file didnt help, my be because I didnt take it all down, I will try some more.
Changing the /data/tls/certbot/config.ini at least gets me going, although not the best solution for now.
The only other thing that may be relevant is that the domain name is mapped to a local address ie 192.168.1.99

Thanks for you quick response.

[Zoey2936]

yes that could be the problem