[GH-ISSUE #1282] Wildcard SSL does not automatically renew #1033

New issue

Closed

opened 2026-02-26 06:35:30 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 06:35:30 +03:00

Owner

Originally created by @internetfreak on GitHub (Aug 3, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1282

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
When using a wildcard ssl certificate (entered as *.domain.tld on the domain field) then NPM can retrieve and manually renew the cert, but fails to renew it automatically. This happened since I got that certificate over the course of multiple versions of NPM.
I always get a mail from LE telling me my cert will run out that's how I noticed that something is not working.
My domain provider is INWX, all certificates with specified domains renew without issue.

Nginx Proxy Manager Version
2.9.6

To Reproduce
Steps to reproduce the behavior:

Go to 'SSL Certificates'
Click on 'Add SSL Certificate' -> 'Let's Encrypt', enter *.domain.tld as domain name
Toggle 'Use a DNS Challenge', enter your INWX network credentials, a cert should be retrieved
Wait close to three months for the cert to expire (or get certbox to renew somehow without manually renewing within the UI)
See that renew fails

If necessary to reproduce, I can provide a domain to test as I have as long as the domain and the credentials are used responsible.

Expected behavior
The certificate gets renewed just like all other certificates

Screenshots

Operating System
Debian 10

Additional context
This is what docker logs tell me:

[8/3/2021] [4:11:36 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[8/3/2021] [4:12:07 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-37 with error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
All renewals failed. The following certificates could not be renewed:

Originally created by @internetfreak on GitHub (Aug 3, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1282 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** When using a wildcard ssl certificate (entered as \*.domain.tld on the domain field) then NPM can retrieve and manually renew the cert, but fails to renew it automatically. This happened since I got that certificate over the course of multiple versions of NPM. I always get a mail from LE telling me my cert will run out that's how I noticed that something is not working. My domain provider is INWX, all certificates with specified domains renew without issue. **Nginx Proxy Manager Version** 2.9.6 **To Reproduce** Steps to reproduce the behavior: 1. Go to 'SSL Certificates' 2. Click on 'Add SSL Certificate' -> 'Let's Encrypt', enter `*.domain.tld` as domain name 3. Toggle 'Use a DNS Challenge', enter your INWX network credentials, a cert should be retrieved 4. Wait close to three months for the cert to expire (or get certbox to renew somehow without manually renewing within the UI) 5. See that renew fails If necessary to reproduce, I can provide a domain to test as I have as long as the domain and the credentials are used responsible. **Expected behavior** The certificate gets renewed just like all other certificates **Screenshots** ![image](https://user-images.githubusercontent.com/19251027/128053644-ae748721-6b8e-4ec3-8f98-d8d51a0d67f2.png) **Operating System** Debian 10 **Additional context** This is what `docker logs` tell me: ``` [8/3/2021] [4:11:36 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [8/3/2021] [4:12:07 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation Failed to renew certificate npm-37 with error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS. All renewals failed. The following certificates could not be renewed: ```

kerem

2026-02-26 06:35:30 +03:00

closed this issue
added the
bug
label

kerem referenced this issue

2026-02-26 07:38:56 +03:00

[PR #1034] [MERGED] don't fix the select height, to fix multiline select #3342

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1033

No description provided.

Rows
Columns