[GH-ISSUE #124] Can't get a Let's Encrypt cert #111

New issue

Closed

opened 2026-02-26 05:34:38 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 05:34:38 +03:00

Owner

Copy link

Originally created by @undercoverdesigns on GitHub (Apr 22, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/124

When I try to generate a certificate, I consistently get the following error:

[4/22/2019] [8:40:43 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for 
Cert #8: control.[DOMAIN].net,
Plugins selected: Authenticator webroot, Installer None,
[4/22/2019] [8:40:59 PM] [Nginx    ] › ℹ  info      Reloading Nginx,
[4/22/2019] [8:40:59 PM] [Express  ] › ⚠  warning   Command failed: /usr/bin/certbot    certonly --cert-name "npm-8" --agree-tos --email "gabe@[DOMAIN].net" --preferred-challenges "http" -n -a webroot -d "control.[DOMAIN].net" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Obtaining a new certificate,
http-01 challenge for control.[DOMAIN].net,
Performing the following challenges:,
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.,
Waiting for verification...,
Cleaning up challenges,
An unexpected error occurred:,
Please see the logfiles in /var/log/letsencrypt for more details.

the log in /var/log/letsencrypt looks like this:

2019-04-22 19:36:52,076:DEBUG:certbot.storage:Creating directory  /etc/letsencrypt/archive.
2019-04-22 19:36:52,084:DEBUG:certbot.storage:Creating directory /etc/letsencrypt/live.
2019-04-22 19:36:52,087:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/README.
2019-04-22 19:36:52,108:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/npm-3 and live directory /etc/letsencrypt/live/npm-3 created.
2019-04-22 19:36:52,110:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1225, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
    self.config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 1053, in new_lineage
    target[kind])
OSError: [Errno 38] Function not implemented: '../../archive/npm-3/cert1.pem' ->    '/etc/letsencrypt/live/npm-3/cert.pem'
2019-04-22 19:36:52,126:ERROR:certbot.log:An unexpected error occurred:

What am I doing wrong?

Originally created by @undercoverdesigns on GitHub (Apr 22, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/124 When I try to generate a certificate, I consistently get the following error: [4/22/2019] [8:40:43 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #8: control.[DOMAIN].net, Plugins selected: Authenticator webroot, Installer None, [4/22/2019] [8:40:59 PM] [Nginx ] › ℹ info Reloading Nginx, [4/22/2019] [8:40:59 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --cert-name "npm-8" --agree-tos --email "gabe@[DOMAIN].net" --preferred-challenges "http" -n -a webroot -d "control.[DOMAIN].net" , Saving debug log to /var/log/letsencrypt/letsencrypt.log, Obtaining a new certificate, http-01 challenge for control.[DOMAIN].net, Performing the following challenges:, Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains., Waiting for verification..., Cleaning up challenges, An unexpected error occurred:, Please see the logfiles in /var/log/letsencrypt for more details. the log in /var/log/letsencrypt looks like this: 2019-04-22 19:36:52,076:DEBUG:certbot.storage:Creating directory /etc/letsencrypt/archive. 2019-04-22 19:36:52,084:DEBUG:certbot.storage:Creating directory /etc/letsencrypt/live. 2019-04-22 19:36:52,087:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/README. 2019-04-22 19:36:52,108:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/npm-3 and live directory /etc/letsencrypt/live/npm-3 created. 2019-04-22 19:36:52,110:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1225, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate self.config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 1053, in new_lineage target[kind]) OSError: [Errno 38] Function not implemented: '../../archive/npm-3/cert1.pem' -> '/etc/letsencrypt/live/npm-3/cert.pem' 2019-04-22 19:36:52,126:ERROR:certbot.log:An unexpected error occurred: What am I doing wrong?

kerem 2026-02-26 05:34:38 +03:00

• closed this issue
• added the
  need more info
  cannot reproduce
  labels

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@kolbii commented on GitHub (Apr 23, 2019):

I had the same issue recently with Let's Encrypt. There was a non-unicode character in nginx config file. The config tester didn't throw any error but the certbot.py was unable to read it.

<!-- gh-comment-id:485923683 --> @kolbii commented on GitHub (Apr 23, 2019): I had the same issue recently with Let's Encrypt. There was a non-unicode character in nginx config file. The config tester didn't throw any error but the certbot.py was unable to read it.

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Apr 23, 2019):

Interesting, is that unicode character part of this codebase or was it introduced by user configuration?

<!-- gh-comment-id:485979361 --> @jc21 commented on GitHub (Apr 23, 2019): Interesting, is that unicode character part of this codebase or was it introduced by user configuration?

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@Sigri44 commented on GitHub (Apr 24, 2019):

Hello, i have the same issue since 1 month. I will also check my nginx configuration on my side.

<!-- gh-comment-id:486108262 --> @Sigri44 commented on GitHub (Apr 24, 2019): Hello, i have the same issue since 1 month. I will also check my nginx configuration on my side.

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@Sigri44 commented on GitHub (Apr 25, 2019):

Hello, i have the same issue since 1 month. I will also check my nginx configuration on my side.

Result :

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

<!-- gh-comment-id:486721480 --> @Sigri44 commented on GitHub (Apr 25, 2019): > > > Hello, i have the same issue since 1 month. I will also check my nginx configuration on my side. Result : ```bash nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful ```

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@ghzgod commented on GitHub (May 7, 2019):

This is also happening to me. Was working fine for months. I go to add a new domain and I get

[Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --cert-name "npm-4" --agree-tos --email "xxx@gmail.com" --preferred-challenges "http" -n -a webroot -d "mydomain.com"

And also

Failed authorization procedure. mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.com/.well-known/acme-challenge/CHALLENGEKEY: Timeout during connect (likely firewall problem)

<!-- gh-comment-id:490156051 --> @ghzgod commented on GitHub (May 7, 2019): This is also happening to me. Was working fine for months. I go to add a new domain and I get `[Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --cert-name "npm-4" --agree-tos --email "xxx@gmail.com" --preferred-challenges "http" -n -a webroot -d "mydomain.com"` And also `Failed authorization procedure. mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.com/.well-known/acme-challenge/CHALLENGEKEY: Timeout during connect (likely firewall problem)`

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 7, 2019):

Definitely not able to reproduce this. If you are using someone elses docker build or unraid, I really cannot help you as I have no idea about it. I can only support my own builds.

[/docker/nginx-proxy-manager]# ❯ docker pull jc21/nginx-proxy-manager:latest
latest: Pulling from jc21/nginx-proxy-manager
f7e2b70d04ae: Already exists 
08dd01e3f3ac: Pull complete 
d9ef3a1eb792: Pull complete 
52c919bacf87: Pull complete 
a7dcade0c907: Pull complete 
Digest: sha256:2fe75c9abc03bc4787e9dbb7c31f3651d3cf88f52aac3e1020ca920c336b74d3
Status: Downloaded newer image for jc21/nginx-proxy-manager:latest

[/docker/nginx-proxy-manager:master]# ❯ docker images | grep nginx-proxy-manager
jc21/nginx-proxy-manager                     latest              6dbafc34c041        5 weeks ago         522MB

Version reported on login page: v2.0.12

[/docker/nginx-proxy-manager:master]# ❯ docker logs -f nginx-proxy-manager_app_1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[5/7/2019] [11:37:56 PM] [Migrate  ] › ℹ  info      Current database version: 20190227065017
[5/7/2019] [11:37:56 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[5/7/2019] [11:37:56 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[5/7/2019] [11:37:57 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[5/7/2019] [11:37:57 PM] [Global   ] › ℹ  info      PID 209 listening on port 81 ...
[5/7/2019] [11:42:10 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[5/7/2019] [11:42:10 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #55: example.jc21.net.au
[5/7/2019] [11:42:20 PM] [SSL      ] › ✔  success   IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/npm-55/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/npm-55/privkey.pem
   Your cert will expire on 2019-08-05. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
[5/7/2019] [11:42:20 PM] [Nginx    ] › ℹ  info      Reloading Nginx

<!-- gh-comment-id:490293772 --> @jc21 commented on GitHub (May 7, 2019): Definitely not able to reproduce this. If you are using someone elses docker build or unraid, I really cannot help you as I have no idea about it. I can only support my own builds. ``` [/docker/nginx-proxy-manager]# ❯ docker pull jc21/nginx-proxy-manager:latest latest: Pulling from jc21/nginx-proxy-manager f7e2b70d04ae: Already exists 08dd01e3f3ac: Pull complete d9ef3a1eb792: Pull complete 52c919bacf87: Pull complete a7dcade0c907: Pull complete Digest: sha256:2fe75c9abc03bc4787e9dbb7c31f3651d3cf88f52aac3e1020ca920c336b74d3 Status: Downloaded newer image for jc21/nginx-proxy-manager:latest ``` ``` [/docker/nginx-proxy-manager:master]# ❯ docker images | grep nginx-proxy-manager jc21/nginx-proxy-manager latest 6dbafc34c041 5 weeks ago 522MB ``` Version reported on login page: v2.0.12 ``` [/docker/nginx-proxy-manager:master]# ❯ docker logs -f nginx-proxy-manager_app_1 [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] done. [services.d] starting services [services.d] done. [5/7/2019] [11:37:56 PM] [Migrate ] › ℹ info Current database version: 20190227065017 [5/7/2019] [11:37:56 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [5/7/2019] [11:37:56 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 [5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 [5/7/2019] [11:37:57 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [5/7/2019] [11:37:57 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [5/7/2019] [11:37:57 PM] [Global ] › ℹ info PID 209 listening on port 81 ... [5/7/2019] [11:42:10 PM] [Nginx ] › ℹ info Reloading Nginx [5/7/2019] [11:42:10 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #55: example.jc21.net.au [5/7/2019] [11:42:20 PM] [SSL ] › ✔ success IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/npm-55/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/npm-55/privkey.pem Your cert will expire on 2019-08-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [5/7/2019] [11:42:20 PM] [Nginx ] › ℹ info Reloading Nginx ```

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@jay991-jp commented on GitHub (Apr 30, 2020):

you need to create port forwarding rules as shown in the attached picture

<!-- gh-comment-id:621572120 --> @jay991-jp commented on GitHub (Apr 30, 2020):  you need to create port forwarding rules as shown in the attached picture

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@zigazajc007 commented on GitHub (Apr 8, 2021):

Same here. It was working for a year and now it just doesn't work anymore. I didn't touch anything.

<!-- gh-comment-id:816041658 --> @zigazajc007 commented on GitHub (Apr 8, 2021): Same here. It was working for a year and now it just doesn't work anymore. I didn't touch anything.

kerem commented 2026-02-26 05:34:39 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 10, 2021):

@jay991-jp @zigazajc007 As this issue is fairly old you should probably open a new issue if you are still experiencing the problem. Remember to include as much debug information a possible, so the letsencrypt log from /var/log/letsencrypt and your host config from /data/nginx/proxy_host or /data/nginx/redirection_host or whichever host you are experiencing the issue with.

<!-- gh-comment-id:837346163 --> @chaptergy commented on GitHub (May 10, 2021): @jay991-jp @zigazajc007 As this issue is fairly old you should probably open a new issue if you are still experiencing the problem. Remember to include as much debug information a possible, so the letsencrypt log from `/var/log/letsencrypt` and your host config from `/data/nginx/proxy_host` or `/data/nginx/redirection_host` or whichever host you are experiencing the issue with.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#111

No description provided.