[GH-ISSUE #133] Internal Server error

kerem commented

2026-02-26 06:30:22 +03:00

Owner

Originally created by @burnacid on GitHub (May 5, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/133

Hi

Thanks for this awesome project. I've been using it for a couple of months now on my raspberry pi.
Sadly Lets Encrypt didn't feel the need to request new certificates. So I tried requesting new ones by hand. Suddenly everything started to fall apart.

On requesting a new lets encrypt certificate (the second one) I kept getting an Internal Server Error message popup. Though after refressing the page the certificate was correctly made.

Then assigning the certificates caused more problems. Proxy Hosts just don't want to work anymore propperly. I have no clue what to look at. Please tell me what info you need furter

I'm on version v2.0.12

Originally created by @burnacid on GitHub (May 5, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/133 Hi Thanks for this awesome project. I've been using it for a couple of months now on my raspberry pi. Sadly Lets Encrypt didn't feel the need to request new certificates. So I tried requesting new ones by hand. Suddenly everything started to fall apart. On requesting a new lets encrypt certificate (the second one) I kept getting an Internal Server Error message popup. Though after refressing the page the certificate was correctly made. Then assigning the certificates caused more problems. Proxy Hosts just don't want to work anymore propperly. I have no clue what to look at. Please tell me what info you need furter I'm on version v2.0.12

kerem closed this issue

2026-02-26 06:30:22 +03:00

kerem commented

2026-02-26 06:30:22 +03:00

Author

Owner

@yayitazale commented on GitHub (May 6, 2019):

Same here. I tryed to renew by hand two of my 5 certificates and now, no one of the 5 proxys is working so I can't acces to any service from outside my home lan. I will try to reinstall the docker deleting all the files this evening to see if I can get it back to work.

@yayitazale commented on GitHub (May 6, 2019): Same here. I tryed to renew by hand two of my 5 certificates and now, no one of the 5 proxys is working so I can't acces to any service from outside my home lan. I will try to reinstall the docker deleting all the files this evening to see if I can get it back to work.

kerem commented

2026-02-26 06:30:22 +03:00

Author

Owner

@burnacid commented on GitHub (May 6, 2019):

Let me know I've allready updated the docker image with the latest but that didn't work. I've cleaned out the nginx configs which seemed to fix it at first but sadly it didn't.

@burnacid commented on GitHub (May 6, 2019): Let me know I've allready updated the docker image with the latest but that didn't work. I've cleaned out the nginx configs which seemed to fix it at first but sadly it didn't.

kerem commented

2026-02-26 06:30:22 +03:00

Author

Owner

@yayitazale commented on GitHub (May 6, 2019):

I'm running the same version v2.0.12 under docker on unraid. I have deletes the docker, the image, the files and reinstalled everything, created new hosts with new SSL certificates and everything is up and running again.

@yayitazale commented on GitHub (May 6, 2019): I'm running the same version v2.0.12 under docker on unraid. I have deletes the docker, the image, the files and reinstalled everything, created new hosts with new SSL certificates and everything is up and running again.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@jc21 commented on GitHub (May 8, 2019):

Few questions for both of you:

what docker image are you using?
what version of the raspberry pi?
what happens if you run the following commands inside the docker:

nginx -t
certbot renew

Just the gist of the renewal command is fine, fail, succeed, errors.

Lastly, I'm planning to put a manual renewal option in to the UI for certs. There's already an open issue for that.

@jc21 commented on GitHub (May 8, 2019): Few questions for both of you: 1. what docker image are you using? 2. what version of the raspberry pi? 3. what happens if you run the following commands inside the docker: ``` nginx -t certbot renew ``` Just the gist of the renewal command is fine, fail, succeed, errors. Lastly, I'm planning to put a manual renewal option in to the UI for certs. There's already an open issue for that.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@burnacid commented on GitHub (May 8, 2019):

1 the latest tag from this weekend.
2 3b+
3 will try to get the outputs later

@burnacid commented on GitHub (May 8, 2019): 1 the latest tag from this weekend. 2 3b+ 3 will try to get the outputs later

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@yayitazale commented on GitHub (May 8, 2019):

I'm using this image: https://github.com/jlesage/docker-nginx-proxy-manager
I'm using int under Unraid on a server
Will try this evening and paste the output.

@yayitazale commented on GitHub (May 8, 2019): 1. I'm using this image: https://github.com/jlesage/docker-nginx-proxy-manager 2. I'm using int under Unraid on a server 3. Will try this evening and paste the output.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@burnacid commented on GitHub (May 8, 2019):

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-17.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-17.conf with version 0.28.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for x.domain.example
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-17) from /etc/letsencrypt/renewal/npm-17.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/RsI-4OCQCCpejOARbUdeGMkWRSLDcBT9jqSpfKa_myI [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n    <title>Sonarr - Login</title>\n    <meta name=\"viewport\" content=\"width=device-width, initial-s". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-35.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-22.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-22.conf with version 0.28.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for x.domain.example
http-01 challenge for x.domain.example
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://p1.domain.example/.well-known/acme-challenge/H2M2sUTMjqLrVo9KrC1YLMI6trt4dMssN4ukb3-cMdI [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h", x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/.well-known/acme-challenge/jGG4_MAzWwfY6L25NEKhOnldmDj1-5uJPRAM6uT1Svc [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-20.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-20.conf with version 0.28.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for x.domain.example
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/.well-known/acme-challenge/XmFhSR-0519KKOTAOO6mFt2P_KUVp19op3i5AoIpjEc [77.164.58.90]: "\n    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n    <html>\n        <head>\n            <title>Error: 404 Not Found</title". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-14.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-29.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-37.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-28.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-21.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-16.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-16.conf with version 0.28.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for x.domain.example
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-16) from /etc/letsencrypt/renewal/npm-16.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/5wS_5rJkmqtck-y0Xfl4fnWhlWmhQvwGoxl2s_LZwCg [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n    <meta charset=\"utf-8\">\n    <title>Radarr - Login</title>\n    <meta name=\"viewport\" content=\"wi". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-11.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-18.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/npm-17/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-22/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-20/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-16/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/npm-35/fullchain.pem expires on 2019-08-02 (skipped)
  /etc/letsencrypt/live/npm-14/fullchain.pem expires on 2019-08-03 (skipped)
  /etc/letsencrypt/live/npm-29/fullchain.pem expires on 2019-08-02 (skipped)
  /etc/letsencrypt/live/npm-37/fullchain.pem expires on 2019-08-03 (skipped)
  /etc/letsencrypt/live/npm-28/fullchain.pem expires on 2019-08-02 (skipped)
  /etc/letsencrypt/live/npm-21/fullchain.pem expires on 2019-08-03 (skipped)
  /etc/letsencrypt/live/npm-11/fullchain.pem expires on 2019-08-03 (skipped)
  /etc/letsencrypt/live/npm-18/fullchain.pem expires on 2019-08-03 (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/npm-17/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-22/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-20/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-16/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: x.domain.example
   Type:   unauthorized
   Detail: Invalid response from
   http://x.domain.example/.well-known/acme-challenge/XmFhSR-0519KKOTAOO6mFt2P_KUVp19op3i5AoIpjEc
   [77.164.58.90]: "\n    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n    <html>\n        <head>\n            <title>Error:
   404 Not Found</title"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: x.domain.example
   Type:   unauthorized
   Detail: Invalid response from
   http://x.domain.example/.well-known/acme-challenge/H2M2sUTMjqLrVo9KrC1YLMI6trt4dMssN4ukb3-cMdI
   [77.164.58.90]: "<html>\r\n<head><title>401 Authorization
   Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization
   Required</h1></center>\r\n<h"

   Domain: x.domain.example
   Type:   unauthorized
   Detail: Invalid response from
   http://x.domain.example/.well-known/acme-challenge/jGG4_MAzWwfY6L25NEKhOnldmDj1-5uJPRAM6uT1Svc
   [77.164.58.90]: "<html>\r\n<head><title>401 Authorization
   Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization
   Required</h1></center>\r\n<h"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: x.domain.example
   Type:   unauthorized
   Detail: Invalid response from
   http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/5wS_5rJkmqtck-y0Xfl4fnWhlWmhQvwGoxl2s_LZwCg
   [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n    <meta
   charset=\"utf-8\">\n    <title>Radarr - Login</title>\n    <meta
   name=\"viewport\" content=\"wi"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: x.domain.example
   Type:   unauthorized
   Detail: Invalid response from
   http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/RsI-4OCQCCpejOARbUdeGMkWRSLDcBT9jqSpfKa_myI
   [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n    <title>Sonarr
   - Login</title>\n    <meta name=\"viewport\"
   content=\"width=device-width, initial-s"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

@burnacid commented on GitHub (May 8, 2019): ``` nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful ``` ``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-17.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-17.conf with version 0.28.0 of Certbot. This might not work. Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for x.domain.example Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-17) from /etc/letsencrypt/renewal/npm-17.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/RsI-4OCQCCpejOARbUdeGMkWRSLDcBT9jqSpfKa_myI [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n <title>Sonarr - Login</title>\n <meta name=\"viewport\" content=\"width=device-width, initial-s". Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-35.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-22.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-22.conf with version 0.28.0 of Certbot. This might not work. Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for x.domain.example http-01 challenge for x.domain.example Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://p1.domain.example/.well-known/acme-challenge/H2M2sUTMjqLrVo9KrC1YLMI6trt4dMssN4ukb3-cMdI [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h", x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/.well-known/acme-challenge/jGG4_MAzWwfY6L25NEKhOnldmDj1-5uJPRAM6uT1Svc [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h". Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-20.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-20.conf with version 0.28.0 of Certbot. This might not work. Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for x.domain.example Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/.well-known/acme-challenge/XmFhSR-0519KKOTAOO6mFt2P_KUVp19op3i5AoIpjEc [77.164.58.90]: "\n <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n <html>\n <head>\n <title>Error: 404 Not Found</title". Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-14.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-29.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-37.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-28.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-21.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-16.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Attempting to parse the version 0.30.2 renewal configuration file found at /etc/letsencrypt/renewal/npm-16.conf with version 0.28.0 of Certbot. This might not work. Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for x.domain.example Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-16) from /etc/letsencrypt/renewal/npm-16.conf produced an unexpected error: Failed authorization procedure. x.domain.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/5wS_5rJkmqtck-y0Xfl4fnWhlWmhQvwGoxl2s_LZwCg [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n <meta charset=\"utf-8\">\n <title>Radarr - Login</title>\n <meta name=\"viewport\" content=\"wi". Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-11.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-18.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-17/fullchain.pem (failure) /etc/letsencrypt/live/npm-22/fullchain.pem (failure) /etc/letsencrypt/live/npm-20/fullchain.pem (failure) /etc/letsencrypt/live/npm-16/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/npm-35/fullchain.pem expires on 2019-08-02 (skipped) /etc/letsencrypt/live/npm-14/fullchain.pem expires on 2019-08-03 (skipped) /etc/letsencrypt/live/npm-29/fullchain.pem expires on 2019-08-02 (skipped) /etc/letsencrypt/live/npm-37/fullchain.pem expires on 2019-08-03 (skipped) /etc/letsencrypt/live/npm-28/fullchain.pem expires on 2019-08-02 (skipped) /etc/letsencrypt/live/npm-21/fullchain.pem expires on 2019-08-03 (skipped) /etc/letsencrypt/live/npm-11/fullchain.pem expires on 2019-08-03 (skipped) /etc/letsencrypt/live/npm-18/fullchain.pem expires on 2019-08-03 (skipped) All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-17/fullchain.pem (failure) /etc/letsencrypt/live/npm-22/fullchain.pem (failure) /etc/letsencrypt/live/npm-20/fullchain.pem (failure) /etc/letsencrypt/live/npm-16/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: x.domain.example Type: unauthorized Detail: Invalid response from http://x.domain.example/.well-known/acme-challenge/XmFhSR-0519KKOTAOO6mFt2P_KUVp19op3i5AoIpjEc [77.164.58.90]: "\n <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n <html>\n <head>\n <title>Error: 404 Not Found</title" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: x.domain.example Type: unauthorized Detail: Invalid response from http://x.domain.example/.well-known/acme-challenge/H2M2sUTMjqLrVo9KrC1YLMI6trt4dMssN4ukb3-cMdI [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h" Domain: x.domain.example Type: unauthorized Detail: Invalid response from http://x.domain.example/.well-known/acme-challenge/jGG4_MAzWwfY6L25NEKhOnldmDj1-5uJPRAM6uT1Svc [77.164.58.90]: "<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<h" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: x.domain.example Type: unauthorized Detail: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/5wS_5rJkmqtck-y0Xfl4fnWhlWmhQvwGoxl2s_LZwCg [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n <meta charset=\"utf-8\">\n <title>Radarr - Login</title>\n <meta name=\"viewport\" content=\"wi" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: x.domain.example Type: unauthorized Detail: Invalid response from http://x.domain.example/login?returnUrl=/.well-known/acme-challenge/RsI-4OCQCCpejOARbUdeGMkWRSLDcBT9jqSpfKa_myI [77.164.58.90]: "<!doctype html>\n<html>\n<head>\n <title>Sonarr - Login</title>\n <meta name=\"viewport\" content=\"width=device-width, initial-s" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ```

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@burnacid commented on GitHub (May 8, 2019):

After complete removing all files and reinstalling and configuring again it all works back. Sadly it's unknown then I guess what the issue is. I'm unsure if it happens again in 3 months

@burnacid commented on GitHub (May 8, 2019): After complete removing all files and reinstalling and configuring again it all works back. Sadly it's unknown then I guess what the issue is. I'm unsure if it happens again in 3 months

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@jc21 commented on GitHub (May 8, 2019):

@burnacid are you using custom locations for your sonarr?

@jc21 commented on GitHub (May 8, 2019): @burnacid are you using custom locations for your sonarr?

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@burnacid commented on GitHub (May 9, 2019):

No

@burnacid commented on GitHub (May 9, 2019): No

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@jonfairbanks commented on GitHub (Jul 2, 2019):

Reporting a similar issue here. Nginx proxy manager has been running fine for 6+ months. Now while trying to add a new proxy, all actions within the UI result in "Internal Error".

If you check the logs or run nginx in the container itself, you get back the following error:
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-2/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/letsencrypt/live/npm-2/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file)

If you check /etc/letsencrypt, it is completely empty.

@jonfairbanks commented on GitHub (Jul 2, 2019): Reporting a similar issue here. Nginx proxy manager has been running fine for 6+ months. Now while trying to add a new proxy, all actions within the UI result in "Internal Error". If you check the logs or run `nginx` in the container itself, you get back the following error: `nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-2/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/letsencrypt/live/npm-2/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file)` If you check `/etc/letsencrypt`, it is completely empty.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@Sigri44 commented on GitHub (Jul 23, 2019):

Good morning, everyone!

I managed to fix this "internal error" problem. In fact, it only comes into play if you activate SSL on your host, and especially if you activate SSL when you have not yet created your domain (or it is not yet deployed... ! ; ;)).

I did different tests, creating the domain, then enabling the host (without SSL!) in NPM it works. if you enable SSL by returning to the settings, internal error, but once the domain is created, then no SSL error, even creating everything in one step :)

@Sigri44 commented on GitHub (Jul 23, 2019): Good morning, everyone! I managed to fix this "internal error" problem. In fact, it only comes into play if you activate SSL on your host, and especially if you activate SSL when you have not yet created your domain (or it is not yet deployed... ! ; ;)). I did different tests, creating the domain, then enabling the host (without SSL!) in NPM it works. if you enable SSL by returning to the settings, internal error, but once the domain is created, then no SSL error, even creating everything in one step :)

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@jc21 commented on GitHub (Jul 23, 2019):

I just tried to create a new proxy host using lets encrypt ssl at the time of creation and I didn't have any problems. I think we're at the point where you'll need to send your docker inspect output to get a full picture of the configuration.

@jc21 commented on GitHub (Jul 23, 2019): I just tried to create a new proxy host using lets encrypt ssl at the time of creation and I didn't have any problems. I think we're at the point where you'll need to send your `docker inspect` output to get a full picture of the configuration.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@Sigri44 commented on GitHub (Jul 24, 2019):

I just tried to create a new proxy host using lets encrypt ssl at the time of creation and I didn't have any problems. I think we're at the point where you'll need to send your docker inspect output to get a full picture of the configuration.

Okay, now try to recreate a host, with as host: dkjgbdfg.dgjkfgbldfg.com, and there will be the internet error ;) Because the domain is not reachable and LetsEncrypt must crash !

@Sigri44 commented on GitHub (Jul 24, 2019): > I just tried to create a new proxy host using lets encrypt ssl at the time of creation and I didn't have any problems. I think we're at the point where you'll need to send your `docker inspect` output to get a full picture of the configuration. Okay, now try to recreate a host, with as host: dkjgbdfg.dgjkfgbldfg.com, and there will be the internet error ;) Because the domain is not reachable and LetsEncrypt must crash !

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@jc21 commented on GitHub (Jul 24, 2019):

On one hand, the app is working correctly. It should throw an error when you're trying to do that.

On the other hand, the error message isn't very helpful. The host is created, the certificate is not and the status is "Unknown". No other hosts break as a result. It probably needs to handle the error better and requires some more UI.

@jc21 commented on GitHub (Jul 24, 2019): On one hand, the app is working correctly. It should throw an error when you're trying to do that. On the other hand, the error message isn't very helpful. The host is created, the certificate is not and the status is "Unknown". No other hosts break as a result. It probably needs to handle the error better and requires some more UI.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@Sigri44 commented on GitHub (Jul 25, 2019):

Exactly ! Either do a try/catch, or do a ping system on the url, and if no answer, then indicate that you must wait until the domain is deployed.

@Sigri44 commented on GitHub (Jul 25, 2019): Exactly ! Either do a try/catch, or do a ping system on the url, and if no answer, then indicate that you must wait until the domain is deployed.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@BetterToAutomateTheWorld commented on GitHub (Aug 6, 2020):

Solution find in my case :

copy pasting a nmp-xx certificates folder to the one which nginx is looking at
nginx -t
restart container

(anyway, this issue in basically from the root because we don't use the certificate for a specific domain, or a domain for a specific certificate, I will guess a deletion has gone wrong somewhere)

I will guess the best way to fix it in a clean way would be to delete all domains, certificates, and recreate all from zero/root...

PS : didn't know where the occurrence of the certificate was in my configuration in my case, a find / grep -r didn't return anything

@BetterToAutomateTheWorld commented on GitHub (Aug 6, 2020): Solution find in my case : - copy pasting a nmp-xx certificates folder to the one which nginx is looking at - nginx -t - restart container _(anyway, this issue in basically from the root because we don't use the certificate for a specific domain, or a domain for a specific certificate, I will guess a deletion has gone wrong somewhere)_ I will guess the best way to fix it in a clean way would be to delete all domains, certificates, and recreate all from zero/root... _PS : didn't know where the occurrence of the certificate was in my configuration in my case, a `find / grep -r` didn't return anything_

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@themreza commented on GitHub (Aug 13, 2020):

I'm able to replicate this error multiple times by making the host system run out of memory.

What happened in my case was that one of the containers ran a PHP composer update which consumed all available memory.

As a result, NginxProxyManager went into a coma and restarting it resulted in the following errors:

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-2/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-2/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

finish: applet not found

s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening

[cont-finish.d] executing container finish scripts...

[cont-finish.d] done.

[s6-finish] waiting for services.

[s6-finish] sending all processes the TERM signal.

[s6-finish] sending all processes the KILL signal and exiting.

I'm suspecting it's due to /etc/letsencrypt not being persisted, so I created a volume just for that path. Let's see.

@themreza commented on GitHub (Aug 13, 2020): I'm able to replicate this error multiple times by making the host system run out of memory. What happened in my case was that one of the containers ran a PHP composer update which consumed all available memory. As a result, NginxProxyManager went into a coma and restarting it resulted in the following errors: ``` nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/npm-2/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-2/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) finish: applet not found s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. ``` I'm suspecting it's due to `/etc/letsencrypt` not being persisted, so I created a volume just for that path. Let's see.

kerem commented

2026-02-26 06:30:23 +03:00

Author

Owner

@chaptergy commented on GitHub (May 10, 2021):

A lot has changed since this issue was originally opened and since the last comment. If you still encounter any problems please open a new issue.

@chaptergy commented on GitHub (May 10, 2021): A lot has changed since this issue was originally opened and since the last comment. If you still encounter any problems please open a new issue.

Rows
Columns

[GH-ISSUE #133] Internal Server error #118