[GH-ISSUE #1633] OVH DNS Renewal fails -- was working before #1225

New issue

Closed

opened 2026-02-26 06:36:19 +03:00 by kerem · 6 comments

kerem commented 2026-02-26 06:36:19 +03:00

Owner

Copy link

Originally created by @mora-phi on GitHub (Dec 4, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1633

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
When auto-renewing a certificate, it fails with the following error :

[12/4/2021] [4:53:04 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
Failed to renew certificate npm-1 with error: Missing command line flag or config entry for this setting:
Input the path to your OVH credentials INI file

The docs here https://certbot-dns-ovh.readthedocs.io/en/stable/ say:

If I log into the container and modify the command line to include :

 --dns-ovh-credentials /etc/letsencrypt/credentials/credentials-1

It works.

Nginx Proxy Manager Version
v2.9.12

To Reproduce
Try to renew an OVH certificate

Expected behavior
The certificate is correctly renewed.

Screenshots
If trying to manually renew from the webpage :

Operating System
Docker

Additional context
Was working with a previous NPM version.
Certbot version is 1.21.0

Originally created by @mora-phi on GitHub (Dec 4, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1633 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** When auto-renewing a certificate, it fails with the following error : ``` [12/4/2021] [4:53:04 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation Failed to renew certificate npm-1 with error: Missing command line flag or config entry for this setting: Input the path to your OVH credentials INI file ``` The docs here https://certbot-dns-ovh.readthedocs.io/en/stable/ say:  If I log into the container and modify the command line to include : ``` --dns-ovh-credentials /etc/letsencrypt/credentials/credentials-1 ``` It works. **Nginx Proxy Manager Version** v2.9.12 **To Reproduce** Try to renew an OVH certificate **Expected behavior** The certificate is correctly renewed. **Screenshots** If trying to manually renew from the webpage :  **Operating System** Docker **Additional context** Was working with a previous NPM version. Certbot version is 1.21.0

kerem 2026-02-26 06:36:19 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@pifou25 commented on GitHub (Jun 6, 2022):

Hello, I also have a python error when trying to generate certificate using the OVH DNS challenge... seems related to ARM architecture. Here is the full log.

NPM version v2.9.18 (docker latest image) - certbot 1.25.0

Error: Command failed: pip install certbot-dns-ovh==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') 
  error: subprocess-exited-with-error
  
  × pip subprocess to install build dependencies did not run successfully.
  │ exit code: 1
  ╰─> [125 lines of output]
      Collecting setuptools!=60.9.0,>=40.6.0
        Downloading setuptools-62.3.2-py3-none-any.whl (1.2 MB)
           ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.2/1.2 MB 858.7 kB/s eta 0:00:00
      Collecting wheel
        Using cached wheel-0.37.1-py2.py3-none-any.whl (35 kB)
      Collecting cffi>=1.12
        Downloading cffi-1.15.0.tar.gz (484 kB)
           ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 484.1/484.1 KB 695.8 kB/s eta 0:00:00
        Preparing metadata (setup.py): started
        Preparing metadata (setup.py): finished with status 'done'
      Collecting setuptools-rust>=0.11.4
        Downloading setuptools_rust-1.3.0-py3-none-any.whl (21 kB)
      Collecting pycparser
        Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
           ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 448.6 kB/s eta 0:00:00
      Collecting semantic-version<3,>=2.8.2
        Downloading semantic_version-2.10.0-py2.py3-none-any.whl (15 kB)
      Collecting typing-extensions>=3.7.4.3
        Downloading typing_extensions-4.2.0-py3-none-any.whl (24 kB)
      Building wheels for collected packages: cffi
        Building wheel for cffi (setup.py): started
        Building wheel for cffi (setup.py): finished with status 'error'
        error: subprocess-exited-with-error
      
        × python setup.py bdist_wheel did not run successfully.
        │ exit code: 1
        ╰─> [36 lines of output]
            running bdist_wheel
            running build
            running build_py
            creating build
            creating build/lib.linux-armv7l-3.7
            creating build/lib.linux-armv7l-3.7/cffi
            copying cffi/vengine_gen.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/commontypes.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/model.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/lock.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/vengine_cpy.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/verifier.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/backend_ctypes.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/setuptools_ext.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/__init__.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/error.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/cffi_opcode.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/ffiplatform.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/recompiler.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/api.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/cparser.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/pkgconfig.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_cffi_include.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/parse_c_type.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_embedding.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_cffi_errors.h -> build/lib.linux-armv7l-3.7/cffi
            running build_ext
            building '_cffi_backend' extension
            creating build/temp.linux-armv7l-3.7
            creating build/temp.linux-armv7l-3.7/c
            arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-armv7l-3.7/c/_cffi_backend.o
            c/_cffi_backend.c:2:10: fatal error: Python.h: No such file or directory
             #include 
                      ^~~~~~~~~~
            compilation terminated.
            error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1
            [end of output]
      
        note: This error originates from a subprocess, and is likely not a problem with pip.
        ERROR: Failed building wheel for cffi
        Running setup.py clean for cffi
      Failed to build cffi
      Installing collected packages: wheel, typing-extensions, setuptools, semantic-version, pycparser, setuptools-rust, cffi
        Running setup.py install for cffi: started
        Running setup.py install for cffi: finished with status 'error'
        error: subprocess-exited-with-error
      
        × Running setup.py install for cffi did not run successfully.
        │ exit code: 1
        ╰─> [36 lines of output]
            running install
            running build
            running build_py
            creating build
            creating build/lib.linux-armv7l-3.7
            creating build/lib.linux-armv7l-3.7/cffi
            copying cffi/vengine_gen.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/commontypes.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/model.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/lock.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/vengine_cpy.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/verifier.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/backend_ctypes.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/setuptools_ext.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/__init__.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/error.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/cffi_opcode.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/ffiplatform.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/recompiler.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/api.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/cparser.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/pkgconfig.py -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_cffi_include.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/parse_c_type.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_embedding.h -> build/lib.linux-armv7l-3.7/cffi
            copying cffi/_cffi_errors.h -> build/lib.linux-armv7l-3.7/cffi
            running build_ext
            building '_cffi_backend' extension
            creating build/temp.linux-armv7l-3.7
            creating build/temp.linux-armv7l-3.7/c
            arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-armv7l-3.7/c/_cffi_backend.o
            c/_cffi_backend.c:2:10: fatal error: Python.h: No such file or directory
             #include 
                      ^~~~~~~~~~
            compilation terminated.
            error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1
            [end of output]
      
        note: This error originates from a subprocess, and is likely not a problem with pip.
      error: legacy-install-failure
      
      × Encountered error while trying to install package.
      ╰─> cffi
      
      note: This is an issue with the package mentioned above, not pip.
      hint: See above for output from the failure.
      WARNING: You are using pip version 22.0.4; however, version 22.1.2 is available.
      You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.
      [end of output]
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with pip.
WARNING: You are using pip version 22.0.4; however, version 22.1.2 is available.
You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.

    at ChildProcess.exithandler (node:child_process:399:12)
    at ChildProcess.emit (node:events:526:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

I tried to install some (potentially) missing packages into the container, but could not fix this error...

<!-- gh-comment-id:1147961373 --> @pifou25 commented on GitHub (Jun 6, 2022): Hello, I also have a python error when trying to generate certificate using the OVH DNS challenge... seems related to ARM architecture. Here is the full log. NPM version v2.9.18 (docker latest image) - certbot 1.25.0 ``` Error: Command failed: pip install certbot-dns-ovh==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+') error: subprocess-exited-with-error × pip subprocess to install build dependencies did not run successfully. │ exit code: 1 ╰─> [125 lines of output] Collecting setuptools!=60.9.0,>=40.6.0 Downloading setuptools-62.3.2-py3-none-any.whl (1.2 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.2/1.2 MB 858.7 kB/s eta 0:00:00 Collecting wheel Using cached wheel-0.37.1-py2.py3-none-any.whl (35 kB) Collecting cffi>=1.12 Downloading cffi-1.15.0.tar.gz (484 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 484.1/484.1 KB 695.8 kB/s eta 0:00:00 Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting setuptools-rust>=0.11.4 Downloading setuptools_rust-1.3.0-py3-none-any.whl (21 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 448.6 kB/s eta 0:00:00 Collecting semantic-version<3,>=2.8.2 Downloading semantic_version-2.10.0-py2.py3-none-any.whl (15 kB) Collecting typing-extensions>=3.7.4.3 Downloading typing_extensions-4.2.0-py3-none-any.whl (24 kB) Building wheels for collected packages: cffi Building wheel for cffi (setup.py): started Building wheel for cffi (setup.py): finished with status 'error' error: subprocess-exited-with-error × python setup.py bdist_wheel did not run successfully. │ exit code: 1 ╰─> [36 lines of output] running bdist_wheel running build running build_py creating build creating build/lib.linux-armv7l-3.7 creating build/lib.linux-armv7l-3.7/cffi copying cffi/vengine_gen.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/commontypes.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/model.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/lock.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/vengine_cpy.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/verifier.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/backend_ctypes.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/setuptools_ext.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/__init__.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/error.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/cffi_opcode.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/ffiplatform.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/recompiler.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/api.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/cparser.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/pkgconfig.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/_cffi_include.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/parse_c_type.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/_embedding.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/_cffi_errors.h -> build/lib.linux-armv7l-3.7/cffi running build_ext building '_cffi_backend' extension creating build/temp.linux-armv7l-3.7 creating build/temp.linux-armv7l-3.7/c arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-armv7l-3.7/c/_cffi_backend.o c/_cffi_backend.c:2:10: fatal error: Python.h: No such file or directory #include ^~~~~~~~~~ compilation terminated. error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1 [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. ERROR: Failed building wheel for cffi Running setup.py clean for cffi Failed to build cffi Installing collected packages: wheel, typing-extensions, setuptools, semantic-version, pycparser, setuptools-rust, cffi Running setup.py install for cffi: started Running setup.py install for cffi: finished with status 'error' error: subprocess-exited-with-error × Running setup.py install for cffi did not run successfully. │ exit code: 1 ╰─> [36 lines of output] running install running build running build_py creating build creating build/lib.linux-armv7l-3.7 creating build/lib.linux-armv7l-3.7/cffi copying cffi/vengine_gen.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/commontypes.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/model.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/lock.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/vengine_cpy.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/verifier.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/backend_ctypes.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/setuptools_ext.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/__init__.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/error.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/cffi_opcode.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/ffiplatform.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/recompiler.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/api.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/cparser.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/pkgconfig.py -> build/lib.linux-armv7l-3.7/cffi copying cffi/_cffi_include.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/parse_c_type.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/_embedding.h -> build/lib.linux-armv7l-3.7/cffi copying cffi/_cffi_errors.h -> build/lib.linux-armv7l-3.7/cffi running build_ext building '_cffi_backend' extension creating build/temp.linux-armv7l-3.7 creating build/temp.linux-armv7l-3.7/c arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-armv7l-3.7/c/_cffi_backend.o c/_cffi_backend.c:2:10: fatal error: Python.h: No such file or directory #include ^~~~~~~~~~ compilation terminated. error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1 [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: legacy-install-failure × Encountered error while trying to install package. ╰─> cffi note: This is an issue with the package mentioned above, not pip. hint: See above for output from the failure. WARNING: You are using pip version 22.0.4; however, version 22.1.2 is available. You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command. [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: subprocess-exited-with-error × pip subprocess to install build dependencies did not run successfully. │ exit code: 1 ╰─> See above for output. note: This error originates from a subprocess, and is likely not a problem with pip. WARNING: You are using pip version 22.0.4; however, version 22.1.2 is available. You should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command. at ChildProcess.exithandler (node:child_process:399:12) at ChildProcess.emit (node:events:526:28) at maybeClose (node:internal/child_process:1092:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5) ``` I tried to install some (potentially) missing packages into the container, but could not fix this error...

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@mjholub commented on GitHub (Oct 22, 2022):

I am facing a similar issue which boils down to certbot reporting my credentials as invalid, even though I double checked them.
Steps to reproduce:

1. Register a new OVH app.
2. Using `curl -XPOST -H "X-Ovh-Application: " -H "Content-type: application/json" https://eu.api.ovh.com/1.0/auth/credential -d '{"accessRules":[{"method":"POST","path":"/domain/zone//record" },{"method":"POST","path":"/domain/zone//refresh"},{"method":"DELETE","path":"/domain/zone//record/*"}], "redirection": "https://"}'
3. Note the consumer key and validate the app (it went correctly in my case, checked with OVH Console).
4. Paste the secrets to container's ~/.secrets/certbot/ovh.ini, as described here
5. Run

>   --dns-ovh \
>   --dns-ovh-credentials ~/.secrets/certbot/ovh.ini \
>   -d example.com \
>   -d www.example.com

6. Get the

Error determining zone identifier for mjholub.me: 403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)

error
Same happens with WebUI, the error message apart from irrelevant traceback output is exactly the same, just w/o the unsafe permissions warning.

<!-- gh-comment-id:1287605281 --> @mjholub commented on GitHub (Oct 22, 2022): I am facing a similar issue which boils down to certbot reporting my credentials as invalid, even though I double checked them. Steps to reproduce: 1. Register a new OVH app. 2. Using `curl -XPOST -H "X-Ovh-Application: <app key>" -H "Content-type: application/json" https://eu.api.ovh.com/1.0/auth/credential -d '{"accessRules":[{"method":"POST","path":"/domain/zone/<domain name>/record" },{"method":"POST","path":"/domain/zone/<domain name>/refresh"},{"method":"DELETE","path":"/domain/zone/<domain name>/record/*"}], "redirection": "https://<domain name>"}' 3. Note the consumer key and validate the app (it went correctly in my case, checked with OVH Console). 4. Paste the secrets to container's ~/.secrets/certbot/ovh.ini, as described [here](https://certbot-dns-ovh.readthedocs.io/en/stable/) 5. Run ```certbot certonly \ > --dns-ovh \ > --dns-ovh-credentials ~/.secrets/certbot/ovh.ini \ > -d example.com \ > -d www.example.com ``` 6. Get the ```Unsafe permissions on credentials configuration file: /root/.secrets/certbot/ovh.ini Error determining zone identifier for mjholub.me: 403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?) ``` error Same happens with WebUI, the error message apart from irrelevant traceback output is exactly the same, just w/o the unsafe permissions warning.

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@Ramalama2 commented on GitHub (Nov 29, 2022):

I have the exact same error as the one above:
Error determining zone identifier for auth.myhiddendomain.com: 403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)

<!-- gh-comment-id:1331457975 --> @Ramalama2 commented on GitHub (Nov 29, 2022): I have the exact same error as the one above: Error determining zone identifier for auth.myhiddendomain.com: 403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@Ramalama2 commented on GitHub (Nov 30, 2022):

I resolved the issue, it is super stupid.

The solution is, that you have to create a application key for the whole account and all domains in it!
If you restrict access to one domain in your account, certbot wont work!
Here is the solution:

This issue happens only with certbot and is only certbot related.
You can use otherwise restricted application keys with acme.sh/dehydrated and whatever traefik uses works either!
Only certbot doesn't work! For the stupid certbot you have to open your whole account and have fun if someone gets access to your keys...
All your domains will be gone then 👍

That an huge security risk! and this method should be seen only as an solution to get nginx proxy manager working with certbot!
This is not an fix or something. Cheers

<!-- gh-comment-id:1331495204 --> @Ramalama2 commented on GitHub (Nov 30, 2022): I resolved the issue, it is super stupid. The solution is, that you have to create a application key for the whole account and all domains in it! If you restrict access to one domain in your account, certbot wont work! Here is the solution: <img width="268" alt="image" src="https://user-images.githubusercontent.com/6314556/204678262-e3a1f961-d061-4299-982e-2e55ef6561cf.png"> This issue happens only with certbot and is only certbot related. You can use otherwise restricted application keys with acme.sh/dehydrated and whatever traefik uses works either! Only certbot doesn't work! For the stupid certbot you have to open your whole account and have fun if someone gets access to your keys... All your domains will be gone then 👍 That an huge security risk! and this method should be seen only as an solution to get nginx proxy manager working with certbot! This is not an fix or something. Cheers

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 29, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1970246491 --> @github-actions[bot] commented on GitHub (Feb 29, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 06:36:19 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 14, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2800301912 --> @github-actions[bot] commented on GitHub (Apr 14, 2025): Issue was closed due to inactivity.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1225

No description provided.