starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00

[GH-ISSUE #154] Certs are not Auto-Renewing #134

New issue

Closed

opened 2026-02-26 06:30:34 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 06:30:34 +03:00

Owner

Originally created by @pageb018 on GitHub (May 28, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/154

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
Are you sure you're not using someone else's docker image?
If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network?

Describe the bug
Running latest version v2.0.13, none of my certs are auto-renewing.

To Reproduce
Steps to reproduce the behavior:
Add proxy host. Wait for cert renew

Expected behavior
SSL certs should auto-renew in before expiration.

Screenshots

Operating System

docker on CentOS 7

Additional context
Docker version - 18.09.6

Originally created by @pageb018 on GitHub (May 28, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/154 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Are you sure you're not using someone else's docker image? - If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? **Describe the bug** Running latest version v2.0.13, none of my certs are auto-renewing. **To Reproduce** Steps to reproduce the behavior: Add proxy host. Wait for cert renew **Expected behavior** SSL certs should auto-renew in before expiration. **Screenshots** ![Screen Shot 2019-05-28 at 12 12 02 PM](https://user-images.githubusercontent.com/26354599/58493859-dc46de00-8141-11e9-8ddf-8dd8f487e178.png) **Operating System** - docker on CentOS 7 **Additional context** Docker version - 18.09.6

kerem

2026-02-26 06:30:34 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-26 06:30:35 +03:00

Author

Owner

@pageb018 commented on GitHub (May 28, 2019):

Seeing these errors in the logs...

"Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Failed authorization procedure. unifi.olddogconsulting.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://*MY DOMAIN.com*/.well-known/acme-challenge/pwQ2zDae6MC0DciJ0fURqfNZS3S2YbVPXokxa-dD7Yc [100.1.234.69]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
nginx-proxy-app | All renewal attempts failed. The following certs could not be renewed:
nginx-proxy-app |   /etc/letsencrypt/live/npm-1/fullchain.pem (failure)
nginx-proxy-app | 1 renew failure(s), 0 parse failure(s)

@pageb018 commented on GitHub (May 28, 2019): Seeing these errors in the logs... ``` "Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Failed authorization procedure. unifi.olddogconsulting.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://*MY DOMAIN.com*/.well-known/acme-challenge/pwQ2zDae6MC0DciJ0fURqfNZS3S2YbVPXokxa-dD7Yc [100.1.234.69]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping. nginx-proxy-app | All renewal attempts failed. The following certs could not be renewed: nginx-proxy-app | /etc/letsencrypt/live/npm-1/fullchain.pem (failure) nginx-proxy-app | 1 renew failure(s), 0 parse failure(s) ```

kerem commented

2026-02-26 06:30:35 +03:00

Author

Owner

@jc21 commented on GitHub (May 28, 2019):

Firstly, yes your certificates are renewing for the rest of your valid domains. If you navigate to those sites and view the SSL cert info, you'll see the expire date is different to the user interface.

When just one of the renewals fail, it doesn't continue to the next step which is to sync the dates of all the certs with the database.

The reason for one or more to fail is most likely due to a previous bug where deleting a certificate was not fully deleting it, meaning that it was attempting to renew even though the host didn't exist for it anymore.

Instructions to alleviate this broken certificate can be found in my latest comment in #109

@jc21 commented on GitHub (May 28, 2019): Firstly, yes your certificates are renewing for the rest of your valid domains. If you navigate to those sites and view the SSL cert info, you'll see the expire date is different to the user interface. When just one of the renewals fail, it doesn't continue to the next step which is to sync the dates of all the certs with the database. The reason for one or more to fail is most likely due to a previous bug where deleting a certificate was not fully deleting it, meaning that it was attempting to renew even though the host didn't exist for it anymore. Instructions to alleviate this broken certificate can be found in my latest comment in #109

kerem referenced this issue

2026-02-26 07:38:24 +03:00

[PR #134] [MERGED] Only Secure TLS Ciphers & Protocols #3193

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#134

No description provided.

Rows
Columns