[GH-ISSUE #2251] Auto renew ssl cert #1605

New issue

Closed

opened 2026-02-26 07:31:44 +03:00 by kerem · 6 comments

kerem commented 2026-02-26 07:31:44 +03:00

Owner

Copy link

Originally created by @JS-E on GitHub (Sep 5, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2251

Describe the solution you'd like
A button or toggle switch that sets up a cron job to renew an certificate a few days before ssl cert expiry

Describe alternatives you've considered
I was going to set up my own one but i think it would be nice as an extra feature

Originally created by @JS-E on GitHub (Sep 5, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2251 **Describe the solution you'd like** A button or toggle switch that sets up a cron job to renew an certificate a few days before ssl cert expiry **Describe alternatives you've considered** I was going to set up my own one but i think it would be nice as an extra feature

kerem 2026-02-26 07:31:44 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@the1ts commented on GitHub (Sep 5, 2022):

@JS-E as standard it does this, indeed you can't stop it as far as I know, if its not renewing for you, there is a bug currently that stops the renew if Force SSL is ticked, untick and it can renew, then retick the Force SSL.

<!-- gh-comment-id:1237513347 --> @the1ts commented on GitHub (Sep 5, 2022): @JS-E as standard it does this, indeed you can't stop it as far as I know, if its not renewing for you, there is a bug currently that stops the renew if Force SSL is ticked, untick and it can renew, then retick the Force SSL.

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@JS-E commented on GitHub (Sep 6, 2022):

Okay, this isn't very clear when setting up an SSL cert. Would be cool if it was mentioned that it would auto renew and maybe give a date when it's planned to renew.

<!-- gh-comment-id:1238609919 --> @JS-E commented on GitHub (Sep 6, 2022): Okay, this isn't very clear when setting up an SSL cert. Would be cool if it was mentioned that it would auto renew and maybe give a date when it's planned to renew.

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@the1ts commented on GitHub (Sep 6, 2022):

From the main page on the homepage

Free SSL
Built in Let’s Encrypt support allows you to secure your Web services at no cost to you. The certificates even renew themselves!

<!-- gh-comment-id:1238699371 --> @the1ts commented on GitHub (Sep 6, 2022): From the main page on the [homepage](https://nginxproxymanager.com/) ***Free SSL*** Built in Let’s Encrypt support allows you to secure your Web services at no cost to you. The certificates even renew themselves!

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@JS-E commented on GitHub (Sep 7, 2022):

@the1ts - Didn't see that, thanks for pointing that out. Could this perhaps be shown on the actual SSL page as i still don't know what day the SSL cert will actually renew.

<!-- gh-comment-id:1239754713 --> @JS-E commented on GitHub (Sep 7, 2022): @the1ts - Didn't see that, thanks for pointing that out. Could this perhaps be shown on the actual SSL page as i still don't know what day the SSL cert will actually renew.

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@the1ts commented on GitHub (Sep 8, 2022):

From my very amateur reading of the backend certificate code in NPM and the log files created, the renewal time isn't handled by NPM. NPM simply calls certbot on a 1 hour timer and certbot runs against all current certs, certbot tries a renew of the cert if certbots own renewal time has been met. I think the certbot renewal time is currently at 30 days before expiry. So you get a 90 day cert and after 60 days it will renew. The reason we use NPM and automated letsencrypt in general, is so we don't have to worry about renewal times any longer.
Some of this is not much better than guess work, but you can see in the logs when you do a manual renewal, a single cert is attempted in the certbot commandline and certbot will complain about not ready for renewal without reaching out to letsencrypt, when its the hourly renewal no cert is pointed to and not ready for renewal messaging is seen again from certbot but for all known certs.
Of note, I've not seen the automated, "your cert is about to expire" email that you get from letsencrypt at about 2 weeks to expiry since moving to NPM, but there is currently an issue around this which is waiting a new build so keep your container up to date.
In short we are automating so we don't need to worry about when the cert is renewed. If you have to know when a cert is renewed for some cert pinning problem perhaps NPM and lets encrypt in general isn't the tool you need.

<!-- gh-comment-id:1240539735 --> @the1ts commented on GitHub (Sep 8, 2022): From my very amateur reading of the backend certificate code in NPM and the log files created, the renewal time isn't handled by NPM. NPM simply calls certbot on a 1 hour timer and certbot runs against all current certs, certbot tries a renew of the cert if certbots own renewal time has been met. I think the certbot renewal time is currently at 30 days before expiry. So you get a 90 day cert and after 60 days it will renew. The reason we use NPM and automated letsencrypt in general, is so we don't have to worry about renewal times any longer. Some of this is not much better than guess work, but you can see in the logs when you do a manual renewal, a single cert is attempted in the certbot commandline and certbot will complain about not ready for renewal without reaching out to letsencrypt, when its the hourly renewal no cert is pointed to and not ready for renewal messaging is seen again from certbot but for all known certs. Of note, I've not seen the automated, _"your cert is about to expire"_ email that you get from letsencrypt at about 2 weeks to expiry since moving to NPM, but there is currently an issue around this which is waiting a new build so keep your container up to date. In short we are automating so we don't need to worry about when the cert is renewed. If you have to know when a cert is renewed for some cert pinning problem perhaps NPM and lets encrypt in general isn't the tool you need.

kerem commented 2026-02-26 07:31:45 +03:00

Author

Owner

Copy link

@JS-E commented on GitHub (Nov 8, 2022):

After checking now and upgrading, i can see this automatically upgrading the cert so i'm happy to close

<!-- gh-comment-id:1307717295 --> @JS-E commented on GitHub (Nov 8, 2022): After checking now and upgrading, i can see this automatically upgrading the cert so i'm happy to close

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1605

No description provided.