[GH-ISSUE #2267] All certificate renewals suddenly fail. Has worked for months if not years. #1615

New issue

Open

opened 2026-02-26 07:31:47 +03:00 by kerem · 16 comments

kerem commented 2026-02-26 07:31:47 +03:00

Owner

Copy link

Originally created by @Waldorf3 on GitHub (Sep 15, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2267

After using this container for months, if not years, with minimal interaction necessary, suddenly certificates are no longer automatically updated. Nothing changed in my environment so I'm a bit at a loss what happened.

From the log:

nginx-proxy-manager-app-1  | [9/15/2022] [4:50:19 PM] [Global   ] › ℹ  info      Generating MySQL knex configuration from environment variables
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:19 PM] [Global   ] › ⬤  debug     Wrote db configuration to config file: ./config/production.json
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:20 PM] [Migrate  ] › ℹ  info      Current database version: 20211108145214
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:20 PM] [Setup    ] › ℹ  info      Creating a new JWT key pair...
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [Setup    ] › ℹ  info      Wrote JWT key pair to config file: /app/config/production.json
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [Setup    ] › ℹ  info      Logrotate completed.
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:24 PM] [Global   ] › ℹ  info      Backend PID 246 listening on port 3000 ...
nginx-proxy-manager-app-1  | [9/15/2022] [4:50:49 PM] [Express  ] › ⚠  warning   invalid signature
nginx-proxy-manager-app-1  | [9/15/2022] [4:52:43 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
nginx-proxy-manager-app-1  | Failed to renew certificate npm-1 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-10 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-11 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-12 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-13 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-2 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-25 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-3 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-31 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-32 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-34 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-35 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-36 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-38 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-39 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-4 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-40 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-41 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-42 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-5 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-6 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-7 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | Failed to renew certificate npm-8 with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
nginx-proxy-manager-app-1  | Failed to renew certificate npm-9 with error: Some challenges have failed.
nginx-proxy-manager-app-1  | All renewals failed. The following certificates could not be renewed:
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-1/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-10/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-12/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-13/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-2/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-25/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-3/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-31/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-32/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-34/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-35/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-36/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-38/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-39/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-40/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-41/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-42/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-5/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-6/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-7/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
nginx-proxy-manager-app-1  |   /etc/letsencrypt/live/npm-9/fullchain.pem (failure)
nginx-proxy-manager-app-1  | 24 renew failure(s), 0 parse failure(s)
nginx-proxy-manager-app-1  |
nginx-proxy-manager-app-1  |     at ChildProcess.exithandler (node:child_process:399:12)
nginx-proxy-manager-app-1  |     at ChildProcess.emit (node:events:526:28)
nginx-proxy-manager-app-1  |     at maybeClose (node:internal/child_process:1092:16)
nginx-proxy-manager-app-1  |     at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
nginx-proxy-manager-app-1  | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
nginx-proxy-manager-app-1  | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
nginx-proxy-manager-app-1  | QueryBuilder#omit is deprecated. This method will be removed in version 3.0
nginx-proxy-manager-app-1  | Model#$omit is deprected and will be removed in 3.0.
nginx-proxy-manager-app-1  | Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
nginx-proxy-manager-app-1  | [9/15/2022] [4:55:08 PM] [Nginx    ] › ℹ  info      Reloading Nginx
nginx-proxy-manager-app-1  | [9/15/2022] [4:55:30 PM] [Nginx    ] › ℹ  info      Reloading Nginx
nginx-proxy-manager-app-1  | [9/15/2022] [4:55:53 PM] [Nginx    ] › ℹ  info      Reloading Nginx
nginx-proxy-manager-app-1  | [9/15/2022] [4:55:58 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #46: myapp.mydomain.com
nginx-proxy-manager-app-1  | [9/15/2022] [4:55:58 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "me@mydomain.com" --preferred-challenges "dns,http" --domains "myapp.mydomain.com"
nginx-proxy-manager-app-1  | [9/15/2022] [4:56:05 PM] [Nginx    ] › ℹ  info      Reloading Nginx
nginx-proxy-manager-app-1  | [9/15/2022] [4:56:05 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "me@mydomain.com" --preferred-challenges "dns,http" --domains "myapp.mydomain.com"
nginx-proxy-manager-app-1  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
nginx-proxy-manager-app-1  | Some challenges have failed.
nginx-proxy-manager-app-1  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Originally created by @Waldorf3 on GitHub (Sep 15, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2267 After using this container for months, if not years, with minimal interaction necessary, suddenly certificates are no longer automatically updated. Nothing changed in my environment so I'm a bit at a loss what happened. From the log: ``` nginx-proxy-manager-app-1 | [9/15/2022] [4:50:19 PM] [Global ] › ℹ info Generating MySQL knex configuration from environment variables nginx-proxy-manager-app-1 | [9/15/2022] [4:50:19 PM] [Global ] › ⬤ debug Wrote db configuration to config file: ./config/production.json nginx-proxy-manager-app-1 | [9/15/2022] [4:50:20 PM] [Migrate ] › ℹ info Current database version: 20211108145214 nginx-proxy-manager-app-1 | [9/15/2022] [4:50:20 PM] [Setup ] › ℹ info Creating a new JWT key pair... nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [Setup ] › ℹ info Wrote JWT key pair to config file: /app/config/production.json nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [Setup ] › ℹ info Logrotate Timer initialized nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [Setup ] › ℹ info Logrotate completed. nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized nginx-proxy-manager-app-1 | [9/15/2022] [4:50:24 PM] [Global ] › ℹ info Backend PID 246 listening on port 3000 ... nginx-proxy-manager-app-1 | [9/15/2022] [4:50:49 PM] [Express ] › ⚠ warning invalid signature nginx-proxy-manager-app-1 | [9/15/2022] [4:52:43 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation nginx-proxy-manager-app-1 | Failed to renew certificate npm-1 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-10 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-11 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-12 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-13 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-2 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-25 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-3 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-31 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-32 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-34 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-35 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-36 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-38 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-39 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-4 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-40 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-41 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-42 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-5 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-6 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-7 with error: Some challenges have failed. nginx-proxy-manager-app-1 | Failed to renew certificate npm-8 with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ nginx-proxy-manager-app-1 | Failed to renew certificate npm-9 with error: Some challenges have failed. nginx-proxy-manager-app-1 | All renewals failed. The following certificates could not be renewed: nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-1/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-10/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-11/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-12/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-13/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-2/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-25/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-3/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-31/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-32/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-34/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-35/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-36/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-38/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-39/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-4/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-40/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-41/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-42/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-5/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-6/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-7/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-8/fullchain.pem (failure) nginx-proxy-manager-app-1 | /etc/letsencrypt/live/npm-9/fullchain.pem (failure) nginx-proxy-manager-app-1 | 24 renew failure(s), 0 parse failure(s) nginx-proxy-manager-app-1 | nginx-proxy-manager-app-1 | at ChildProcess.exithandler (node:child_process:399:12) nginx-proxy-manager-app-1 | at ChildProcess.emit (node:events:526:28) nginx-proxy-manager-app-1 | at maybeClose (node:internal/child_process:1092:16) nginx-proxy-manager-app-1 | at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5) nginx-proxy-manager-app-1 | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0 nginx-proxy-manager-app-1 | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0 nginx-proxy-manager-app-1 | QueryBuilder#omit is deprecated. This method will be removed in version 3.0 nginx-proxy-manager-app-1 | Model#$omit is deprected and will be removed in 3.0. nginx-proxy-manager-app-1 | Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 nginx-proxy-manager-app-1 | [9/15/2022] [4:55:08 PM] [Nginx ] › ℹ info Reloading Nginx nginx-proxy-manager-app-1 | [9/15/2022] [4:55:30 PM] [Nginx ] › ℹ info Reloading Nginx nginx-proxy-manager-app-1 | [9/15/2022] [4:55:53 PM] [Nginx ] › ℹ info Reloading Nginx nginx-proxy-manager-app-1 | [9/15/2022] [4:55:58 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #46: myapp.mydomain.com nginx-proxy-manager-app-1 | [9/15/2022] [4:55:58 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "me@mydomain.com" --preferred-challenges "dns,http" --domains "myapp.mydomain.com" nginx-proxy-manager-app-1 | [9/15/2022] [4:56:05 PM] [Nginx ] › ℹ info Reloading Nginx nginx-proxy-manager-app-1 | [9/15/2022] [4:56:05 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "me@mydomain.com" --preferred-challenges "dns,http" --domains "myapp.mydomain.com" nginx-proxy-manager-app-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log nginx-proxy-manager-app-1 | Some challenges have failed. nginx-proxy-manager-app-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ```

kerem added the

stale

bug

labels 2026-02-26 07:31:47 +03:00

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@the1ts commented on GitHub (Sep 15, 2022):

@Waldorf3 There is a problem with renewing if force SSL is turned on, if that is true for you, turn off force SSL, renew then turn back on.
Its awaiting a fix to be merged #2038

<!-- gh-comment-id:1248563531 --> @the1ts commented on GitHub (Sep 15, 2022): @Waldorf3 There is a problem with renewing if force SSL is turned on, if that is true for you, turn off force SSL, renew then turn back on. Its awaiting a fix to be merged #2038

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@huntitus commented on GitHub (Sep 15, 2022):

We have the same symptoms. The certificates not renewed by automatically. When I try to renew manually on the GUI, it provide an "internal error" message (without any error code, or details). Sadly this solution is not reliable :/

Edit:

• Turning off the "force SSL" option not worked for me.
• This solution, (from 2022 March 24) worked for me: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1816#issuecomment-1077969718

Looks like this problem is very old :/ and still exist.

<!-- gh-comment-id:1248566666 --> @huntitus commented on GitHub (Sep 15, 2022): We have the same symptoms. The certificates not renewed by automatically. When I try to renew manually on the GUI, it provide an "internal error" message (without any error code, or details). Sadly this solution is not reliable :/ Edit: * Turning off the "force SSL" option not worked for me. * This solution, (from 2022 March 24) worked for me: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1816#issuecomment-1077969718 Looks like this problem is very old :/ and still exist.

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@Waldorf3 commented on GitHub (Sep 15, 2022):

We have the same symptoms. The certificates not renewed by automatically. When I try to renew manually on the GUI, it provide an "internal error" message (without any error code, or details). Sadly this solution is not reliable :/

Edit:

• Turning off the "force SSL" option not worked for me.
• This solution, (from 2022 March 24) worked for me: Renew now on SSL Certificates page gives internal error #1816 (comment)

Looks like this problem is very old :/ and still exist.

I already tried the "uncheck force ssl and reissue cert", it just throws an "internal error".

I'm running NPM in docker, not sure how to start fiddling with a script to fix this. Would be better if the author would acknowledge the bug and offer a proper solution.

<!-- gh-comment-id:1248766675 --> @Waldorf3 commented on GitHub (Sep 15, 2022): > We have the same symptoms. The certificates not renewed by automatically. When I try to renew manually on the GUI, it provide an "internal error" message (without any error code, or details). Sadly this solution is not reliable :/ > > Edit: > > * Turning off the "force SSL" option not worked for me. > * This solution, (from 2022 March 24) worked for me: [Renew now on SSL Certificates page gives internal error #1816 (comment)](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1816#issuecomment-1077969718) > > Looks like this problem is very old :/ and still exist. I already tried the "uncheck force ssl and reissue cert", it just throws an "internal error". I'm running NPM in docker, not sure how to start fiddling with a script to fix this. Would be better if the author would acknowledge the bug and offer a proper solution.

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@Waldorf3 commented on GitHub (Sep 17, 2022):

I'm just realizing I might be barking up the wrong tree. Is jc21 the actual developer/maintainer of this code, or just the docker-packager? If not, who is responsible for the code, who can fix this bug?

I actually find the NPM SSL subsystem to be quite fragile. If for example you try to enable SSL for a site that does not have a root directory, such as for example ubooquity (requires http://ubooquity/ubooquity) it will also fail with a nondescript "internal error", and only way to fix is manually cleaning up the database. That's a viable solution for a single failed certificate, not for a system with 30 or more proxy hosts with failed certs.

<!-- gh-comment-id:1250044780 --> @Waldorf3 commented on GitHub (Sep 17, 2022): I'm just realizing I might be barking up the wrong tree. Is jc21 the actual developer/maintainer of this code, or just the docker-packager? If not, who is responsible for the code, who can fix this bug? I actually find the NPM SSL subsystem to be quite fragile. If for example you try to enable SSL for a site that does not have a root directory, such as for example ubooquity (requires http://ubooquity/ubooquity) it will also fail with a nondescript "internal error", and only way to fix is manually cleaning up the database. That's a viable solution for a single failed certificate, not for a system with 30 or more proxy hosts with failed certs.

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@the1ts commented on GitHub (Sep 17, 2022):

JC21 is the developer and the only fragility at the moment that I see is the renew issue outstanding a merge.
I simply don't see how NPM fronting for ubooquity results in an internal error that requires DB cleanup. The application isn't even hit for letsencrypt SSL certs to be created via the HTTP auth method.
Also picking a pretty broken by modern standards application like ubooquity to measure success is odd. It has, as you say, no root directory so requires special measures and also a different port for admin so requires special measures again, no tool calling itself easy to use can be expected to handle both those broken by modern standards decisions.
Often internal errors are after people remove active SSL certs breaking Nginx config i.e. ignoring the warning. What specific errors are you still getting?

<!-- gh-comment-id:1250119597 --> @the1ts commented on GitHub (Sep 17, 2022): JC21 is the developer and the only fragility at the moment that I see is the renew issue outstanding a merge. I simply don't see how NPM fronting for ubooquity results in an internal error that requires DB cleanup. The application isn't even hit for letsencrypt SSL certs to be created via the HTTP auth method. Also picking a pretty broken by modern standards application like ubooquity to measure success is odd. It has, as you say, no root directory so requires special measures and also a different port for admin so requires special measures again, no tool calling itself easy to use can be expected to handle both those broken by modern standards decisions. Often internal errors are after people remove active SSL certs breaking Nginx config i.e. ignoring the warning. What specific errors are you still getting?

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@EDIflyer commented on GitHub (Oct 7, 2022):

Just to confirm that PR #2038 by @the1ts seems to be doing the trick for me.

<!-- gh-comment-id:1271434812 --> @EDIflyer commented on GitHub (Oct 7, 2022): Just to confirm that PR #2038 by @the1ts seems to be doing the trick for me.

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 9, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1935216765 --> @github-actions[bot] commented on GitHub (Feb 9, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@Saibamen commented on GitHub (Feb 9, 2024):

👍

<!-- gh-comment-id:1935540897 --> @Saibamen commented on GitHub (Feb 9, 2024): 👍

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@jdhorner commented on GitHub (Nov 7, 2024):

👍

<!-- gh-comment-id:2463361728 --> @jdhorner commented on GitHub (Nov 7, 2024): 👍

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@e1ke commented on GitHub (Jan 10, 2025):

👍
have the same issue with jc21/nginx-proxy-manager:2.12.2
turning off 'force SSL', renewing the certificates by hand and turning 'force SSL' on again worked for me but this will be pretty annoying if that is the only workaround for this issue and not a permanent solution.
Strange that it worked for years and now suddenly stopped working. I migrated to another server by copying the data volume, maybe there is an issue with file permission or sth? I can't figure it out

edit
mh, after ignoring the HSTS settings, it worked even with 'force SSL' activated:

I think that works as a permament solution for me

<!-- gh-comment-id:2582816697 --> @e1ke commented on GitHub (Jan 10, 2025): 👍 have the same issue with jc21/nginx-proxy-manager:2.12.2 turning off 'force SSL', renewing the certificates by hand and turning 'force SSL' on again worked for me but this will be pretty annoying if that is the only workaround for this issue and not a permanent solution. Strange that it worked for years and now suddenly stopped working. I migrated to another server by copying the data volume, maybe there is an issue with file permission or sth? I can't figure it out edit mh, after ignoring the HSTS settings, it worked even with 'force SSL' activated:  I think that works as a permament solution for me

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@EDIflyer commented on GitHub (Jan 10, 2025):

@e1ke if you want a more permanent solution that allows HSTS to be turned on then feel free to use nginxproxymanager/nginx-proxy-manager-dev:pr-3121 from my PR at #3121 - I live in hope that it'll be merged one of these days!

<!-- gh-comment-id:2583604240 --> @EDIflyer commented on GitHub (Jan 10, 2025): @e1ke if you want a more permanent solution that allows HSTS to be turned on then feel free to use `nginxproxymanager/nginx-proxy-manager-dev:pr-3121` from my PR at #3121 - I live in hope that it'll be merged one of these days!

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@HarryVasanth commented on GitHub (Jan 11, 2025):

@e1ke if you want a more permanent solution that allows HSTS to be turned on then feel free to use nginxproxymanager/nginx-proxy-manager-dev:pr-3121 from my PR at #3121 - I live in hope that it'll be merged one of these days!

@e1ke I second this. I am not sure why this PR hasn't been merged yet. It helped me and so many others afterwards.

<!-- gh-comment-id:2584991222 --> @HarryVasanth commented on GitHub (Jan 11, 2025): > @e1ke if you want a more permanent solution that allows HSTS to be turned on then feel free to use `nginxproxymanager/nginx-proxy-manager-dev:pr-3121` from my PR at #3121 - I live in hope that it'll be merged one of these days! @e1ke I second this. I am not sure why this PR hasn't been merged yet. It helped me and so many others afterwards.

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jul 16, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3076493779 --> @github-actions[bot] commented on GitHub (Jul 16, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@EDIflyer commented on GitHub (Jul 16, 2025):

Not fixed yet, PR still needs merged in

<!-- gh-comment-id:3077845233 --> @EDIflyer commented on GitHub (Jul 16, 2025): Not fixed yet, PR still needs merged in

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 19, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3924311601 --> @github-actions[bot] commented on GitHub (Feb 19, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:31:47 +03:00

Author

Owner

Copy link

@EDIflyer commented on GitHub (Feb 19, 2026):

Still needs #3121 merged in

<!-- gh-comment-id:3925443106 --> @EDIflyer commented on GitHub (Feb 19, 2026): Still needs #3121 merged in

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1615

No description provided.