[GH-ISSUE #2485] Certbot could not request a new Cert via DNS Challenge via desec #1736

New issue

Closed

opened 2026-02-26 07:32:16 +03:00 by kerem · 8 comments

kerem commented 2026-02-26 07:32:16 +03:00

Owner

Copy link

Originally created by @Brottus on GitHub (Dec 17, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2485

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
    Version 2.9.19 (5920b0c) 2022-11-08 04:56:39 UTC, OpenResty 1.19.9.1, debian 10 (buster), Certbot certbot 2.1.0
• Have you searched for similar issues (both open and closed)?
  • Yes but never sure i searched correct way ;-)

Describe the bug
[Nginx ] › ℹ info Reloading Nginx
[SSL ] › ℹ info Requesting Let'sEncrypt certificates via deSEC for Cert #XX: XXXXXXXX
[SSL ] › ℹ info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_desec_token = XXXXXXXXXXXXXXXXXXX
dns_desec_endpoint = https://desec.io/api/v1/' > '/etc/letsencrypt/credentials/credentials-XX' && chmod 600 '/etc/letsencrypt/credentials/credentials-XX' && pip install certbot-dns-desec~=0.3.0 && certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXX" --domains "XXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-X"
[Nginx ] › ℹ info Reloading Nginx
[Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXXXXXXXXX" --domains "XXXXXXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-XX"
An unexpected error occurred:
ModuleNotFoundError: No module named 'zope'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-kkqcqy_0/log or re-run Certbot with -v for more details.
So when requesting a new cert via DNS challenge from desec i received this error and the request as such failed

Nginx Proxy Manager Version
v2.9.19

To Reproduce
Steps to reproduce the behavior:

1. Go to 'SSL Certificates'
2. Click on 'Add SSL Certificate'
3. Select DNS Challenge and chose desec as DNS Provider and fill out the token as shown in the box
4. See error in the logs of the container

Expected behavior
Certificate gets requested and saved accordingly or add for desec to the initial steps "pip install zope" so instead of "pip install certbot-dns-desec~=0.3.0" use instead "pip install certbot-dns-desec~=0.3.0 zope"

Additional context
I fixed the issue by adding the missing module inside the container via "pip install zope" and redo the steps

Suggested Solution
Please add the zope module to the docker image cause the next update will probably break it again. I'm not sure if all the parts are needed from zope or if a subset is sufficient but this was the quick way.
Thank you.

Originally created by @Brottus on GitHub (Dec 17, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2485 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes Version 2.9.19 (5920b0c) 2022-11-08 04:56:39 UTC, OpenResty 1.19.9.1, debian 10 (buster), Certbot certbot 2.1.0 - Have you searched for similar issues (both open and closed)? - Yes but never sure i searched correct way ;-) **Describe the bug** [Nginx ] › ℹ info Reloading Nginx [SSL ] › ℹ info Requesting Let'sEncrypt certificates via deSEC for Cert #XX: XXXXXXXX [SSL ] › ℹ info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_desec_token = XXXXXXXXXXXXXXXXXXX dns_desec_endpoint = https://desec.io/api/v1/' > '/etc/letsencrypt/credentials/credentials-XX' && chmod 600 '/etc/letsencrypt/credentials/credentials-XX' && pip install certbot-dns-desec~=0.3.0 && certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXX" --domains "XXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-X" [Nginx ] › ℹ info Reloading Nginx [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXXXXXXXXX" --domains "XXXXXXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-XX" An unexpected error occurred: ModuleNotFoundError: No module named 'zope' Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-kkqcqy_0/log or re-run Certbot with -v for more details. So when requesting a new cert via DNS challenge from desec i received this error and the request as such failed **Nginx Proxy Manager Version** v2.9.19 **To Reproduce** Steps to reproduce the behavior: 1. Go to 'SSL Certificates' 2. Click on 'Add SSL Certificate' 3. Select DNS Challenge and chose desec as DNS Provider and fill out the token as shown in the box 4. See error in the logs of the container **Expected behavior** Certificate gets requested and saved accordingly or add for desec to the initial steps "pip install zope" so instead of "pip install certbot-dns-desec~=0.3.0" use instead "pip install certbot-dns-desec~=0.3.0 zope" **Additional context** I fixed the issue by adding the missing module inside the container via "pip install zope" and redo the steps **Suggested Solution** Please add the zope module to the docker image cause the next update will probably break it again. I'm not sure if all the parts are needed from zope or if a subset is sufficient but this was the quick way. Thank you.

kerem 2026-02-26 07:32:16 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@AnID-Aux commented on GitHub (Dec 24, 2022):

same here

<!-- gh-comment-id:1364517502 --> @AnID-Aux commented on GitHub (Dec 24, 2022): same here

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@dormancygrace commented on GitHub (Dec 29, 2022):

https://github.com/NginxProxyManager/docker-nginx-full/pull/10

<!-- gh-comment-id:1367036607 --> @dormancygrace commented on GitHub (Dec 29, 2022): https://github.com/NginxProxyManager/docker-nginx-full/pull/10

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@joanfabregat commented on GitHub (Jan 6, 2023):

Any news about this bug being fixed?

<!-- gh-comment-id:1374211613 --> @joanfabregat commented on GitHub (Jan 6, 2023): Any news about this bug being fixed?

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@AnID-Aux commented on GitHub (Jan 6, 2023):

Workaround for me:
see what the container is called: docker-ps
join the Container: docker exec -it CONTAINERNAME /bin/bash
then run the following:
apt update && apt dist-upgrade
apt install python3 python3-venv libaugeas0
python3 -m venv /opt/certbot/
pip3 install --upgrade pip
pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0
then exit the container: exit
renewing the cert in the web interface was successful

<!-- gh-comment-id:1374230113 --> @AnID-Aux commented on GitHub (Jan 6, 2023): Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@joanfabregat commented on GitHub (Jan 7, 2023):

@AnID-Aux Thanks a lot, worked like a charm for me

<!-- gh-comment-id:1374360814 --> @joanfabregat commented on GitHub (Jan 7, 2023): @AnID-Aux Thanks a lot, worked like a charm for me

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@AnID-Aux commented on GitHub (Jan 7, 2023):

@joanfabregat you're welcome

<!-- gh-comment-id:1374362543 --> @AnID-Aux commented on GitHub (Jan 7, 2023): @joanfabregat you're welcome

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@xuxintao commented on GitHub (Jan 21, 2023):

Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful

Thanks, this works for me.

<!-- gh-comment-id:1399111069 --> @xuxintao commented on GitHub (Jan 21, 2023): > Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful Thanks, this works for me.

kerem commented 2026-02-26 07:32:16 +03:00

Author

Owner

Copy link

@Brottus commented on GitHub (Mar 3, 2023):

Hi Everyone,
just replying cause this seems still to be an issue for people. So as mentioned by @AnID-Aux you could revert back to certbot v1 as described or as mentioned by @LEDfan in the pull request https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2507 just update the plugin to the latest version which has several checks to ensure that the zope package issue does not break the plugin. You could also try out to pull the docker image jc21/nginx-proxy-manager:github-pr-2507 which has that fix in place. Or as mentioned by me just install the zope package by your self.
Hope this gives everyone an idea what can be done to have working version until the fix get merged. Thanks.

<!-- gh-comment-id:1453818055 --> @Brottus commented on GitHub (Mar 3, 2023): Hi Everyone, just replying cause this seems still to be an issue for people. So as mentioned by @AnID-Aux you could revert back to certbot v1 as described or as mentioned by @LEDfan in the pull request https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2507 just update the plugin to the latest version which has several checks to ensure that the zope package issue does not break the plugin. You could also try out to pull the docker image jc21/nginx-proxy-manager:github-pr-2507 which has that fix in place. Or as mentioned by me just install the zope package by your self. Hope this gives everyone an idea what can be done to have working version until the fix get merged. Thanks.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1736

No description provided.