[GH-ISSUE #2565] Error creating let's encrypt certificates. #1787

New issue

Closed

opened 2026-02-26 07:32:27 +03:00 by kerem · 18 comments

kerem commented 2026-02-26 07:32:27 +03:00

Owner

Copy link

Originally created by @vdhub on GitHub (Jan 27, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2565

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  Yes
• Are you sure you're not using someone else's docker image?
  Yes
• Have you searched for similar issues (both open and closed)?
  Yes

Describe the bug

I started the docker image after a while and i saw the certs expired, i tried to renew and ie get error and then it says Make sure NPM is installed.

for the log of the proxy i have the following

1/27/2023] [7:56:16 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-51" --agree-tos --authenticator webroot --email "email address" --preferred-challenges "dns,http" --domains "domain"
Another instance of Certbot is already running.

Seeing the log it says the following

/tmp/tmpqptp28lj # tail -f log
File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 45, in init
self.acquire()
File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 60, in acquire
self._lock_mechanism.acquire()
File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 112, in acquire
self._try_lock(fd)
File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 130, in _try_lock
raise errors.LockError('Another instance of Certbot is already running.')
certbot.errors.LockError: Another instance of Certbot is already running.
2023-01-27 19:56:15,874:ERROR:certbot._internal.log:Another instance of Certbot is already running.

Nginx Proxy Manager Version

Latest

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
   Hosts -> proxy Hosts

2. Click on '....'
   Add Proxy host.

3. Scroll down to '....'
   Go to SSL, require new certificate , select needed. Press Save

4. See error
   Internal error...

Expected behavior

To issue the cert and to work

Screenshots

Operating System

X64 server , running Docker

Additional context

Originally created by @vdhub on GitHub (Jan 27, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2565 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? Yes - Are you sure you're not using someone else's docker image? Yes - Have you searched for similar issues (both open and closed)? Yes **Describe the bug** <!-- A clear and concise description of what the bug is. --> I started the docker image after a while and i saw the certs expired, i tried to renew and ie get error and then it says Make sure NPM is installed. for the log of the proxy i have the following 1/27/2023] [7:56:16 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-51" --agree-tos --authenticator webroot --email "email address" --preferred-challenges "dns,http" --domains "domain" Another instance of Certbot is already running. Seeing the log it says the following /tmp/tmpqptp28lj # tail -f log File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 45, in __init__ self.acquire() File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 60, in acquire self._lock_mechanism.acquire() File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 112, in acquire self._try_lock(fd) File "/usr/lib/python3.9/site-packages/certbot/_internal/lock.py", line 130, in _try_lock raise errors.LockError('Another instance of Certbot is already running.') certbot.errors.LockError: Another instance of Certbot is already running. 2023-01-27 19:56:15,874:ERROR:certbot._internal.log:Another instance of Certbot is already running. **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> Latest **To Reproduce** Steps to reproduce the behavior: 1. Go to '...' Hosts -> proxy Hosts 2. Click on '....' Add Proxy host. 5. Scroll down to '....' Go to SSL, require new certificate , select needed. Press Save 6. See error Internal error... **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> To issue the cert and to work **Screenshots** <!-- If applicable, add screenshots to help explain your problem. --> **Operating System** <!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. --> X64 server , running Docker **Additional context** <!-- Add any other context about the problem here, docker version, browser version, logs if applicable to the problem. Too much info is better than too little. -->

kerem 2026-02-26 07:32:27 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@vdhub commented on GitHub (Jan 27, 2023):

Just tried to generate the SSL separate as i used to : i get this on the page

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-54" --agree-tos --authenticator webroot --email "email" --preferred-challenges "dns,http" --domains "domain"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:399:12)
at ChildProcess.emit (node:events:526:28)
at maybeClose (node:internal/child_process:1092:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

On test reachability i get this :

Test Server Reachability
Communication with the API failed, is NPM running correctly?

Hope it helps

<!-- gh-comment-id:1406901359 --> @vdhub commented on GitHub (Jan 27, 2023): Just tried to generate the SSL separate as i used to : i get this on the page Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-54" --agree-tos --authenticator webroot --email "email" --preferred-challenges "dns,http" --domains "domain" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:399:12) at ChildProcess.emit (node:events:526:28) at maybeClose (node:internal/child_process:1092:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5) On test reachability i get this : Test Server Reachability Communication with the API failed, is NPM running correctly? Hope it helps

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@bitfl0wer commented on GitHub (Jan 31, 2023):

Can reproduce. Had certbot issues for a while, but they seem to have gotten worse. Error on creating SSL Certificate:
nginxproxymanager-app-1 | [1/31/2023] [12:22:28 PM] [Nginx ] › ℹ info Reloading Nginx nginxproxymanager-app-1 | [1/31/2023] [12:22:33 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #24: search.bitfl0wer.de nginxproxymanager-app-1 | [1/31/2023] [12:22:33 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "REDACTED" --preferred-challenges "dns,http" --domains "REDACTED" nginxproxymanager-app-1 | [1/31/2023] [12:22:37 PM] [Nginx ] › ℹ info Reloading Nginx nginxproxymanager-app-1 | [1/31/2023] [12:22:37 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "REDACTED" --preferred-challenges "dns,http" --domains "REDACTED" nginxproxymanager-app-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log nginxproxymanager-app-1 | An unexpected error occurred: nginxproxymanager-app-1 | Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ nginxproxymanager-app-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. nginxproxymanager-app-1 |

/var/log/letsencrypt/letsencrypt.log reads:
2023-01-31 12:24:24,457:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1591, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 492, in _get_order_and_authorizations orderr = self.acme.new_order(csr_pem) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 953, in new_order return cast(ClientV2, self.client).new_order(csr_pem) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 714, in new_order response = self._post(self.directory['newOrder'], order) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 114, in _post return self.net.post(*args, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1289, in post return self._post_once(*args, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1303, in _post_once response = self._check_response(response, content_type=content_type) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1149, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ 2023-01-31 12:24:24,461:ERROR:certbot._internal.log:An unexpected error occurred: 2023-01-31 12:24:24,461:ERROR:certbot._internal.log:Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

<!-- gh-comment-id:1410259310 --> @bitfl0wer commented on GitHub (Jan 31, 2023): Can reproduce. Had certbot issues for a while, but they seem to have gotten worse. Error on creating SSL Certificate: `nginxproxymanager-app-1 | [1/31/2023] [12:22:28 PM] [Nginx ] › ℹ info Reloading Nginx nginxproxymanager-app-1 | [1/31/2023] [12:22:33 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #24: search.bitfl0wer.de nginxproxymanager-app-1 | [1/31/2023] [12:22:33 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "REDACTED" --preferred-challenges "dns,http" --domains "REDACTED" nginxproxymanager-app-1 | [1/31/2023] [12:22:37 PM] [Nginx ] › ℹ info Reloading Nginx nginxproxymanager-app-1 | [1/31/2023] [12:22:37 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "REDACTED" --preferred-challenges "dns,http" --domains "REDACTED" nginxproxymanager-app-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log nginxproxymanager-app-1 | An unexpected error occurred: nginxproxymanager-app-1 | Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ nginxproxymanager-app-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. nginxproxymanager-app-1 | ` /var/log/letsencrypt/letsencrypt.log reads: `2023-01-31 12:24:24,457:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1591, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 492, in _get_order_and_authorizations orderr = self.acme.new_order(csr_pem) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 953, in new_order return cast(ClientV2, self.client).new_order(csr_pem) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 714, in new_order response = self._post(self.directory['newOrder'], order) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 114, in _post return self.net.post(*args, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1289, in post return self._post_once(*args, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1303, in _post_once response = self._check_response(response, content_type=content_type) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1149, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ 2023-01-31 12:24:24,461:ERROR:certbot._internal.log:An unexpected error occurred: 2023-01-31 12:24:24,461:ERROR:certbot._internal.log:Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/`

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Vegas10128 commented on GitHub (Feb 1, 2023):

Looks like I'm not the only one with SSL Registration and Renewal issues..
Wonder how long this is going to take for this to be fixed.

Its been a while since I have been on the github page, has there been any updates recently to this repo?
Wondering if doing a downgrade might fix the issue for now.

<!-- gh-comment-id:1411443872 --> @Vegas10128 commented on GitHub (Feb 1, 2023): Looks like I'm not the only one with SSL Registration and Renewal issues.. Wonder how long this is going to take for this to be fixed. Its been a while since I have been on the github page, has there been any updates recently to this repo? Wondering if doing a downgrade might fix the issue for now.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@bitfl0wer commented on GitHub (Feb 1, 2023):

A temporary fix for me was to change the port of the application I was trying to get a certificate for. I had a webserver running on port 5000. changed the port to 5001 and then the certificate got generated. Weird.

<!-- gh-comment-id:1411770993 --> @bitfl0wer commented on GitHub (Feb 1, 2023): A temporary fix for me was to change the port of the application I was trying to get a certificate for. I had a webserver running on port 5000. changed the port to 5001 and then the certificate got generated. Weird.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Vegas10128 commented on GitHub (Feb 1, 2023):

A temporary fix for me was to change the port of the application I was trying to get a certificate for. I had a webserver running on port 5000. changed the port to 5001 and then the certificate got generated. Weird.

That does work!
But we still have issues trying to get new certificates for new domains.....

<!-- gh-comment-id:1412487843 --> @Vegas10128 commented on GitHub (Feb 1, 2023): > A temporary fix for me was to change the port of the application I was trying to get a certificate for. I had a webserver running on port 5000. changed the port to 5001 and then the certificate got generated. Weird. That does work! But we still have issues trying to get new certificates for new domains.....

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Vegas10128 commented on GitHub (Feb 1, 2023):

I have recently restarted Ubuntu and tried to start the container and found that Port 53 is being used by another service.

ERROR: for nginxproxymanager_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginxproxymanager_app_1 (4badd90df063f138d1c0f3079043113506e6a3a602d923da1d2303fc136f9985): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use

Been trying to trouble shoot this issue directly because now Nginx Proxy Manager does not work at all after reboot.
Any Ideas? Using 18.04.

<!-- gh-comment-id:1412540090 --> @Vegas10128 commented on GitHub (Feb 1, 2023): I have recently restarted Ubuntu and tried to start the container and found that Port 53 is being used by another service. `ERROR: for nginxproxymanager_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginxproxymanager_app_1 (4badd90df063f138d1c0f3079043113506e6a3a602d923da1d2303fc136f9985): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use` Been trying to trouble shoot this issue directly because now Nginx Proxy Manager does not work at all after reboot. Any Ideas? Using 18.04.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@No0Vad commented on GitHub (Feb 1, 2023):

Port 53 is used for DNS, I think systemd-resolved is using that by default in Ubuntu

<!-- gh-comment-id:1412889376 --> @No0Vad commented on GitHub (Feb 1, 2023): Port 53 is used for DNS, I think systemd-resolved is using that by default in Ubuntu

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Vegas10128 commented on GitHub (Feb 2, 2023):

Port 53 is used for DNS, I think systemd-resolved is using that by default in Ubuntu

I tried that, i even went as far as installing an OS on another machine. Fresh install with container then after trying to install the 2nd SSL certificate were back to same issue when trying to generate new certificates.

"Internal Error" and
"Communication with the API failed, is NPM running correctly?"

<!-- gh-comment-id:1413068084 --> @Vegas10128 commented on GitHub (Feb 2, 2023): > Port 53 is used for DNS, I think systemd-resolved is using that by default in Ubuntu I tried that, i even went as far as installing an OS on another machine. Fresh install with container then after trying to install the 2nd SSL certificate were back to same issue when trying to generate new certificates. "Internal Error" and "Communication with the API failed, is NPM running correctly?"

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@macgyver2k commented on GitHub (Feb 2, 2023):

I was experiencing the same problem. Removing all unreachable hosts solved it. I had a host whose DNS was pointing to another IP than my Proxy, so LetsEncrypt could not reach the .well-known endpoint.

<!-- gh-comment-id:1413700591 --> @macgyver2k commented on GitHub (Feb 2, 2023): I was experiencing the same problem. Removing all unreachable hosts solved it. I had a host whose DNS was pointing to another IP than my Proxy, so LetsEncrypt could not reach the .well-known endpoint.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Stibila commented on GitHub (Feb 4, 2023):

Same problem here. According the letsencrypt.log fetching HTTP challenge failed due to timeout:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domain.example.com
Type: connection
Detail: XX.XX.XX.XX: Fetching https://domain.example.com/.well-known/acme-challenge/Mi-qEs1byUk-M4133vU8MYp47hkb93MCu6KMuHGsdWo: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-02-02 13:35:00,244:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

It's weird, because challenge is accessible without any problem.
curl 'https://domain.example.com/.well-known/acme-challenge/test-challenge' returns Success

<!-- gh-comment-id:1416696439 --> @Stibila commented on GitHub (Feb 4, 2023): Same problem here. According the letsencrypt.log fetching HTTP challenge failed due to timeout: > Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: > Domain: domain.example.com > Type: connection > Detail: XX.XX.XX.XX: Fetching https://domain.example.com/.well-known/acme-challenge/Mi-qEs1byUk-M4133vU8MYp47hkb93MCu6KMuHGsdWo: Timeout during connect (likely firewall problem) > > Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. > > 2023-02-02 13:35:00,244:DEBUG:certbot._internal.error_handler:Encountered exception: > Traceback (most recent call last): > File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations > self._poll_authorizations(authzrs, max_retries, best_effort) > File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations > raise errors.AuthorizationError('Some challenges have failed.') > certbot.errors.AuthorizationError: Some challenges have failed. It's weird, because challenge is accessible without any problem. `curl 'https://domain.example.com/.well-known/acme-challenge/test-challenge'` returns `Success`

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@lolekuk commented on GitHub (Feb 8, 2023):

are you guys using cloudflare dns host?
if so, have a look for a quick solution here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2011
Basically switch to Cloudflare own certs rather than trying to use let's encrypt.

<!-- gh-comment-id:1422413398 --> @lolekuk commented on GitHub (Feb 8, 2023): are you guys using cloudflare dns host? if so, have a look for a quick solution here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2011 Basically switch to Cloudflare own certs rather than trying to use let's encrypt.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@Stibila commented on GitHub (Feb 8, 2023):

No cloudflare. Self hosted without any 3rd party service in between.

I was able to get the certs signed without any problem when I deployed it some time in November, but now the won't renew.

<!-- gh-comment-id:1422416190 --> @Stibila commented on GitHub (Feb 8, 2023): No cloudflare. Self hosted without any 3rd party service in between. I was able to get the certs signed without any problem when I deployed it some time in November, but now the won't renew.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@sebasdt commented on GitHub (Mar 3, 2023):

Hey it has been a month now. Has anyone found a fix?

Im only able to request SSL certificates via dns, let's encrypt says internal error.

If someone can help me find the logs I'll happily provide them.

<!-- gh-comment-id:1453221658 --> @sebasdt commented on GitHub (Mar 3, 2023): Hey it has been a month now. Has anyone found a fix? Im only able to request SSL certificates via dns, let's encrypt says internal error. If someone can help me find the logs I'll happily provide them.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@bmmmm commented on GitHub (Mar 4, 2023):

I have recently restarted Ubuntu and tried to start the container and found that Port 53 is being used by another service.

ERROR: for nginxproxymanager_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginxproxymanager_app_1 (4badd90df063f138d1c0f3079043113506e6a3a602d923da1d2303fc136f9985): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use

Been trying to trouble shoot this issue directly because now Nginx Proxy Manager does not work at all after reboot. Any Ideas? Using 18.04.

this port comes from dns-01 plugin

https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins

If you reach the paragraph:

> Some plugins are both authenticators and installers and it is possible to specify a distinct combination of authenticator and plugin.

You have a table which you can move from left to right :)

<!-- gh-comment-id:1454684689 --> @bmmmm commented on GitHub (Mar 4, 2023): > I have recently restarted Ubuntu and tried to start the container and found that Port 53 is being used by another service. > > `ERROR: for nginxproxymanager_app_1 Cannot start service app: driver failed programming external connectivity on endpoint nginxproxymanager_app_1 (4badd90df063f138d1c0f3079043113506e6a3a602d923da1d2303fc136f9985): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use` > > Been trying to trouble shoot this issue directly because now Nginx Proxy Manager does not work at all after reboot. Any Ideas? Using 18.04. this port comes from [dns-01](https://datatracker.ietf.org/doc/html/rfc8555#section-8.4) plugin [https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins](https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins) If you reach the paragraph: _> Some plugins are both authenticators and installers and it is possible to specify a distinct [combination](https://eff-certbot.readthedocs.io/en/stable/using.html#combination) of authenticator and plugin._ You have a table which you can move from left to right :)

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@sebasdt commented on GitHub (Mar 4, 2023):

that's weird Somehow cert bot was able to renew and generate new certs... no error in the logs.

<!-- gh-comment-id:1454689728 --> @sebasdt commented on GitHub (Mar 4, 2023): that's weird Somehow cert bot was able to renew and generate new certs... no error in the logs.

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@bmmmm commented on GitHub (Mar 4, 2023):

perfect! :)

for me "only" renew(-ing) isn't working. When I delete the expiring cert and create a new one.
I'm back on track 🚀

<!-- gh-comment-id:1454694228 --> @bmmmm commented on GitHub (Mar 4, 2023): perfect! :) for me "only" renew(-ing) isn't working. When I delete the expiring cert and create a new one. I'm back on track 🚀

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 29, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1913827329 --> @github-actions[bot] commented on GitHub (Jan 29, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:32:28 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Mar 15, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2726120301 --> @github-actions[bot] commented on GitHub (Mar 15, 2025): Issue was closed due to inactivity.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1787

No description provided.