[GH-ISSUE #2642] Let's Encrypt SSL certificates renewe #1833

New issue

Closed

opened 2026-02-26 07:32:38 +03:00 by kerem · 18 comments

kerem commented 2026-02-26 07:32:38 +03:00

Owner

Copy link

Originally created by @meiro-zz on GitHub (Feb 28, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2642

Hello,

It looks like too many requests are being sent for certificate renewal.
Port 80 was not enabled in the router, so the requests are bounced. Apparently so many requests went out that after the port was released, the error message below was in the logs.
"Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
The renewal of the certificate npm-10 failed with an error: Unexpected error while determining the zone identifier for mydom.de: More than 180 requests per minute. Please wait and try again later. Please contact our customer service to find out if the limit of requests can be increased. (4013)"

The message here is in response to a tip from the Unraid forum.

Thanks and greetings

Nginx Proxy Manager Version
v2.9.19

To Reproduce
Steps to reproduce the behavior:

1. Go to 'SSL Certificates'
2. Click on 'Renew Now'
3. See error in log

Expected behavior
Renew cert

Operating System
Unraid, Docker

Originally created by @meiro-zz on GitHub (Feb 28, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2642 Hello, It looks like too many requests are being sent for certificate renewal. Port 80 was not enabled in the router, so the requests are bounced. Apparently so many requests went out that after the port was released, the error message below was in the logs. "Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation The renewal of the certificate npm-10 failed with an error: Unexpected error while determining the zone identifier for mydom.de: More than 180 requests per minute. Please wait and try again later. Please contact our customer service to find out if the limit of requests can be increased. (4013)" The message here is in response to a tip from the Unraid forum. Thanks and greetings **Nginx Proxy Manager Version** v2.9.19 **To Reproduce** Steps to reproduce the behavior: 1. Go to 'SSL Certificates' 2. Click on 'Renew Now' 3. See error in log **Expected behavior** Renew cert **Operating System** Unraid, Docker

kerem 2026-02-26 07:32:38 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@sebasdt commented on GitHub (Mar 2, 2023):

I can say this is also for when trying to gain a new cert while 80 and 443 ports are open.

System:
docker amd64
with version v2.9.19.

Couldnt get it to work and seems to mee certbot broke.

  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-03-02 13:35:28,786:ERROR:certbot._internal.log:Some challenges have failed.```

<!-- gh-comment-id:1451883357 --> @sebasdt commented on GitHub (Mar 2, 2023): I can say this is also for when trying to gain a new cert while 80 and 443 ports are open. **System:** docker amd64 with version v2.9.19. Couldnt get it to work and seems to mee certbot broke. ``` tail /var/log/letsencrypt/letsencrypt.log File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-03-02 13:35:28,786:ERROR:certbot._internal.log:Some challenges have failed.```

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@AirstarsAsia commented on GitHub (Mar 3, 2023):

I see that NPM has changed the package name From lets-encrypt https://www.npmjs.com/package/letsencrypt

letsencrypt for node is now greenlock.js

I guess this broke stuff.

<!-- gh-comment-id:1453060027 --> @AirstarsAsia commented on GitHub (Mar 3, 2023): I see that NPM has changed the package name From lets-encrypt https://www.npmjs.com/package/letsencrypt letsencrypt for node is now [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) I guess this broke stuff.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@sebasdt commented on GitHub (Mar 3, 2023):

I see that NPM has changed the package name From lets-encrypt https://www.npmjs.com/package/letsencrypt

letsencrypt for node is now greenlock.js

I guess this broke stuff.

Okay great, is there a fix it that we can use now?
I guess renaming the file or what.
Where is it located?

<!-- gh-comment-id:1453144494 --> @sebasdt commented on GitHub (Mar 3, 2023): > I see that NPM has changed the package name From lets-encrypt https://www.npmjs.com/package/letsencrypt > > letsencrypt for node is now [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) > > I guess this broke stuff. > Okay great, is there a fix it that we can use now? I guess renaming the file or what. Where is it located?

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@leonardoangelini commented on GitHub (Mar 3, 2023):

When I try to get the certificate I receive this error

`Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --authenticator webroot --email "xxx@xxx.xx" --preferred-challenges "dns,http" --domains "aaaaa.bbbb.cc"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

`

<!-- gh-comment-id:1453613755 --> @leonardoangelini commented on GitHub (Mar 3, 2023): When I try to get the certificate I receive this error `Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-23" --agree-tos --authenticator webroot --email "xxx@xxx.xx" --preferred-challenges "dns,http" --domains "aaaaa.bbbb.cc" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) `

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@ckoeber83 commented on GitHub (Mar 3, 2023):

Can you integrate a renewing of certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

<!-- gh-comment-id:1453639343 --> @ckoeber83 commented on GitHub (Mar 3, 2023): Can you integrate a renewing of certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@leonardoangelini commented on GitHub (Mar 3, 2023):

This is for a new certificate:

`
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "xxx@.xxx.xx" --preferred-challenges "dns,http" --domains "aaa.bbb.cc"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

`

This is letsencrypt.log

2023-03-03 15:10:01,277:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1591, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-03-03 15:10:01,278:ERROR:certbot._internal.log:Some challenges have failed.

<!-- gh-comment-id:1453679725 --> @leonardoangelini commented on GitHub (Mar 3, 2023): This is for a new certificate: ` Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --authenticator webroot --email "xxx@.xxx.xx" --preferred-challenges "dns,http" --domains "aaa.bbb.cc" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ` This is letsencrypt.log ` 2023-03-03 15:10:01,277:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1591, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-03-03 15:10:01,278:ERROR:certbot._internal.log:Some challenges have failed. `

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@bmmmm commented on GitHub (Mar 4, 2023):

Can you integrate a renewing of certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

This is a core function of nginx proxy manager and was working before like a charm :) it looks like there are some bugs currently around.

At the moment the community is teaming up and looking for workarounds, as developers are currently preparing the new release: https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1202

My current workaround is, to delete an old cert and create a new one, if you haven't tried.

<!-- gh-comment-id:1454704547 --> @bmmmm commented on GitHub (Mar 4, 2023): > Can you integrate a renewing of certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. This is a core function of nginx proxy manager and was working before like a charm :) it looks like there are some bugs currently around. At the moment the community is teaming up and looking for workarounds, as developers are currently preparing the new release: https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1202 My current workaround is, to delete an old cert and create a new one, if you haven't tried.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@GitMeier commented on GitHub (Mar 8, 2023):

Renewing certificates failed for me. I was able to use this:
https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2411

(For now) I replaced the line
image: 'jc21/nginx-proxy-manager:latest'
in my docker-compose.yaml file with
image: 'jc21/nginx-proxy-manager:github-pr-2411'
Certificate renewal worked again after that.

<!-- gh-comment-id:1460534553 --> @GitMeier commented on GitHub (Mar 8, 2023): Renewing certificates failed for me. I was able to use this: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2411 (For now) I replaced the line image: 'jc21/nginx-proxy-manager:latest' in my docker-compose.yaml file with image: 'jc21/nginx-proxy-manager:github-pr-2411' Certificate renewal worked again after that.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@schumi2004 commented on GitHub (Mar 16, 2023):

You would expect #2411 to be working in latest docker image right?

Since i installed version: v2.9.20 i'm getting this error on renewal:

[3/16/2023] [1:16:08 PM] [Express ] › ⚠ warning invalid signature
QueryBuilder#allowEager method is deprecated. You should use allowGraph instead. allowEager method will be removed in 3.0
QueryBuilder#eager method is deprecated. You should use the withGraphFetched method instead. eager method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Model#$omit is deprected and will be removed in 3.0.
[3/16/2023] [1:16:31 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via TransIP for Cert #1: *.mydomain.com, mydomain.com
[3/16/2023] [1:16:31 PM] [SSL ] › ℹ info Command: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-1" --disable-hook-validation --no-random-sleep-on-renew
[3/16/2023] [1:16:32 PM] [Express ] › ⚠ warning Command failed: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-1" --disable-hook-validation --no-random-sleep-on-renew
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from certbot.main import main
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in
from certbot._internal import main as internal_main
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in
import josepy as jose
File "/opt/certbot/lib/python3.7/site-packages/josepy/init.py", line 40, in
from josepy.json_util import (
File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in
class X509StoreFlags(object):
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

/edit:
Reverted back to version 2.19.9 and it seems to be working again.

<!-- gh-comment-id:1471857406 --> @schumi2004 commented on GitHub (Mar 16, 2023): You would expect #2411 to be working in latest docker image right? Since i installed version: v2.9.20 i'm getting this error on renewal: [3/16/2023] [1:16:08 PM] [Express ] › ⚠ warning invalid signature `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0 `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 Model#$omit is deprected and will be removed in 3.0. [3/16/2023] [1:16:31 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via TransIP for Cert #1: *.mydomain.com, mydomain.com [3/16/2023] [1:16:31 PM] [SSL ] › ℹ info Command: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-1" --disable-hook-validation --no-random-sleep-on-renew [3/16/2023] [1:16:32 PM] [Express ] › ⚠ warning Command failed: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-1" --disable-hook-validation --no-random-sleep-on-renew Traceback (most recent call last): File "/usr/bin/certbot", line 5, in <module> from certbot.main import main File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module> from certbot._internal import main as internal_main File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module> import josepy as jose File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module> from josepy.json_util import ( File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module> from OpenSSL import crypto File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module> class X509StoreFlags(object): File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' /edit: Reverted back to version 2.19.9 and it seems to be working again.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@instantdreams commented on GitHub (Mar 16, 2023):

I am attempting a DNS challenge with the following settings:

• Domain Name: *.example.com
• Email Address: [email address]
• Use DNS Challenge: Selected
• DNS Provider: Azure
• Credentials File Content:

# Service Principal
dns_azure_sp_client_id = [token]
dns_azure_sp_client_secret = [token]
dns_azure_tenant_id = [token]

# Zones
dns_azure_zone1 = example.com:/subscriptions/[subscription]/resourceGroups/[group]

• Propagation Seconds: [blank]
• Terms of Service: Agreed

On selecting Save the application processes for a while then returns the following error message:

Internal Error
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-28" --agree-tos --email "[email address]" --domains "*.example.com" --authenticator dns-azure --dns-azure-credentials "/etc/letsencrypt/credentials/credentials-28"
Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in 
    from certbot.main import main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in 
    from certbot._internal import main as internal_main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in 
    import josepy as jose
  File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in 
    from josepy.json_util import (
  File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in 
    from OpenSSL import crypto
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in 
    from OpenSSL import crypto, SSL
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in 
    class X509StoreFlags(object):
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

I will revert to previous version and test again.

ETA: Reverted to v2.9.19. Generation of certificate worked.

<!-- gh-comment-id:1472880637 --> @instantdreams commented on GitHub (Mar 16, 2023): I am attempting a DNS challenge with the following settings: * Domain Name: **\*.example.com** * Email Address: **[email address]** * Use DNS Challenge: **Selected** * DNS Provider: **Azure** * Credentials File Content: ``` # Service Principal dns_azure_sp_client_id = [token] dns_azure_sp_client_secret = [token] dns_azure_tenant_id = [token] # Zones dns_azure_zone1 = example.com:/subscriptions/[subscription]/resourceGroups/[group] ``` * Propagation Seconds: **[blank]** * Terms of Service: **Agreed** On selecting `Save` the application processes for a while then returns the following error message: ``` Internal Error Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-28" --agree-tos --email "[email address]" --domains "*.example.com" --authenticator dns-azure --dns-azure-credentials "/etc/letsencrypt/credentials/credentials-28" Traceback (most recent call last): File "/usr/bin/certbot", line 5, in from certbot.main import main File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in from certbot._internal import main as internal_main File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in import josepy as jose File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in from josepy.json_util import ( File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in from OpenSSL import crypto File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import crypto, SSL File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in class X509StoreFlags(object): File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ``` I will revert to previous version and test again. **ETA: Reverted to v2.9.19. Generation of certificate worked.**

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@sebasdt commented on GitHub (Mar 17, 2023):

Sad to see, there must be a version out there that works.

In the meantime I have mirgated to the normal nginx rporxy, someday I will go back to using npm. Sometimes the simplest solution will just works.

<!-- gh-comment-id:1472934711 --> @sebasdt commented on GitHub (Mar 17, 2023): Sad to see, there must be a version out there that works. In the meantime I have mirgated to the normal nginx rporxy, someday I will go back to using npm. Sometimes the simplest solution will just works.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@greenfishgit23222 commented on GitHub (Mar 19, 2023):

I have the same problem. Downgrading to other versions doens't work either. A few weeks ago this app worked great now it doesnt anymore.

<!-- gh-comment-id:1475393269 --> @greenfishgit23222 commented on GitHub (Mar 19, 2023): I have the same problem. Downgrading to other versions doens't work either. A few weeks ago this app worked great now it doesnt anymore.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@kingfisher77 commented on GitHub (Mar 27, 2023):

In a fresh installation, we see this error message by initially setup ACME with Azure dns-challenge:

Error: Command failed: . /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-azure~=1.2.0  && deactivate
ERROR: Will not install to the user site because it will lack sys.path precedence to cryptography in /opt/certbot/lib/python3.7/site-packages

What could be the cause?

<!-- gh-comment-id:1485466204 --> @kingfisher77 commented on GitHub (Mar 27, 2023): In a fresh installation, we see this error message by initially setup ACME with Azure dns-challenge: ``` Error: Command failed: . /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-azure~=1.2.0 && deactivate ERROR: Will not install to the user site because it will lack sys.path precedence to cryptography in /opt/certbot/lib/python3.7/site-packages ``` What could be the cause?

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@kingfisher77 commented on GitHub (Mar 27, 2023):

The error appears when i call this part of the pipelline create dns-challenge

pip install --no-cache-dir --user certbot-dns-azure~=1.2.0
...
ERROR: Will not install to the user site because it will lack sys.path precedence to cryptography in /opt/certbot/lib/python3.7/site-packages

from here:

. /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-azure~=1.2.0 && deactivate && certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-0" --agree-tos --email "admin@shift.agency" --domains "*.shift.agency,shift.agency" --authenticator dns-azure --dns-azure-credentials "/etc/letsencrypt/credentials/test.ini"

The used Azure credentials works in other environment (pfSense). But by then the process won't even get there.

<!-- gh-comment-id:1485478308 --> @kingfisher77 commented on GitHub (Mar 27, 2023): The error appears when i call this part of the pipelline create dns-challenge ``` pip install --no-cache-dir --user certbot-dns-azure~=1.2.0 ... ERROR: Will not install to the user site because it will lack sys.path precedence to cryptography in /opt/certbot/lib/python3.7/site-packages ``` from here: `. /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-azure~=1.2.0 && deactivate && certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-0" --agree-tos --email "admin@shift.agency" --domains "*.shift.agency,shift.agency" --authenticator dns-azure --dns-azure-credentials "/etc/letsencrypt/credentials/test.ini"` The used Azure credentials works in other environment (pfSense). But by then the process won't even get there.

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 27, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1912907916 --> @github-actions[bot] commented on GitHub (Jan 27, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@ckoeber83 commented on GitHub (Jan 27, 2024):

Glad,
Can confirm that SSL renewing ist back working 👍🏻

Thanks in advance 👍🏻

<!-- gh-comment-id:1913067934 --> @ckoeber83 commented on GitHub (Jan 27, 2024): Glad, Can confirm that SSL renewing ist back working 👍🏻  Thanks in advance 👍🏻

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Nov 14, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2475208336 --> @github-actions[bot] commented on GitHub (Nov 14, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:32:39 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Dec 1, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:3594244936 --> @github-actions[bot] commented on GitHub (Dec 1, 2025): Issue was closed due to inactivity.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1833

No description provided.