mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-04-25 09:25:55 +03:00
[GH-ISSUE #2776] DNS Challenge Azure failing #1906
Labels
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/nginx-proxy-manager-NginxProxyManager#1906
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kingfisher77 on GitHub (Mar 29, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2776
Checklist
jc21/nginx-proxy-manager:latestdocker image?Describe the bug
DNS challenge with Azure DNS fails.
Nginx Proxy Manager Version
2.10.0 - 2.10.1
In Version 2.9.22 the error is a different one:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Procede like usual to generate Certificates
Screenshots
Operating System
Additional context
@Schmackos commented on GitHub (Mar 31, 2023):
Experience the same issue on 2.10.1. Resulting in not being able to login and high CPU load (due to the container constantly trying to upgrade).
[Migrate ] › ℹ info Current database version: 20211108145214
[Global ] › ✖ error Command failed: . /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-transip~=0.4.3 && deactivate
ERROR: Will not install to the user site because it will lack sys.path precedence to cryptography in /opt/certbot/lib/python3.7/site-packages
@RafaelSchridi commented on GitHub (Apr 1, 2023):
I get the same thing with transip
@M1chka commented on GitHub (Apr 6, 2023):
I fixed it this way:
@kingfisher77 commented on GitHub (Apr 6, 2023):
Next time you refresh the container, its gone
@Schmackos commented on GitHub (Apr 16, 2023):
Agreed, but at least a work around for now, until this gets resolved.
@kingfisher77 commented on GitHub (May 11, 2023):
Since a proxy is mission critical for us, we took a closer look at traefik. Really nice! The learning curve is a bit higher, but in the end it is transparent and simple. And very flexible! Good by NPM - it was nice but too buggy ;-)
@RafaelSchridi commented on GitHub (May 11, 2023):
After waiting a full year for the access list to get fixed, and now this, I think it's time for me to look at at Traefik too. I picked NPM for it simplicity but I really need stability now.
@tiny656 commented on GitHub (May 16, 2023):
@RafaelSchridi , here is my practice, use https://github.com/acmesh-official/acme.sh to issue and renew cert automatically, and create soft link for cert from acme.sh publish folder into ~/nginx-proxy-manager/data/custom_ssl/npm-2 folder.
basically, custom ssl use delegate way by acme.sh to provide.
for acme.sh example, my case uses Azure DNS, you can check my docker-compose file here.
@KRGT-NL commented on GitHub (Jun 4, 2023):
With this I have my workaround for DNS challenge with in my case TransIP.
When will this bug be fixed? I really like NPM! @jc21
@kingfisher77 commented on GitHub (Jun 4, 2023):
Continue to https://doc.traefik.io/traefik/getting-started/install-traefik This is really a much nicer concept and the quality of the software is not comparable - much more stable. The dynamic configuration is tremendous! I have made the move and do not regret it.
@RafaelSchridi commented on GitHub (Jun 28, 2023):
This was working fine until I got an email from letsencrypt today saying my domains are expiring in 20 days.
No idea what changed, guess I've got a deadline on my traefik switch
@kingfisher77 commented on GitHub (Jun 29, 2023):
I am extremely happy with traefik.
@JDunnio commented on GitHub (Jul 19, 2023):
Experiencing the same when renewing cert with TransIP DNS challenge. Please fix this.
@RafaelSchridi, tnx for this. This worked. Seams like this is an outdated component?
[7/19/2023] [10:49:03 AM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via TransIP for Cert #7: *.DOMAIN.EXT
[7/19/2023] [10:49:03 AM] [SSL ] › ℹ info Command: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --disable-hook-validation --no-random-sleep-on-renew
[7/19/2023] [10:49:03 AM] [Express ] › ⚠ warning Command failed: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --disable-hook-validation --no-random-sleep-on-renew
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from certbot.main import main
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in
from certbot._internal import main as internal_main
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in
import josepy as jose
File "/opt/certbot/lib/python3.7/site-packages/josepy/init.py", line 40, in
from josepy.json_util import (
File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in
class X509StoreFlags(object):
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
@Schmackos commented on GitHub (Jul 19, 2023):
Still broken on my side and hard to understand why this is not flagged as a priority bug? It has been 2 Months without any confirmation or comms. Dont want to migrate away from NPM, but starting to look at other options as I am losing the trust this will be addressed.
@kingfisher77 commented on GitHub (Jul 19, 2023):
This is a compelling solution: https://doc.traefik.io/traefik/
@JDunnio commented on GitHub (Jul 26, 2023):
This fixes the renewal scrip and gives you the ability to renew the certificate for another 3 months. I sincerely hope that this gets fixed in the future.
I used traefik before NPM. In general it works really wel, but it is nice product in a home setup for which I'm using it. Different versions of traefik, yaml and toml config, ability to override config in the labels
I had quite a few containers in my home setup which i didn't get to work without making a study out of it. NPM config in that way is way easier and easier to troubleshoot.
@github-actions[bot] commented on GitHub (Apr 15, 2024):
Issue is now considered stale. If you want to keep it open, please comment 👍
@github-actions[bot] commented on GitHub (Jun 11, 2025):
Issue was closed due to inactivity.