[GH-ISSUE #2781] How to mount existing letsencrypt directory? #1912

New issue

Open

opened 2026-02-26 07:33:13 +03:00 by kerem · 8 comments

kerem commented 2026-02-26 07:33:13 +03:00

Owner

Copy link

Originally created by @drudgede on GitHub (Mar 30, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2781

For my required setup, I currently have all my letsencrypt certificates stored on an NFS drive and mount them to /etc/letsencrypt on each required host. So I tried to do the same with the Nginx Proxy Manager and mounted the existing path with /etc/letsencrypt:/etc/letsencrypt instead of ./letsencrypt:/etc/letsencrypt as given in the default configuration:

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:2.9.22'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # Unix user and group IDs, optional
      PUID: 1000
      PGID: 1000
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - /etc/letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql

This seems to work fine. I can see the directory on my local host:

root@npm:/# ls /etc/letsencrypt
accounts  archive  cli.ini  csr  keys  live  options-ssl-apache.conf  renewal  renewal-hooks

And I can see in the docker container that the container can access them as well:

root@npm:/# docker exec -it a /bin/bash

[root@docker-a88aa14b1b11:/app]# ls /etc/letsencrypt
accounts
archive
cli.ini
csr
keys
live
options-ssl-apache.conf
renewal
renewal-hooks

However, I am not able to access those certificates which are already existing when I use the web GUI.
The Nginx Proxy Manager seems to have no information about those certificates and I can only create new ones.

How can I make the certificates known to NPM? Did I mount an incorrect path structure?

Originally created by @drudgede on GitHub (Mar 30, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2781 For my required setup, I currently have all my letsencrypt certificates stored on an NFS drive and mount them to `/etc/letsencrypt` on each required host. So I tried to do the same with the Nginx Proxy Manager and mounted the existing path with `/etc/letsencrypt:/etc/letsencrypt` instead of `./letsencrypt:/etc/letsencrypt` as given in the default configuration: ``` version: '3.8' services: app: image: 'jc21/nginx-proxy-manager:2.9.22' restart: unless-stopped ports: # These ports are in format <host-port>:<container-port> - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port # Add any other Stream port you want to expose # - '21:21' # FTP environment: # Unix user and group IDs, optional PUID: 1000 PGID: 1000 # Mysql/Maria connection parameters: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "npm" DB_MYSQL_NAME: "npm" # Uncomment this if IPv6 is not enabled on your host DISABLE_IPV6: 'true' volumes: - ./data:/data - /etc/letsencrypt:/etc/letsencrypt depends_on: - db db: image: 'jc21/mariadb-aria:latest' restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'npm' volumes: - ./data/mysql:/var/lib/mysql ``` This seems to work fine. I can see the directory on my local host: ``` root@npm:/# ls /etc/letsencrypt accounts archive cli.ini csr keys live options-ssl-apache.conf renewal renewal-hooks ``` And I can see in the docker container that the container can access them as well: ``` root@npm:/# docker exec -it a /bin/bash [root@docker-a88aa14b1b11:/app]# ls /etc/letsencrypt accounts archive cli.ini csr keys live options-ssl-apache.conf renewal renewal-hooks ``` However, I am not able to access those certificates which are already existing when I use the web GUI. The Nginx Proxy Manager seems to have no information about those certificates and I can only create new ones. How can I make the certificates known to NPM? Did I mount an incorrect path structure?

kerem commented 2026-02-26 07:33:13 +03:00

Author

Owner

Copy link

@mricharz commented on GitHub (Apr 17, 2023):

https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2347

<!-- gh-comment-id:1511513986 --> @mricharz commented on GitHub (Apr 17, 2023): https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2347

kerem commented 2026-02-26 07:33:13 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 24, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1907216808 --> @github-actions[bot] commented on GitHub (Jan 24, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:33:13 +03:00

Author

Owner

Copy link

@sagefarrenholz commented on GitHub (Nov 25, 2024):

Bump !

<!-- gh-comment-id:2496593989 --> @sagefarrenholz commented on GitHub (Nov 25, 2024): Bump !

kerem commented 2026-02-26 07:33:13 +03:00

Author

Owner

Copy link

@shalafi99 commented on GitHub (Nov 25, 2024):

I think NPM does not "scan" the contents of the /letsencrypt directory ever, instead it controls status/presence of certificates through the related actions done inside the admin interface (which are reflected by updates to its own database).

I am inferring that based on a different experience I have had - in my case, I have a letsencrypt certificate which is managed outside of NPM.
I imported it using the "Add Certificate / Custom" WebUI option and I know NPM does not check the actual files because I have a script to copy over to NPM the updated certificate when it gets renewed and the expiration date shown in the WebUI still is the original import one (which I read somewhere here in Github that happens because it is information being read off its database instead of from the actual cert file present inside the filesystem).
It is a single certificate so for me, at least, not really a significant management overhead/bother.

That said, I would risk saying that the /letsencrypt folder mounted in NPM would be used solely for certificates which are/were requested using its own mechanism (instead of "external" ones). #2347 looks to be a request to change this behavior.

<!-- gh-comment-id:2498256039 --> @shalafi99 commented on GitHub (Nov 25, 2024): I think NPM does not "scan" the contents of the /letsencrypt directory ever, instead it controls status/presence of certificates through the related actions done inside the admin interface (which are reflected by updates to its own database). I am inferring that based on a different experience I have had - in my case, I have a letsencrypt certificate which is managed outside of NPM. I imported it using the "Add Certificate / Custom" WebUI option and I know NPM does not check the actual files because I have a script to copy over to NPM the updated certificate when it gets renewed and the expiration date shown in the WebUI still is the original import one (which I read somewhere here in Github that happens because it is information being read off its database instead of from the actual cert file present inside the filesystem). It is a single certificate so for me, at least, not really a significant management overhead/bother. That said, I would risk saying that the /letsencrypt folder mounted in NPM would be used solely for certificates which are/were requested using its own mechanism (instead of "external" ones). #2347 looks to be a request to change this behavior.

kerem commented 2026-02-26 07:33:14 +03:00

Author

Owner

Copy link

@sagefarrenholz commented on GitHub (Nov 26, 2024):

Bare minimum if we can import a local disk file (from the box not my browser) in the gui

Then I can sym link it or something

<!-- gh-comment-id:2499710814 --> @sagefarrenholz commented on GitHub (Nov 26, 2024): Bare minimum if we can import a local disk file (from the box not my browser) in the gui Then I can sym link it or something

kerem commented 2026-02-26 07:33:14 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Aug 12, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3177468249 --> @github-actions[bot] commented on GitHub (Aug 12, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:33:14 +03:00

Author

Owner

Copy link

@alonsovb commented on GitHub (Aug 13, 2025):

Bumping since I'm also interested in this functionality

<!-- gh-comment-id:3181893430 --> @alonsovb commented on GitHub (Aug 13, 2025): Bumping since I'm also interested in this functionality

kerem commented 2026-02-26 07:33:14 +03:00

Author

Owner

Copy link

@sazeygit commented on GitHub (Dec 14, 2025):

bumping, also interested

<!-- gh-comment-id:3650110913 --> @sazeygit commented on GitHub (Dec 14, 2025): bumping, also interested

kerem referenced this issue 2026-02-26 08:31:08 +03:00

[PR #2444] [MERGED] Load events configuration from custom file #3568

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1912

No description provided.