starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #2999] Internel Server Error in process renew certificate Let's Encrypt, Wildcard Namecheap #2048

New issue
Closed
opened 2026-02-26 07:33:49 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 07:33:49 +03:00
Owner
Copy link

Originally created by @vsc55 on GitHub (Jun 14, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2999

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug
When you click to renew the certificate, an internal error occurs.
Certificate is Wildcard in Namecheap.

Nginx Proxy Manager Version
v2.10.3

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'SSL Certificates'
  2. Click on the three points of the certificate that we want to renew and click on the opicon renew now.
  3. See error "Internal Error"

Screenshots
Log error:

[6/14/2023] [7:06:50 PM] [SSL      ] › ℹ  info      Command: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validation --no-random-sleep-on-renew 
[6/14/2023] [7:06:56 PM] [Express  ] › ⬤  debug     Error: Command failed: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validation --no-random-sleep-on-renew 
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Failed to renew certificate npm-39 with error: Unable to determine zone identifier for domain.net using zone names: ['domain.net', 'net']
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/npm-39/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Run command in verbose mode:

# certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validatio
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/npm-39.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator dns-namecheap, Installer None
Renewing an existing certificate for *.domain.net
Performing the following challenges:
dns-01 challenge for domain.net
Cleaning up challenges
Failed to renew certificate npm-39 with error: Unable to determine zone identifier for domain.net using zone names: ['domain.net', 'net']

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/npm-39/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Operating System
Docker in Debian.

Originally created by @vsc55 on GitHub (Jun 14, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2999 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** When you click to renew the certificate, an internal error occurs. Certificate is Wildcard in Namecheap. **Nginx Proxy Manager Version** v2.10.3 **To Reproduce** Steps to reproduce the behavior: 1. Go to 'SSL Certificates' 2. Click on the three points of the certificate that we want to renew and click on the opicon renew now. 3. See error "Internal Error" **Screenshots** Log error: ``` [6/14/2023] [7:06:50 PM] [SSL ] › ℹ info Command: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validation --no-random-sleep-on-renew [6/14/2023] [7:06:56 PM] [Express ] › ⬤ debug Error: Command failed: certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validation --no-random-sleep-on-renew Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Failed to renew certificate npm-39 with error: Unable to determine zone identifier for domain.net using zone names: ['domain.net', 'net'] All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-39/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ``` Run command in verbose mode: ``` # certbot renew --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-39" --disable-hook-validatio Saving debug log to /tmp/letsencrypt-log/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-39.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Certificate is due for renewal, auto-renewing... Plugins selected: Authenticator dns-namecheap, Installer None Renewing an existing certificate for *.domain.net Performing the following challenges: dns-01 challenge for domain.net Cleaning up challenges Failed to renew certificate npm-39 with error: Unable to determine zone identifier for domain.net using zone names: ['domain.net', 'net'] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/npm-39/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. ``` **Operating System** Docker in Debian.
kerem 2026-02-26 07:33:49 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 07:33:50 +03:00
Author
Owner
Copy link

@vsc55 commented on GitHub (Jun 14, 2023):

Hi, it was a false alarm.
I leave here the reason for the problem and solve it in case it happens to someone else (probably to me in a few months when I don't remember). hehehehe
It turns out that the error is caused by a security filter that namechepa has when using the API since they control the IPs of the clients that connect.
It turns out that I was connecting to another ip that was not on the whitelist and that is why the error occurs.
Add the new ip to the whitelist and everything has been fixed.

<!-- gh-comment-id:1591742805 --> @vsc55 commented on GitHub (Jun 14, 2023): Hi, it was a false alarm. I leave here the reason for the problem and solve it in case it happens to someone else (probably to me in a few months when I don't remember). hehehehe It turns out that the error is caused by a security filter that namechepa has when using the API since they control the IPs of the clients that connect. It turns out that I was connecting to another ip that was not on the whitelist and that is why the error occurs. Add the new ip to the whitelist and everything has been fixed.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2048
No description provided.