starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00

[GH-ISSUE #3009] Internal Error when requesting SSL certificate, challenges failed #2057

New issue

Closed

opened 2026-02-26 07:33:52 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 07:33:52 +03:00

Owner

Originally created by @Krolitian on GitHub (Jun 18, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3009

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
When attempting to obtain or renew an SSL certificate I get an internal error. I've tried completely wiping NPM from my server to eliminate any possible corruption and starting from scratch, same error. I've tried 2.10.3, 2.10.2, and pr-2971 as that claimed to have fixed it but it persists. Now all my websites are offline and I've spent months trying to figure this out.

Nginx Proxy Manager Version
2.10.3, 2.10.2, and pr-2971

To Reproduce
Steps to reproduce the behavior:

Attempt to request an SSL certificate
Use any settings
Get an error

Expected behavior
Successful certification.

Screenshots

Operating System
Unraid 6.11.5

Additional context

FROM TERMINAL
certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Requesting a certificate for website.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: website.com
Type: connection
Detail: 96.242.119.20: Fetching http://website.com/.well-known/acme-challenge/HWOI5CKvC0BEfbNCUXiA-u7WzOUnpsm8okum5GEv1dE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

FROM LOG
[6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf
[6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf.err
[6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Could not delete file: {
"errno": -2,
"syscall": "unlink",
"code": "ENOENT",
"path": "/data/nginx/proxy_host/1.conf.err"
}
[6/17/2023] [10:53:46 PM] [Nginx ] › ℹ info Reloading Nginx
[6/17/2023] [10:53:51 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #11: website.com
[6/17/2023] [10:53:51 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com"
[6/17/2023] [10:54:02 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_11.conf
[6/17/2023] [10:54:02 PM] [Nginx ] › ℹ info Reloading Nginx
[6/17/2023] [10:54:02 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Originally created by @Krolitian on GitHub (Jun 18, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3009 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** When attempting to obtain or renew an SSL certificate I get an internal error. I've tried completely wiping NPM from my server to eliminate any possible corruption and starting from scratch, same error. I've tried 2.10.3, 2.10.2, and pr-2971 as that claimed to have fixed it but it persists. Now all my websites are offline and I've spent months trying to figure this out. **Nginx Proxy Manager Version** 2.10.3, 2.10.2, and pr-2971 **To Reproduce** Steps to reproduce the behavior: 1. Attempt to request an SSL certificate 2. Use any settings 3. Get an error **Expected behavior** Successful certification. **Screenshots** ![Screenshot](https://github.com/NginxProxyManager/nginx-proxy-manager/assets/82565931/dd08d0e3-d309-45ee-9d9b-72ba5ce9b625) **Operating System** Unraid 6.11.5 **Additional context** *FROM TERMINAL* certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Requesting a certificate for website.com Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: website.com Type: connection Detail: 96.242.119.20: Fetching http://website.com/.well-known/acme-challenge/HWOI5CKvC0BEfbNCUXiA-u7WzOUnpsm8okum5GEv1dE: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. *FROM LOG* [6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf [6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf.err [6/17/2023] [10:53:46 PM] [Nginx ] › ⬤ debug Could not delete file: { "errno": -2, "syscall": "unlink", "code": "ENOENT", "path": "/data/nginx/proxy_host/1.conf.err" } [6/17/2023] [10:53:46 PM] [Nginx ] › ℹ info Reloading Nginx [6/17/2023] [10:53:51 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #11: website.com [6/17/2023] [10:53:51 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com" [6/17/2023] [10:54:02 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_11.conf [6/17/2023] [10:54:02 PM] [Nginx ] › ℹ info Reloading Nginx [6/17/2023] [10:54:02 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "email.com" --preferred-challenges "dns,http" --domains "website.com" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

kerem

2026-02-26 07:33:52 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-26 07:33:52 +03:00

Author

Owner

@Krolitian commented on GitHub (Jun 18, 2023):

Figured it out. Turns out not doing a DNS challenge isn't possible anymore, which I never did cause it wasn't mandatory before. Took me longer to realize this was the issue as using my Google DNS as the DNS challenge wasn't working due to incompatibilities created after trying different NPM versions. After wiping the server of all NPM files, reinstalling the latest version, and ONLY doing it how it was before but now using GoogleDomainsDNS correctly and the first time, it managed to work.

If it's true that you can no longer get a new SSL certificate without using a DNS challenge, the option should be removed to disable it.

@Krolitian commented on GitHub (Jun 18, 2023): Figured it out. Turns out not doing a DNS challenge isn't possible anymore, which I never did cause it wasn't mandatory before. Took me longer to realize this was the issue as using my Google DNS as the DNS challenge wasn't working due to incompatibilities created after trying different NPM versions. After wiping the server of all NPM files, reinstalling the latest version, and ONLY doing it how it was before but now using GoogleDomainsDNS correctly and the first time, it managed to work. If it's true that you can no longer get a new SSL certificate without using a DNS challenge, the option should be removed to disable it.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2057

No description provided.

Rows
Columns