[GH-ISSUE #3138] DNS challenge with DuckDNS does not work #2130

New issue

Closed

opened 2026-02-26 07:34:08 +03:00 by kerem · 17 comments

kerem commented 2026-02-26 07:34:08 +03:00

Owner

Copy link

Originally created by @Rihan9 on GitHub (Aug 16, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3138

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

This isseus is some sort of "reopening" of #2092. We can't request a SSL certificate for a domain hosted on DuckDNS.
In the log we found the following message:
"The DNS response does not contain an answer to the question: mydomain.duckdns.org. IN TXT"

Nginx Proxy Manager Version

v2.10.3

To Reproduce
Steps to reproduce the behavior:

1. create a hostname on duckDNS and make sure is pointed to the nginx proxy manager installation
2. on tab ssl certificates --> add ssl certificates --> let's encrypt --> compelte the form using dns challange: yes and the required token (see screenshot)
3. the error should pop-up

Screenshots

Originally created by @Rihan9 on GitHub (Aug 16, 2023). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3138 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** <!-- A clear and concise description of what the bug is. --> This isseus is some sort of "reopening" of #2092. We can't request a SSL certificate for a domain hosted on DuckDNS. In the log we found the following message: `"The DNS response does not contain an answer to the question: mydomain.duckdns.org. IN TXT"` **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> v2.10.3 **To Reproduce** Steps to reproduce the behavior: 1. create a hostname on duckDNS and make sure is pointed to the nginx proxy manager installation 2. on tab ssl certificates --> add ssl certificates --> let's encrypt --> compelte the form using dns challange: yes and the required token (see screenshot) 3. the error should pop-up **Screenshots** <!-- If applicable, add screenshots to help explain your problem. -->   

kerem 2026-02-26 07:34:08 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@holocronology commented on GitHub (Aug 17, 2023):

Did you delete a cert prior to this? I think there is an error in NPM that the database is not updating when certs are deleted. So NPM starting looking for the folder of the deleted cert, but it is not there. SO it ends up in an error loop looking for these deleted files.

<!-- gh-comment-id:1683019084 --> @holocronology commented on GitHub (Aug 17, 2023): Did you delete a cert prior to this? I think there is an error in NPM that the database is not updating when certs are deleted. So NPM starting looking for the folder of the deleted cert, but it is not there. SO it ends up in an error loop looking for these deleted files.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Aug 18, 2023):

I don't think so. The only think that come to my mind is the renew certifica process. Can it cause the deletion of the old certificate?

<!-- gh-comment-id:1684106181 --> @Rihan9 commented on GitHub (Aug 18, 2023): I don't think so. The only think that come to my mind is the renew certifica process. Can it cause the deletion of the old certificate?

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

I'm running into exactly the same issue. I've tried to clean everything up an recreate the certificate but no matter what I tried I keep having this issue.

<!-- gh-comment-id:1690808093 --> @devedse commented on GitHub (Aug 24, 2023): I'm running into exactly the same issue. I've tried to clean everything up an recreate the certificate but no matter what I tried I keep having this issue.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

Ok I hacked the solution to work.

I found out here:
https://github.com/infinityofspace/certbot_dns_duckdns/issues/21
That apparently you need to add --dns-duckdns-no-txt-restore to the certbot command

So I added that in the certificate.js file.

To fix it on your local docker instance:

Download this file: https://gist.github.com/devedse/b63f79851c44aac27892c95009090325
And mount it in the docker container as a volume:

volumes:
      - /home/devedse/dockercomposers/nginxproxymanager/certificate.js:/app/internal/certificate.js:ro

My full compose file:

services:
  nginx-proxy-manager:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx-proxy-manager
    restart: unless-stopped
    volumes:
      - /home/devedse/dockercomposers/nginxproxymanager/data:/data
      - /home/devedse/dockercomposers/nginxproxymanager/letsencrypt:/etc/letsencrypt
      - /home/devedse/dockercomposers/nginxproxymanager/snippets:/config/nginx/snippets:ro
      - /home/devedse/dockercomposers/nginxproxymanager/certificate.js:/app/internal/certificate.js:ro
    network_mode: "host"

<!-- gh-comment-id:1691447683 --> @devedse commented on GitHub (Aug 24, 2023): Ok I hacked the solution to work. I found out here: https://github.com/infinityofspace/certbot_dns_duckdns/issues/21 That apparently you need to add `--dns-duckdns-no-txt-restore` to the certbot command So I added that in the certificate.js file. **To fix it on your local docker instance:** Download this file: https://gist.github.com/devedse/b63f79851c44aac27892c95009090325 And mount it in the docker container as a volume: ``` volumes: - /home/devedse/dockercomposers/nginxproxymanager/certificate.js:/app/internal/certificate.js:ro ``` My full compose file: ``` services: nginx-proxy-manager: image: 'jc21/nginx-proxy-manager:latest' container_name: nginx-proxy-manager restart: unless-stopped volumes: - /home/devedse/dockercomposers/nginxproxymanager/data:/data - /home/devedse/dockercomposers/nginxproxymanager/letsencrypt:/etc/letsencrypt - /home/devedse/dockercomposers/nginxproxymanager/snippets:/config/nginx/snippets:ro - /home/devedse/dockercomposers/nginxproxymanager/certificate.js:/app/internal/certificate.js:ro network_mode: "host" ```

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

I'm honestly not sure why and how this works but I would advice the maintainers of nginx-proxy-manager to take a look at this and possibly include this fix in the solution.

@jc21 :)

<!-- gh-comment-id:1691465689 --> @devedse commented on GitHub (Aug 24, 2023): I'm honestly not sure why and how this works but I would advice the maintainers of nginx-proxy-manager to take a look at this and possibly include this fix in the solution. @jc21 :)

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

For renewing certificates you need to update the renewal config. In my case here (only required if they were generated before you applied this fix):

/home/devedse/dockercomposers/nginxproxymanager/letsencrypt/renewal/npm-18.conf

Then add this line:

dns_duckdns_no_txt_restore = True

The complete file should look like this:

# renew_before_expiry = 30 days
version = 2.5.0
archive_dir = /etc/letsencrypt/archive/npm-18
cert = /etc/letsencrypt/live/npm-18/cert.pem
privkey = /etc/letsencrypt/live/npm-18/privkey.pem
chain = /etc/letsencrypt/live/npm-18/chain.pem
fullchain = /etc/letsencrypt/live/npm-18/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = *******************
key_type = ecdsa
elliptic_curve = secp384r1
preferred_chain = ISRG Root X1
work_dir = /tmp/letsencrypt-lib
logs_dir = /tmp/letsencrypt-log
authenticator = dns-duckdns
dns_duckdns_propagation_seconds = 30
dns_duckdns_credentials = /etc/letsencrypt/credentials/credentials-18
dns_duckdns_no_txt_restore = True
webroot_path = /data/letsencrypt-acme-challenge,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]

After this renewal's should work again for DuckDNS

<!-- gh-comment-id:1691513051 --> @devedse commented on GitHub (Aug 24, 2023): For renewing certificates you need to update the renewal config. In my case here (only required if they were generated before you applied this fix): ``` /home/devedse/dockercomposers/nginxproxymanager/letsencrypt/renewal/npm-18.conf ``` Then add this line: ``` dns_duckdns_no_txt_restore = True ``` The complete file should look like this: ``` # renew_before_expiry = 30 days version = 2.5.0 archive_dir = /etc/letsencrypt/archive/npm-18 cert = /etc/letsencrypt/live/npm-18/cert.pem privkey = /etc/letsencrypt/live/npm-18/privkey.pem chain = /etc/letsencrypt/live/npm-18/chain.pem fullchain = /etc/letsencrypt/live/npm-18/fullchain.pem # Options used in the renewal process [renewalparams] account = ******************* key_type = ecdsa elliptic_curve = secp384r1 preferred_chain = ISRG Root X1 work_dir = /tmp/letsencrypt-lib logs_dir = /tmp/letsencrypt-log authenticator = dns-duckdns dns_duckdns_propagation_seconds = 30 dns_duckdns_credentials = /etc/letsencrypt/credentials/credentials-18 dns_duckdns_no_txt_restore = True webroot_path = /data/letsencrypt-acme-challenge, server = https://acme-v02.api.letsencrypt.org/directory [[webroot_map]] ``` After this renewal's should work again for DuckDNS

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Aug 24, 2023):

@devedse please, let me bow to you.

I can confirm that the fix work like a charm. (I didn't use the binding volumes: i direclty used curl on the container's console to download the new file and replaced the old).

Do I need to touch the config of my cert if it was created after your change? Because if it is needed, I think we need an additional change on the code to avoid it.

<!-- gh-comment-id:1691709952 --> @Rihan9 commented on GitHub (Aug 24, 2023): @devedse please, let me bow to you. I can confirm that the fix work like a charm. (I didn't use the binding volumes: i direclty used curl on the container's console to download the new file and replaced the old). Do I need to touch the config of my cert if it was created after your change? Because if it is needed, I think we need an additional change on the code to avoid it.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

Nope then you don't need to change it as far as I understand.
The disadvantage of your way is that if you restart/update the container you need to re-apply the change.

<!-- gh-comment-id:1691903375 --> @devedse commented on GitHub (Aug 24, 2023): Nope then you don't need to change it as far as I understand. The disadvantage of your way is that if you restart/update the container you need to re-apply the change.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Aug 24, 2023):

Yeah, I know, but I'm lazy and I didn't want to access throght ssh, so I used the console via Portainer.
I also don't see why your fix should be posponed in an update other than the next, given that we have 2 different positive response and your fix seems to me quite clean. So I'm positive that there will be no need to re-apply the fix

<!-- gh-comment-id:1691937684 --> @Rihan9 commented on GitHub (Aug 24, 2023): Yeah, I know, but I'm lazy and I didn't want to access throght ssh, so I used the console via Portainer. I also don't see why your fix should be posponed in an update other than the next, given that we have 2 different positive response and your fix seems to me quite clean. So I'm positive that there will be no need to re-apply the fix

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@devedse commented on GitHub (Aug 24, 2023):

The main thing is that I don't understand "why" my fix is needed. I don't understand DNS well enough for that. The setting we've added should keep the TXT on duckdns after we've proven that we are the owner of said domain. However I don't understand why it needs to remain there. It would make sense to only need to remain there for the duration of the certbot renew.

<!-- gh-comment-id:1691970248 --> @devedse commented on GitHub (Aug 24, 2023): The main thing is that I don't understand "why" my fix is needed. I don't understand DNS well enough for that. The setting we've added should keep the TXT on duckdns after we've proven that we are the owner of said domain. However I don't understand why it needs to remain there. It would make sense to only need to remain there for the duration of the certbot renew.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Aug 24, 2023):

I don't have an answer for you. I know almost nothing about it. My knowledge as a developer is related to CRM software and atomation systems thought python, I'm not a network manager. I'm using this software because is the most efficent and easy solution that I have found to manage my services related to my smart home.

<!-- gh-comment-id:1692007584 --> @Rihan9 commented on GitHub (Aug 24, 2023): I don't have an answer for you. I know almost nothing about it. My knowledge as a developer is related to CRM software and atomation systems thought python, I'm not a network manager. I'm using this software because is the most efficent and easy solution that I have found to manage my services related to my smart home.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@kruechten commented on GitHub (Jan 4, 2024):

I can confirm this bug is still present and the fix to the container.js from devedse above works. To fix without mounting the file inside your container, you can also just overwrite /app/internal/certificate.js with the contents of his version. Did that through a shell in portainer and now renewal and new certificates work again via DuckDNS challenge.

<!-- gh-comment-id:1877461792 --> @kruechten commented on GitHub (Jan 4, 2024): I can confirm this bug is still present and the fix to the container.js from devedse above works. To fix without mounting the file inside your container, you can also just overwrite /app/internal/certificate.js with the contents of his version. Did that through a shell in portainer and now renewal and new certificates work again via DuckDNS challenge.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Dark-Noir commented on GitHub (Jun 22, 2024):

Hmm, i can't get it to work, i used @devedse solution here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3138#issuecomment-1691447683
The file is correctly linked in to the container.

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:519:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5)

Certbot failed to authenticate some domains (authenticator: dns-duckdns). The Certificate Authority reported these problems:
  Domain: ****.duckdns.org
  Type:   dns
  Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.****.duckdns.org - the domain's nameservers may be malfunctioning

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-duckdns. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-duckdns-propagation-se>

2024-06-22 21:16:03,583:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-06-22 21:16:03,584:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-06-22 21:16:03,584:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-06-22 21:16:04,166:DEBUG:charset_normalizer:Encoding detection: ascii is most likely the one.
2024-06-22 21:16:04,169:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-06-22 21:16:04,175:ERROR:certbot._internal.log:Some challenges have failed.

<!-- gh-comment-id:2184135587 --> @Dark-Noir commented on GitHub (Jun 22, 2024): Hmm, i can't get it to work, i used @devedse solution here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3138#issuecomment-1691447683 The file is correctly linked in to the container. ```` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:519:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) ```` ```` Certbot failed to authenticate some domains (authenticator: dns-duckdns). The Certificate Authority reported these problems: Domain: ****.duckdns.org Type: dns Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.****.duckdns.org - the domain's nameservers may be malfunctioning Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-duckdns. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-duckdns-propagation-se> 2024-06-22 21:16:03,583:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-06-22 21:16:03,584:DEBUG:certbot._internal.error_handler:Calling registered functions 2024-06-22 21:16:03,584:INFO:certbot._internal.auth_handler:Cleaning up challenges 2024-06-22 21:16:04,166:DEBUG:charset_normalizer:Encoding detection: ascii is most likely the one. 2024-06-22 21:16:04,169:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-06-22 21:16:04,175:ERROR:certbot._internal.log:Some challenges have failed. ````

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Sep 25, 2024):

Hi all,
we are still without a solution? I can't update my container until this issue is resolved, so I'm probably missing some security patch here.

<!-- gh-comment-id:2374355702 --> @Rihan9 commented on GitHub (Sep 25, 2024): Hi all, we are still without a solution? I can't update my container until this issue is resolved, so I'm probably missing some security patch here.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Dark-Noir commented on GitHub (Sep 25, 2024):

It seems to be a DuckDNS issue, check here.
I changed to my own DNS and it works fine.

<!-- gh-comment-id:2374382558 --> @Dark-Noir commented on GitHub (Sep 25, 2024): It seems to be a DuckDNS issue, check [here](https://groups.google.com/g/duckdns). I changed to my own DNS and it works fine.

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Rihan9 commented on GitHub (Oct 23, 2024):

Hi,
I'm going to close this issue due to a 1 year+ waiting for nothing. Due to other problems I've switched to another reverse proxy, so I lost interest to a possible fix to this. Have a nice day!

<!-- gh-comment-id:2431988485 --> @Rihan9 commented on GitHub (Oct 23, 2024): Hi, I'm going to close this issue due to a 1 year+ waiting for nothing. Due to other problems I've switched to another reverse proxy, so I lost interest to a possible fix to this. Have a nice day!

kerem commented 2026-02-26 07:34:09 +03:00

Author

Owner

Copy link

@Icakis commented on GitHub (Nov 11, 2024):

Hello,
I had the same problem but i'm using it with LXC container in proxmox and I have to install newer version of certbot.
sudo pip install certbot-dns-duckdns
Currently it's working with versions:
certbot==2.1.0
certbot-dns-cloudflare==2.0.0
certbot-dns-multi==4.18.0
certbot_dns_duckdns==1.4

Also you should use 120 value for progation in seconds, because default it's not enough.

I now this issue is for docker container, but I found only this which is close to mine and can help someone to save some time.

<!-- gh-comment-id:2467377531 --> @Icakis commented on GitHub (Nov 11, 2024): Hello, I had the same problem but i'm using it with LXC container in proxmox and I have to install newer version of certbot. `sudo pip install certbot-dns-duckdns` Currently it's working with versions: certbot==2.1.0 certbot-dns-cloudflare==2.0.0 certbot-dns-multi==4.18.0 certbot_dns_duckdns==1.4 Also you should use 120 value for progation in seconds, because default it's not enough. I now this issue is for docker container, but I found only this which is close to mine and can help someone to save some time.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2130

No description provided.