starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00

[GH-ISSUE #4428] DomainOffensive DNS Challenge wrong API variable #2834

New issue

Closed

opened 2026-02-26 07:36:56 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 07:36:56 +03:00

Owner

Originally created by @Jafewe02 on GitHub (Mar 10, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4428

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- No

Describe the bug
The default api variable changed for do.de it was "dns_do_api_token" and the new one is "dns_domainoffensive_api_token"

Nginx Proxy Manager Version

v2.12.3

To Reproduce
Steps to reproduce the behavior:

Go to SSL Certificates
try to add a Let's Encrypt certificate
select DNS Challenge
select Do.de as Provider
in Credentials File Content you can see wrong variable

Expected behavior
DNS Challenge should work if i put in my api token but i need to change the whole line.

Additional context
not a big Bug but as a newbie hard to identify.

Originally created by @Jafewe02 on GitHub (Mar 10, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4428 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - No **Describe the bug** The default api variable changed for do.de it was "dns_do_api_token" and the new one is "dns_domainoffensive_api_token" **Nginx Proxy Manager Version**  v2.12.3 **To Reproduce** Steps to reproduce the behavior: 1. Go to SSL Certificates 2. try to add a Let's Encrypt certificate 3. select DNS Challenge 4. select Do.de as Provider 5. in Credentials File Content you can see wrong variable **Expected behavior** DNS Challenge should work if i put in my api token but i need to change the whole line. **Additional context** not a big Bug but as a newbie hard to identify.

kerem

2026-02-26 07:36:56 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-26 07:36:56 +03:00

Author

Owner

@SvenLudwig202 commented on GitHub (Mar 11, 2025):

I ran into the same issue.
I've been using nginx-proxy-manager for some time now and my existing config doesn't seem to be compatible with 2.12.3, which results in renewal failing since 2.12.3 was released.
I was able to modify some files, so I could renew my certificates, but thought I'll share my findings.

Logfile looked like this

app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via DomainOffensive (do.de) for Cert #5: XXX
app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-5' --disable-hook-validation --no-random-sleep-on-renew
app-1 | [3/11/2025] [10:19:53 AM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-5' --disable-hook-validation --no-random-sleep-on-renew
app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ✖ error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
app-1 | Failed to renew certificate npm-5 with error: The requested dns-do plugin does not appear to be installed
app-1 | All renewals failed. The following certificates could not be renewed:
app-1 | /etc/letsencrypt/live/npm-5/fullchain.pem (failure)
app-1 | 1 renew failure(s), 0 parse failure(s)
app-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
app-1 |
app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Completed SSL cert renew process

In the SQLite database the metadata of the certificate in question was still referring to "dns_do_api_token" in the "dns_provider_credentials".

Inside the container "/etc/letsencrypt/renewal/npm-5.conf" was reading:

authenticator = dns-do
dns_do_propagation_seconds = 120
dns_do_credentials = /etc/letsencrypt/credentials/credentials-5

Also inside the container "/etc/letsencrypt/credentials/credentials-5" was reading:

dns_do_api_token = XXXXXXXXXXXXXXXXX

After modifying the files certbot works with inside the container, I was able to successfully renew my certificate.

I feel like some transformation of the existing configuration files should have happened when updating from 2.12.2 to 2.12.3.
This seems related to updating to the newer DomainOffensive certbot plugin (commit 5d087f1).

@SvenLudwig202 commented on GitHub (Mar 11, 2025): I ran into the same issue. I've been using nginx-proxy-manager for some time now and my existing config doesn't seem to be compatible with 2.12.3, which results in renewal failing since 2.12.3 was released. I was able to modify some files, so I could renew my certificates, but thought I'll share my findings. Logfile looked like this > app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via DomainOffensive (do.de) for Cert #5: XXX app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-5' --disable-hook-validation --no-random-sleep-on-renew app-1 | [3/11/2025] [10:19:53 AM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-5' --disable-hook-validation --no-random-sleep-on-renew app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ✖ error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log app-1 | Failed to renew certificate npm-5 with error: The requested dns-do plugin does not appear to be installed app-1 | All renewals failed. The following certificates could not be renewed: app-1 | /etc/letsencrypt/live/npm-5/fullchain.pem (failure) app-1 | 1 renew failure(s), 0 parse failure(s) app-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. app-1 | app-1 | [3/11/2025] [10:19:53 AM] [SSL ] › ℹ info Completed SSL cert renew process In the SQLite database the metadata of the certificate in question was still referring to "dns_do_api_token" in the "dns_provider_credentials". Inside the container "/etc/letsencrypt/renewal/npm-5.conf" was reading: > authenticator = dns-do dns_do_propagation_seconds = 120 dns_do_credentials = /etc/letsencrypt/credentials/credentials-5 Also inside the container "/etc/letsencrypt/credentials/credentials-5" was reading: > dns_do_api_token = XXXXXXXXXXXXXXXXX After modifying the files certbot works with inside the container, I was able to successfully renew my certificate. I feel like some transformation of the existing configuration files should have happened when updating from 2.12.2 to 2.12.3. This seems related to updating to the newer DomainOffensive certbot plugin (commit 5d087f1).

kerem commented

2026-02-26 07:36:56 +03:00

Author

Owner

@FabianK3 commented on GitHub (Mar 28, 2025):

I feel like some transformation of the existing configuration files should have happened when updating from 2.12.2 to 2.12.3.
This seems related to updating to the newer DomainOffensive certbot plugin (commit github.com/NginxProxyManager/nginx-proxy-manager@5d087f1256).

You are correct. This is something that i did not think off and it had been merged without being tested (😢).

In the original PR the issue has been discussed a bit more: #4235

A fix seems to be already in progress: #4406

@FabianK3 commented on GitHub (Mar 28, 2025): > I feel like some transformation of the existing configuration files should have happened when updating from 2.12.2 to 2.12.3. This seems related to updating to the newer DomainOffensive certbot plugin (commit https://github.com/NginxProxyManager/nginx-proxy-manager/commit/5d087f1256cbd110a4ba2e6809616b266d22a43d). You are correct. This is something that i did not think off and it had been merged without being tested (😢). In the original PR the issue has been discussed a bit more: #4235 A fix seems to be already in progress: #4406

kerem commented

2026-02-26 07:36:56 +03:00

Author

Owner

@king05 commented on GitHub (May 14, 2025):

There is another problem with the do.de Certbot.
If you want to create a new SSL certificate, the Credential file Content looks like this:

dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN

However, this results in an error:

CommandError: Saving the debug log in /tmp/letsencrypt-log/letsencrypt.log
Missing property in the credentials configuration file /etc/letsencrypt/credentials/credentials-22:

Property “dns_domainoffensive_api_token” not found (should be API token for Domain Offensive account, obtained from https://my.do.de/settings/domains/general/).
Ask for help or search for solutions at https://community.letsencrypt.org. For more information, see the log file /tmp/letsencrypt-log/letsencrypt.log or run Certbot again with -v.

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)

The Credentials file Content must now read as follows:

dns_domainoffensive_api_token=YOUR_DO_DE_AUTH_TOKEN

With this it works again.

@king05 commented on GitHub (May 14, 2025): There is another problem with the do.de Certbot. If you want to create a new SSL certificate, the Credential file Content looks like this: dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN However, this results in an error: CommandError: Saving the debug log in /tmp/letsencrypt-log/letsencrypt.log Missing property in the credentials configuration file /etc/letsencrypt/credentials/credentials-22: * Property “dns_domainoffensive_api_token” not found (should be API token for Domain Offensive account, obtained from https://my.do.de/settings/domains/general/). Ask for help or search for solutions at https://community.letsencrypt.org. For more information, see the log file /tmp/letsencrypt-log/letsencrypt.log or run Certbot again with -v. at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) The Credentials file Content must now read as follows: dns_domainoffensive_api_token=YOUR_DO_DE_AUTH_TOKEN With this it works again.

kerem commented

2026-02-26 07:36:56 +03:00

Author

Owner

@FabianK3 commented on GitHub (May 14, 2025):

@king05 PR #4406 which addresses this issue and is already related/linked but it is still open at the moment and pending review/merge.

@FabianK3 commented on GitHub (May 14, 2025): @king05 PR #4406 which addresses this issue and is already related/linked but it is still open at the moment and pending review/merge.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2834

No description provided.

Rows
Columns