starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00

[GH-ISSUE #4439] Test server reachability for certificate renewal is ok but LetsEncrypt times out #2839

New issue

Open

opened 2026-02-26 07:36:57 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 07:36:57 +03:00

Owner

Originally created by @leolivier on GitHub (Mar 16, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4439

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes (but it's hard and I might have missed it)

Describe the bug
I have a certificate for several subdomains of my domain and it's due for renewal in less than one month but it's not renewed. When I look in the docker logs, I see the renewal fails. When I look in the letsencrypt logs, I see there is a timeout

  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2145812125/490610212766/LMXH2A",
      "status": "invalid",
      "validated": "2025-03-16T10:21:55Z",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "2001:861:281f:1db0:319a:c9fb:a28d:700f: Fetching https://mydomain.tld/.well-known/acme-challenge/pNedRN7tllaGBrfOAC9pJ31UsELMTmXxLkVXtQTX--E: Timeout during connect (likely firewall problem)",
        "status": 400
      },

But when I run the Test Server Reachability, everything works fine:

Other checks I did:

To check there were no issue on the permission, on the network, on the firewall..., I created a brand new certificate for another subdomain and it worked!
My existing subdomains are still reachable with the current version of the certificate, so NPM is running properly and forwards to the proxied containers
I spied on the challenges directory and saw the challenge file appear during the process and disappear when it failed.
The certificate is linked to 7 subdomains but I see only 3 of them failing with the timeout error (and again these 3 are working properly when you access them). The 4 other ones are validated by LetsEncrypt.

Nginx Proxy Manager Version
v2.12.3

Operating System
Docker on RPI5 (RPI OS up to date)

Additional context
I compared the xx.conf between some working and non working subdomains and found no difference except server name, port and log files

Originally created by @leolivier on GitHub (Mar 16, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4439 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes (but it's hard and I might have missed it) **Describe the bug** I have a certificate for several subdomains of my domain and it's due for renewal in less than one month but it's not renewed. When I look in the docker logs, I see the renewal fails. When I look in the letsencrypt logs, I see there is a timeout ``` "challenges": [ { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2145812125/490610212766/LMXH2A", "status": "invalid", "validated": "2025-03-16T10:21:55Z", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "2001:861:281f:1db0:319a:c9fb:a28d:700f: Fetching https://mydomain.tld/.well-known/acme-challenge/pNedRN7tllaGBrfOAC9pJ31UsELMTmXxLkVXtQTX--E: Timeout during connect (likely firewall problem)", "status": 400 }, ``` But when I run the Test Server Reachability, everything works fine: ![Image](https://github.com/user-attachments/assets/6d948b9c-0ea8-4996-9e86-a8b8e8a83658) Other checks I did: * To check there were no issue on the permission, on the network, on the firewall..., I created a brand new certificate for another subdomain and it worked! * My existing subdomains are still reachable with the current version of the certificate, so NPM is running properly and forwards to the proxied containers * I spied on the challenges directory and saw the challenge file appear during the process and disappear when it failed. * The certificate is linked to 7 subdomains but I see only 3 of them failing with the timeout error (and again these 3 are working properly when you access them). The 4 other ones are validated by LetsEncrypt. **Nginx Proxy Manager Version** v2.12.3 **Operating System** Docker on RPI5 (RPI OS up to date) **Additional context** I compared the xx.conf between some working and non working subdomains and found no difference except server name, port and log files

kerem added the

stale

bug

labels

2026-02-26 07:36:57 +03:00

kerem commented

2026-02-26 07:36:57 +03:00

Author

Owner

@leolivier commented on GitHub (Mar 16, 2025):

The issue remains but I discovered that NPM could manage wildcards though APIs with my DNS provider so I created a wildcard cert and removed this one

@leolivier commented on GitHub (Mar 16, 2025): The issue remains but I discovered that NPM could manage wildcards though APIs with my DNS provider so I created a wildcard cert and removed this one

kerem commented

2026-02-26 07:36:57 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Sep 23, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Sep 23, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2839

No description provided.

Rows
Columns