starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #4711] Let's Encrypt - Propagation Seconds (GUI) not applied for Active24 DNS challenge #2992

New issue
Open
opened 2026-02-26 07:37:31 +03:00 by kerem · 2 comments
kerem commented 2026-02-26 07:37:31 +03:00
Owner
Copy link

Originally created by @elvisek2020 on GitHub (Aug 13, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4711

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes (found #4702 and #1862 for other DNS providers)

Describe the bug

When using the initial wizard to request a Let's Encrypt certificate via DNS Challenge (specifically with Active24), the value entered in the Propagation Seconds field is ignored. Certbot starts DNS validation almost immediately, regardless of what value is entered.

From UI, it appears that the value is acknowledged (e.g. "Waiting up to 600 seconds"), but the challenge is still sent within ~2 seconds. This leads to No TXT record found errors due to insufficient DNS propagation time.

Nginx Proxy Manager Version
jc21/nginx-proxy-manager:latest (tested with version 2.12.6)

To Reproduce

  1. Open the SSL Certificate wizard (before saving any entries to DB).
  2. Select Active24 as DNS provider.
  3. Set a value in Propagation Seconds (e.g. 600).
  4. Complete required fields and start certificate request.
  5. Observe logs and certbot behavior: DNS validation starts too early and fails.

Expected behavior

Certbot should be instructed to wait the specified number of seconds before attempting DNS validation. For Active24, this means passing: –dns-active24-propagation-seconds 600
to the underlying certbot call.

Screenshots

N/A – but can provide if needed.

Operating System

Docker on Debian 12 (but container logic is NPM-specific)

Thank you for your awesome work! Happy to assist with debugging or testing fixes.

Originally created by @elvisek2020 on GitHub (Aug 13, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4711 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes (found #4702 and #1862 for other DNS providers) --- **Describe the bug** When using the initial wizard to request a Let's Encrypt certificate via DNS Challenge (specifically with Active24), the value entered in the **Propagation Seconds** field is ignored. Certbot starts DNS validation almost immediately, regardless of what value is entered. From UI, it appears that the value is acknowledged (e.g. "Waiting up to 600 seconds"), but the challenge is still sent within ~2 seconds. This leads to `No TXT record found` errors due to insufficient DNS propagation time. --- **Nginx Proxy Manager Version** `jc21/nginx-proxy-manager:latest` (tested with version 2.12.6) --- **To Reproduce** 1. Open the SSL Certificate wizard (before saving any entries to DB). 2. Select Active24 as DNS provider. 3. Set a value in **Propagation Seconds** (e.g. 600). 4. Complete required fields and start certificate request. 5. Observe logs and certbot behavior: DNS validation starts too early and fails. --- **Expected behavior** Certbot should be instructed to wait the specified number of seconds before attempting DNS validation. For Active24, this means passing: –dns-active24-propagation-seconds 600 to the underlying certbot call. --- **Screenshots** _N/A – but can provide if needed._ --- **Operating System** Docker on Debian 12 (but container logic is NPM-specific) --- Thank you for your awesome work! Happy to assist with debugging or testing fixes.
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@elvisek2020 commented on GitHub (Aug 13, 2025):

This screenshot shows that I’ve set Propagation Seconds to 900 seconds in the NPM GUI.
However, in the logs, it’s clear that Certbot initiates DNS validation immediately after creating the TXT record, without waiting.

This proves that the propagation_seconds value entered in the wizard is not applied.

Image


This logs confirms that the propagation_seconds value entered in the wizard is not applied at all. 
2025-08-13 14:51:14,373:DEBUG:certbot._internal.display.obj:Notifying user: Waiting at most 900 seconds for DNS changes to propagate
2025-08-13 14:51:15,016:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/.../G2qfDg
2025-08-13 14:51:16,339:DEBUG:acme.client:Received response:
{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "No TXT record found at _acme-challenge.test.example.com"
  }
}```
<!-- gh-comment-id:3184133367 --> @elvisek2020 commented on GitHub (Aug 13, 2025): This screenshot shows that I’ve set Propagation Seconds to 900 seconds in the NPM GUI. However, in the logs, it’s clear that Certbot initiates DNS validation immediately after creating the TXT record, without waiting. This proves that the propagation_seconds value entered in the wizard is not applied. <img width="496" height="1354" alt="Image" src="https://github.com/user-attachments/assets/a04e21db-1591-40fa-9de6-e0540c648792" /> <br> <br> <br> This logs confirms that the propagation_seconds value entered in the wizard is not applied at all. ```2025-08-13 14:51:14,372:DEBUG:certbot_dns_active24.dns_active24:Successfully added TXT record 2025-08-13 14:51:14,373:DEBUG:certbot._internal.display.obj:Notifying user: Waiting at most 900 seconds for DNS changes to propagate 2025-08-13 14:51:15,016:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/.../G2qfDg 2025-08-13 14:51:16,339:DEBUG:acme.client:Received response: { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "No TXT record found at _acme-challenge.test.example.com" } }```
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Feb 25, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3956305847 --> @github-actions[bot] commented on GitHub (Feb 25, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2992
No description provided.