[GH-ISSUE #364] Add Letsencrypt cert authentication method choice #312

New issue

Closed

opened 2026-02-26 06:32:13 +03:00 by kerem · 4 comments

kerem commented 2026-02-26 06:32:13 +03:00

Owner

Copy link

Originally created by @lobradov on GitHub (Apr 12, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/364

Problem statement

Nginx-proxy-manager only supports "webhook" authentication method, implying that tcp/80 and/or tcp/443 have to be accessible from the internet.
That is very rarely the case on residential broadband connections.
Letsencrypt also supports various DNS methods that do not require said ports to be accessible.

Proposed solution

Add options on "Add SSL certificate" that would allow to choose:

• LetsEncrypt Auth method (Webhook or DNS)
• DNS parameters, if DNS option is chosen

Additional info

Two side projects exist that make auth/cert management with Letsencrypt easier:

• dehydrated - https://github.com/dehydrated-io/dehydrated. - bash for Letsencrypt
• lexicon - https://github.com/AnalogJ/lexicon - DNS record manipulation

Combination of both allows necessary tokens/challenges to be updated for Letsencrypt over DNS to work.

Home Assistant "DuckDNS add-on" essentially uses both to renew both DuckDNS registration (less important) and LetsEncrypt certificate.

Originally created by @lobradov on GitHub (Apr 12, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/364 ## Problem statement Nginx-proxy-manager only supports "webhook" authentication method, implying that tcp/80 and/or tcp/443 have to be accessible from the internet. That is very rarely the case on residential broadband connections. Letsencrypt also supports various DNS methods that do not require said ports to be accessible. ## Proposed solution Add options on "Add SSL certificate" that would allow to choose: - LetsEncrypt Auth method (Webhook or DNS) - DNS parameters, if DNS option is chosen ## Additional info Two side projects exist that make auth/cert management with Letsencrypt easier: - dehydrated - https://github.com/dehydrated-io/dehydrated. - bash for Letsencrypt - lexicon - https://github.com/AnalogJ/lexicon - DNS record manipulation Combination of both allows necessary tokens/challenges to be updated for Letsencrypt over DNS to work. Home Assistant "DuckDNS add-on" essentially uses both to renew both DuckDNS registration (less important) and LetsEncrypt certificate.

kerem 2026-02-26 06:32:13 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-02-26 06:32:13 +03:00

Author

Owner

Copy link

@jodab commented on GitHub (Apr 16, 2020):

Support for dnsapi such as what acme.sh does would indeed be a nice addition.

<!-- gh-comment-id:614730960 --> @jodab commented on GitHub (Apr 16, 2020): Support for dnsapi such as what acme.sh does would indeed be a nice addition.

kerem commented 2026-02-26 06:32:13 +03:00

Author

Owner

Copy link

@vic4hub commented on GitHub (Dec 23, 2020):

hey guys, I see that this now seems to be in, however, I am using duckdns and that is unfortunately not an option. As for the aforementioned "webhook" option, as far as I understand it all that is needed is to open up ports 80 and 443 - however it seems to be broken. Seems proxy manager does not expose /.well-known/acme-challenge/ out the gate, please advise.

<!-- gh-comment-id:750367154 --> @vic4hub commented on GitHub (Dec 23, 2020): hey guys, I see that this now seems to be in, however, I am using duckdns and that is unfortunately not an option. As for the aforementioned "webhook" option, as far as I understand it all that is needed is to open up ports 80 and 443 - however it seems to be broken. Seems proxy manager does not expose /.well-known/acme-challenge/ out the gate, please advise.

kerem commented 2026-02-26 06:32:13 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 9, 2021):

@vic4hub please open a separate issue for this.

DNS challenges are now supported (through certbot and its dns plugins).

<!-- gh-comment-id:835854896 --> @chaptergy commented on GitHub (May 9, 2021): @vic4hub please open a separate issue for this. DNS challenges are now supported (through certbot and its dns plugins).

kerem commented 2026-02-26 06:32:13 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 10, 2021):

@vic4hub BTW, duckDNS is in our supported providers list, however I think it won't work, but I already created a pull request in the duckDNS plugin repo to fix this.

<!-- gh-comment-id:836862622 --> @chaptergy commented on GitHub (May 10, 2021): @vic4hub BTW, duckDNS is in our supported providers list, however I think it won't work, but I already created a pull request in the duckDNS plugin repo to fix this.

kerem referenced this issue 2026-02-26 07:38:31 +03:00

[PR #351] [MERGED] v2.2.2 Release #3225

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/prod-minor-updates-5edfafad3a

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#312

No description provided.