[GH-ISSUE #5143] All-Inkl DNS Challenge fails, Property "dns_kas_kas_user" and Property "dns_kas_kas_password" not found #3127

New issue

Closed

opened 2026-02-26 07:37:55 +03:00 by kerem · 12 comments

kerem commented 2026-02-26 07:37:55 +03:00

Owner

Copy link

Originally created by @FlyingT on GitHub (Jan 14, 2026).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/5143

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
All-Inkl DNS Challenge fails, it appears like the Credentials File Content doesnt get passed through the command

Nginx Proxy Manager Version
v2.13.6

To Reproduce
Steps to reproduce the behavior:

1. Go to Certificates
2. Click on Add Certificate > Let's Encryot via DNS
3. Add Domain Name *.mydomain.de
4. Select Key Type RSA 2048
5. Select DNS Provider All-Inkl
6. Enter Credentials File Content
   dns_kas_user = w0123456
   dns_kas_password = secure-password-123
7. Set Propagation Seconds to 600

I can login with the same credentials to https://kas.all-inkl.com/ just fine, so they are correct.

Expected behavior
I receive an certificate

Log
[1/14/2026] [8:18:49 AM] [Nginx ] › ℹ info Reloading Nginx
[1/14/2026] [8:18:49 AM] [Certbot ] › ▶ start Installing kas...
[1/14/2026] [8:18:49 AM] [Certbot ] › ☒ complete Installed kas
[1/14/2026] [8:18:49 AM] [SSL ] › ℹ info Requesting LetsEncrypt certificates via All-Inkl for Cert #7: *.mydomain.de
[1/14/2026] [8:18:49 AM] [SSL ] › ℹ info Command: certbot certonly --config /etc/letsencrypt.ini --work-dir /tmp/letsencrypt-lib --logs-dir /data/logs --cert-name npm-7 --agree-tos -m MY@MAIL.de --preferred-challenges dns --domains *.mydomain.de --authenticator dns-kas --dns-kas-credentials /etc/letsencrypt/credentials/credentials-7 --dns-kas-propagation-seconds 600 --key-type ecdsa
[1/14/2026] [8:18:51 AM] [Nginx ] › ℹ info Reloading Nginx
[1/14/2026] [8:18:51 AM] [Express ] › ⚠ warning Saving debug log to /data/logs/letsencrypt.log
Missing properties in credentials configuration file /etc/letsencrypt/credentials/credentials-7:

• Property "dns_kas_kas_user" not found (should be KAS username/login).
• Property "dns_kas_kas_password" not found (should be KAS password)

Operating System
Ubuntu Server 24.04.3 LTS

Additional context
Firefox 146.0.1, Portainer Community 2.33.5 LTS

Originally created by @FlyingT on GitHub (Jan 14, 2026). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/5143 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** All-Inkl DNS Challenge fails, it appears like the Credentials File Content doesnt get passed through the command **Nginx Proxy Manager Version** v2.13.6 **To Reproduce** Steps to reproduce the behavior: 1. Go to Certificates 2. Click on Add Certificate > Let's Encryot via DNS 3. Add Domain Name *.mydomain.de 4. Select Key Type RSA 2048 5. Select DNS Provider All-Inkl 6. Enter Credentials File Content dns_kas_user = w0123456 dns_kas_password = secure-password-123 7. Set Propagation Seconds to 600 I can login with the same credentials to https://kas.all-inkl.com/ just fine, so they are correct. **Expected behavior** I receive an certificate **Log** [1/14/2026] [8:18:49 AM] [Nginx ] › ℹ info Reloading Nginx [1/14/2026] [8:18:49 AM] [Certbot ] › ▶ start Installing kas... [1/14/2026] [8:18:49 AM] [Certbot ] › ☒ complete Installed kas [1/14/2026] [8:18:49 AM] [SSL ] › ℹ info Requesting LetsEncrypt certificates via All-Inkl for Cert #7: *.mydomain.de [1/14/2026] [8:18:49 AM] [SSL ] › ℹ info Command: certbot certonly --config /etc/letsencrypt.ini --work-dir /tmp/letsencrypt-lib --logs-dir /data/logs --cert-name npm-7 --agree-tos -m MY@MAIL.de --preferred-challenges dns --domains *.mydomain.de --authenticator dns-kas --dns-kas-credentials /etc/letsencrypt/credentials/credentials-7 --dns-kas-propagation-seconds 600 --key-type ecdsa [1/14/2026] [8:18:51 AM] [Nginx ] › ℹ info Reloading Nginx [1/14/2026] [8:18:51 AM] [Express ] › ⚠ warning Saving debug log to /data/logs/letsencrypt.log Missing properties in credentials configuration file /etc/letsencrypt/credentials/credentials-7: * Property "dns_kas_kas_user" not found (should be KAS username/login). * Property "dns_kas_kas_password" not found (should be KAS password) **Operating System** Ubuntu Server 24.04.3 LTS **Additional context** Firefox 146.0.1, Portainer Community 2.33.5 LTS

kerem 2026-02-26 07:37:55 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@Kaputtnique commented on GitHub (Jan 14, 2026):

why no ECDSA 256? thats working for me. but i have no wildcard configured.

also, why "dns_kas_kas_user"

dns_kas_user = your_kas_user
dns_kas_password = your_kas_password

<!-- gh-comment-id:3748563563 --> @Kaputtnique commented on GitHub (Jan 14, 2026): why no ECDSA 256? thats working for me. but i have no wildcard configured. also, why "dns_kas_kas_user" ``` dns_kas_user = your_kas_user dns_kas_password = your_kas_password ```

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@Kaputtnique commented on GitHub (Jan 14, 2026):

hmm, tested another ddns name and that throws same error.. :-D weird

my awnser is "dns_kas_kas_user" too -- but the first one worked like charme

<!-- gh-comment-id:3748589529 --> @Kaputtnique commented on GitHub (Jan 14, 2026): hmm, tested another ddns name and that throws same error.. :-D weird my awnser is "dns_kas_kas_user" too -- but the first one worked like charme

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@FlyingT commented on GitHub (Jan 14, 2026):

also, why "dns_kas_kas_user"

That actually seems to be the issue!

The Enter Credentials File Content preset gives you this:

dns_kas_user = your_kas_user
dns_kas_password = your_kas_password

But certbot is expecting dns_kas_kas_user and dns_kas_kas_password !
So the certbot command needs to be fixed to use the correct variables.

I just confirmed it by manually changing the Enter Credentials File Content to this, notice the double kas:

dns_kas_kas_user = your_kas_user
dns_kas_kas_password = your_kas_password

And it worked!
@jc21 should be an easy fix, just a typo :)

<!-- gh-comment-id:3748741754 --> @FlyingT commented on GitHub (Jan 14, 2026): > also, why "dns_kas_kas_user" That actually seems to be the issue! The Enter Credentials File Content preset gives you this: ``` dns_kas_user = your_kas_user dns_kas_password = your_kas_password ``` But certbot is expecting `dns_kas_kas_user` and `dns_kas_kas_password` ! So the certbot command needs to be fixed to use the correct variables. I just confirmed it by manually changing the Enter Credentials File Content to this, notice the double **kas**: ``` dns_kas_kas_user = your_kas_user dns_kas_kas_password = your_kas_password ``` And it worked! @jc21 should be an easy fix, just a typo :)

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@Kaputtnique commented on GitHub (Jan 14, 2026):

yeah, but it worked once for me lul. and then not. X__x

<!-- gh-comment-id:3748786158 --> @Kaputtnique commented on GitHub (Jan 14, 2026): yeah, but it worked once for me lul. and then not. X__x

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@mobilandi commented on GitHub (Jan 14, 2026):

@FlyingT Thanks for reporting the bug and finding the issue. I built the all-inkl certbot plugin and made an error with the naming convention that certbot expects. I will fix it today. It's no task for jc21, since the certbot plugin is independent from npm.

Just for the technical explanation:
I had to rename the plugin before releasing it on PyPI, because there was already the name reserverd for "certbot_dns_allinkl". Even though there was no release for it. That's why I had to rename some variables and made a careless mistake there.

When it's fixed I will let you know how to get the updated version of the plugin.

<!-- gh-comment-id:3750659603 --> @mobilandi commented on GitHub (Jan 14, 2026): @FlyingT Thanks for reporting the bug and finding the issue. I built the all-inkl certbot plugin and made an error with the naming convention that certbot expects. I will fix it today. It's no task for jc21, since the certbot plugin is independent from npm. Just for the technical explanation: I had to rename the plugin before releasing it on PyPI, because there was already the name reserverd for "certbot_dns_allinkl". Even though there was no release for it. That's why I had to rename some variables and made a careless mistake there. When it's fixed I will let you know how to get the updated version of the plugin.

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@mobilandi commented on GitHub (Jan 14, 2026):

@FlyingT Please restart your container and give it another try. I updated the certbot plugin and npm should pull the newest minor release on every start. Would be nice if you can give me any feedback if it worked for you.

<!-- gh-comment-id:3751126704 --> @mobilandi commented on GitHub (Jan 14, 2026): @FlyingT Please restart your container and give it another try. I updated the certbot plugin and npm should pull the newest minor release on every start. Would be nice if you can give me any feedback if it worked for you.

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@FlyingT commented on GitHub (Jan 14, 2026):

@FlyingT Please restart your container and give it another try. I updated the certbot plugin and npm should pull the newest minor release on every start. Would be nice if you can give me any feedback if it worked for you.

I will try it tomorrow and ping you :)

<!-- gh-comment-id:3751228357 --> @FlyingT commented on GitHub (Jan 14, 2026): > [@FlyingT](https://github.com/FlyingT) Please restart your container and give it another try. I updated the certbot plugin and npm should pull the newest minor release on every start. Would be nice if you can give me any feedback if it worked for you. I will try it tomorrow and ping you :)

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@FlyingT commented on GitHub (Jan 16, 2026):

@mobilandi It now works!

<!-- gh-comment-id:3758674314 --> @FlyingT commented on GitHub (Jan 16, 2026): @mobilandi It now works!

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@mobilandi commented on GitHub (Jan 16, 2026):

Great, thanks for your feedback:)

<!-- gh-comment-id:3758902217 --> @mobilandi commented on GitHub (Jan 16, 2026): Great, thanks for your feedback:)

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@listiges-kaenguru commented on GitHub (Feb 18, 2026):

Hi @mobilandi !

---

EDIT: I just found the problem. I hat 2 problems. My password had illegal characters and 2FA does not seem to be supported.

app-1 | zeep.exceptions.Fault: kas_auth_type_disabled

---

No luck on my site. Do you have any idea what´s wrong? It says "str expected, not list"

app-1  | [2/18/2026] [10:24:40 PM] [Certbot  ] › ▶  start     Installing kas...
app-1  | [2/18/2026] [10:24:43 PM] [Remote Version] › ℹ  info      Fetching https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest
app-1  | [2/18/2026] [10:24:45 PM] [Certbot  ] › ☒  complete  Installed kas
app-1  | [2/18/2026] [10:24:45 PM] [SSL      ] › ℹ  info      Requesting LetsEncrypt certificates via All-Inkl for Cert #33: *.mypage.de
app-1  | [2/18/2026] [10:24:45 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config /etc/letsencrypt.ini --work-dir /tmp/letsencrypt-lib --logs-dir /data/logs --cert-name npm-33 --agree-tos -m info@mypage.de --preferred-challenges dns --domains *.mypage.de --authenticator dns-kas --dns-kas-credentials /etc/letsencrypt/credentials/credentials-33 --dns-kas-propagation-seconds 600 --key-type ecdsa
app-1  | [2/18/2026] [10:24:47 PM] [Nginx    ] › ℹ  info      Reloading Nginx
app-1  | [2/18/2026] [10:24:47 PM] [Express  ] › ⚠  warning   Saving debug log to /data/logs/letsencrypt.log
app-1  | Encountered exception during recovery: TypeError: str expected, not list
app-1  | An unexpected error occurred:
app-1  | TypeError: str expected, not list

<!-- gh-comment-id:3923320052 --> @listiges-kaenguru commented on GitHub (Feb 18, 2026): Hi @mobilandi ! --- > EDIT: I just found the problem. I hat 2 problems. My password had illegal characters and 2FA does not seem to be supported. `app-1 | zeep.exceptions.Fault: kas_auth_type_disabled` --- No luck on my site. Do you have any idea what´s wrong? It says "str expected, not list" ``` app-1 | [2/18/2026] [10:24:40 PM] [Certbot ] › ▶ start Installing kas... app-1 | [2/18/2026] [10:24:43 PM] [Remote Version] › ℹ info Fetching https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest app-1 | [2/18/2026] [10:24:45 PM] [Certbot ] › ☒ complete Installed kas app-1 | [2/18/2026] [10:24:45 PM] [SSL ] › ℹ info Requesting LetsEncrypt certificates via All-Inkl for Cert #33: *.mypage.de app-1 | [2/18/2026] [10:24:45 PM] [SSL ] › ℹ info Command: certbot certonly --config /etc/letsencrypt.ini --work-dir /tmp/letsencrypt-lib --logs-dir /data/logs --cert-name npm-33 --agree-tos -m info@mypage.de --preferred-challenges dns --domains *.mypage.de --authenticator dns-kas --dns-kas-credentials /etc/letsencrypt/credentials/credentials-33 --dns-kas-propagation-seconds 600 --key-type ecdsa app-1 | [2/18/2026] [10:24:47 PM] [Nginx ] › ℹ info Reloading Nginx app-1 | [2/18/2026] [10:24:47 PM] [Express ] › ⚠ warning Saving debug log to /data/logs/letsencrypt.log app-1 | Encountered exception during recovery: TypeError: str expected, not list app-1 | An unexpected error occurred: app-1 | TypeError: str expected, not list ```

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@mobilandi commented on GitHub (Feb 19, 2026):

@listiges-kaenguru
The KAS API of all-inkl sadly doesn't support 2FA if I didn't miss anything. I also had to create another account without 2FA just for those DNS changes.
Do I understand correctly, that your ppassword has characters that are legal for login on the all-inkl website but not for DNS challenge?

<!-- gh-comment-id:3926274834 --> @mobilandi commented on GitHub (Feb 19, 2026): @listiges-kaenguru The KAS API of all-inkl sadly doesn't support 2FA if I didn't miss anything. I also had to create another account without 2FA just for those DNS changes. Do I understand correctly, that your ppassword has characters that are legal for login on the all-inkl website but not for DNS challenge?

kerem commented 2026-02-26 07:37:55 +03:00

Author

Owner

Copy link

@listiges-kaenguru commented on GitHub (Feb 19, 2026):

@mobilandi
Yes that´s correct. Could not figure out which character caused the problem.

I can prove that ! and * are no problem. These worked for me.

<!-- gh-comment-id:3926315705 --> @listiges-kaenguru commented on GitHub (Feb 19, 2026): @mobilandi Yes that´s correct. Could not figure out which character caused the problem. I can prove that ! and * are no problem. These worked for me.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#3127

No description provided.