starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #662] certbot-dns-cloudflare no longer installed #561

New issue
Closed
opened 2026-02-26 06:33:23 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 06:33:23 +03:00
Owner
Copy link

Originally created by @mochman on GitHub (Oct 16, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/662

Starting with 2.6.0 and also on 2.6.1, I get an error on startup and any time I try to renew my let's encrypt certs.

[10/16/2020] [10:54:23 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  ,
Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf (cert: npm-3) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.,
Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf (cert: npm-4) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.,
Renewal configuration file /etc/letsencrypt/renewal/npm-5.conf (cert: npm-5) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.,
0 renew failure(s), 3 parse failure(s),
    at ChildProcess.exithandler (child_process.js:308:12),
    at ChildProcess.emit (events.js:314:20),
    at maybeClose (internal/child_process.js:1051:16),
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5),

Running pip3 list | grep certbot in the docker image shows that only certbot is installed.
It looks like the certbot-dns-cloudflare module isn't installed.

I can run pip3 install certbot-dns-cloudflare in the docker image and the error goes away. I am now able to automatically & manually renew my certs.

Going through the diffs between 2.5.0 and 2.6.0, it looks like the this change to the Dockerfile is causing the problem.

I'm guessing that this is to handle the change to allow for multiple DNS providers.

For those that have the same problem, running docker exec -it PROXY_APP_NAME pip3 install certbot-dns-cloudflare should fix the issue.

Originally created by @mochman on GitHub (Oct 16, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/662 Starting with 2.6.0 and also on 2.6.1, I get an error on startup and any time I try to renew my let's encrypt certs. ``` [10/16/2020] [10:54:23 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation , Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf (cert: npm-3) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping., Renewal configuration file /etc/letsencrypt/renewal/npm-4.conf (cert: npm-4) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping., Renewal configuration file /etc/letsencrypt/renewal/npm-5.conf (cert: npm-5) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping., 0 renew failure(s), 3 parse failure(s), at ChildProcess.exithandler (child_process.js:308:12), at ChildProcess.emit (events.js:314:20), at maybeClose (internal/child_process.js:1051:16), at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5), ``` Running `pip3 list | grep certbot` in the docker image shows that only certbot is installed. It looks like the certbot-dns-cloudflare module isn't installed. I can run `pip3 install certbot-dns-cloudflare` in the docker image and the error goes away. I am now able to automatically & manually renew my certs. Going through the diffs between 2.5.0 and 2.6.0, it looks like the [this change](https://github.com/jc21/nginx-proxy-manager/commit/2523424f682d5f1da5a28324277acd4c3f1abdb8#diff-f34da55ca08f1a30591d8b0b3e885bcc678537b2a9a4aadea4f190806b374ddcL21) to the Dockerfile is causing the problem. I'm guessing that this is to handle the change to allow for multiple DNS providers. --- For those that have the same problem, running `docker exec -it PROXY_APP_NAME pip3 install certbot-dns-cloudflare` should fix the issue.
kerem 2026-02-26 06:33:23 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Oct 16, 2020):

@chaptergy is this related to #635 ?

<!-- gh-comment-id:710695445 --> @jc21 commented on GitHub (Oct 16, 2020): @chaptergy is this related to #635 ?
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@mochman commented on GitHub (Oct 17, 2020):

Yeah, the change to the Dockerfile was made in that pull request.

I tried creating new certs in 2.6.1 using the new system, but I still got the same error as before (after a fresh docker pull). I'll look more through the new DNS challenge updates to see if it's just something strange on my end.

<!-- gh-comment-id:710759432 --> @mochman commented on GitHub (Oct 17, 2020): Yeah, the change to the Dockerfile was made in that pull request. I tried creating new certs in 2.6.1 using the new system, but I still got the same error as before (after a fresh docker pull). I'll look more through the new DNS challenge updates to see if it's just something strange on my end.
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@mochman commented on GitHub (Oct 17, 2020):

Alright, I think I got it figured out. The issue is in /backend/internal/certificate.js.
The function called requestLetsEncryptSslWithDnsChallenge will install the correct module based on what the user selects for their DNS provider. The issue is that function is only called on a new certificate creation, not on startup or renewal.
After a new cert is created, everything works normally through container restarts.

<!-- gh-comment-id:710764057 --> @mochman commented on GitHub (Oct 17, 2020): Alright, I think I got it figured out. The issue is in `/backend/internal/certificate.js`. [The function](https://github.com/jc21/nginx-proxy-manager/blob/e3399e10358d61b524d4b3f7edec39e604756d03/backend/internal/certificate.js#L782) called `requestLetsEncryptSslWithDnsChallenge` will [install the correct module](https://github.com/jc21/nginx-proxy-manager/blob/e3399e10358d61b524d4b3f7edec39e604756d03/backend/internal/certificate.js#L793) based on what the user selects for their DNS provider. The issue is that function is only called on a new certificate creation, not on startup or renewal. After a new cert is created, everything works normally through container restarts.
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (Oct 17, 2020):

renewLetsEncryptSslWithDnsChallenge will also install the correct module. This means these is a second different renew function somewhere, which is not specific for a single certificate but renews all of them. I'll start looking for that.

<!-- gh-comment-id:710768390 --> @chaptergy commented on GitHub (Oct 17, 2020): `renewLetsEncryptSslWithDnsChallenge` will also [install the correct module](https://github.com/jc21/nginx-proxy-manager/blob/e3399e10358d61b524d4b3f7edec39e604756d03/backend/internal/certificate.js#L927). This means these is a second different renew function somewhere, which is not specific for a single certificate but renews all of them. I'll start looking for that.
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (Oct 17, 2020):

Okay, the issue is in processExpiringHosts, where a non-certificate-specific renew is called and no plugins are installed prior. I'll get to fixing the issue. So as a workaround for now klicking on the three dots next to the certificate and then on "renew now" should work too.

<!-- gh-comment-id:710768944 --> @chaptergy commented on GitHub (Oct 17, 2020): Okay, the issue is in `processExpiringHosts`, where a non-certificate-specific renew is called and no plugins are installed prior. I'll get to fixing the issue. So as a workaround for now klicking on the three dots next to the certificate and then on "renew now" should work too.
kerem commented 2026-02-26 06:33:24 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (Nov 6, 2020):

Fixed by #664, can be closed @jc21

<!-- gh-comment-id:723049020 --> @chaptergy commented on GitHub (Nov 6, 2020): Fixed by #664, can be closed @jc21
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#561
No description provided.