starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #792] SSL Certs Expiry Date Does Not Update with Each Renewal. #671

New issue
Closed
opened 2026-02-26 06:33:56 +03:00 by kerem · 9 comments
kerem commented 2026-02-26 06:33:56 +03:00
Owner
Copy link

Originally created by @korshakov on GitHub (Dec 26, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/792

In admin page SSL Certificates when you create first cert the date is correct in future, but after a while the cert bot renew the cert automatically it does not update expiry date on that page. When renew the cert manually in logs it will say basically no need to renew yet, but then it updates the expiry date in admin panel. See screenshot of domains which looks like they are expired according to the admin panel, but the certs are actually ok.

https://snipboard.io/ysdMXG.jpg

Originally created by @korshakov on GitHub (Dec 26, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/792 In admin page SSL Certificates when you create first cert the date is correct in future, but after a while the cert bot renew the cert automatically it does not update expiry date on that page. When renew the cert manually in logs it will say basically no need to renew yet, but then it updates the expiry date in admin panel. See screenshot of domains which looks like they are expired according to the admin panel, but the certs are actually ok. [https://snipboard.io/ysdMXG.jpg](https://snipboard.io/ysdMXG.jpg)
kerem 2026-02-26 06:33:56 +03:00
  • closed this issue
  • added the
    stale
    bug
         labels
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@moorsey commented on GitHub (Feb 27, 2021):

Just confirming this one and subbing for any updates

<!-- gh-comment-id:787056985 --> @moorsey commented on GitHub (Feb 27, 2021): Just confirming this one and subbing for any updates
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Feb 27, 2021):

This can sometimes happen if certbot fails to renew one of the many certs. Does the docker logs indicate that any of them failed? You can also manually check for failures by running

/usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

inside the docker container.

<!-- gh-comment-id:787057666 --> @jc21 commented on GitHub (Feb 27, 2021): This can sometimes happen if certbot fails to renew one of the many certs. Does the docker logs indicate that any of them failed? You can also manually check for failures by running ```bash /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation ``` inside the docker container.
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@moorsey commented on GitHub (Mar 4, 2021):

Thanks @jc21

Can't see any certs that say they have an error via the web page

Ran the command you suggested, but get an error. Appears there is a folder "/etc/letsencrypt", but no .ini file inside, just futher folders, "accounts", "archive", "csr" etc

docker exec nginxproxymanager_app_1 /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: File not found: /etc/letsencrypt.ini
<!-- gh-comment-id:790433084 --> @moorsey commented on GitHub (Mar 4, 2021): Thanks @jc21 Can't see any certs that say they have an error via the web page Ran the command you suggested, but get an error. Appears there is a folder "/etc/letsencrypt", but no .ini file inside, just futher folders, "accounts", "archive", "csr" etc ``` docker exec nginxproxymanager_app_1 /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: File not found: /etc/letsencrypt.ini ```
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@typoworx-de commented on GitHub (Mar 8, 2021):

The manual should mention that a manual crontask is required. For me autorenewal did not work automatically running the docker-container.

<!-- gh-comment-id:792628119 --> @typoworx-de commented on GitHub (Mar 8, 2021): The manual should mention that a manual crontask is required. For me autorenewal did not work automatically running the docker-container.
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@markmonroy commented on GitHub (Aug 12, 2023):

Hope this helps anyone searching for the same issue.

What I discovered is that some old certs I had deleted from the web interface still resided on disk. NPM was still trying to renew them and throwing an error. As mentioned by @jc21 renewal errors can prevent the UI from updating.

I carefully deleted the zombie certs from:

/etc/letsencrypt/live/

and their corresponding .conf files from:

/etc/letsencrypt/renewal/

Restarted my container and the problem was resolved.

This raises another valid question: why doesn't deleting from the UI remove the cert from disk? But I don't plan to add/remove any certs in the near term so I'll save that rabbit hole for another day.

<!-- gh-comment-id:1675835259 --> @markmonroy commented on GitHub (Aug 12, 2023): Hope this helps anyone searching for the same issue. What I discovered is that some old certs I had deleted from the web interface still resided on disk. NPM was still trying to renew them and throwing an error. As mentioned by @jc21 renewal errors can prevent the UI from updating. I carefully deleted the zombie certs from: /etc/letsencrypt/live/ and their corresponding .conf files from: /etc/letsencrypt/renewal/ Restarted my container and the problem was resolved. This raises another valid question: why doesn't deleting from the UI remove the cert from disk? But I don't plan to add/remove any certs in the near term so I'll save that rabbit hole for another day.
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@boehser-enkel commented on GitHub (Nov 7, 2023):

/etc/letsencrypt/live/

Thank you. Same problem for me.
But how do you see which one is which?

I deleted any except the last 2 (the only ones i use now) but then nginx crashes and wants to load the other certs
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-37/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-37/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

<!-- gh-comment-id:1798194801 --> @boehser-enkel commented on GitHub (Nov 7, 2023): > /etc/letsencrypt/live/ Thank you. Same problem for me. But how do you see which one is which? I deleted any except the last 2 (the only ones i use now) but then nginx crashes and wants to load the other certs `nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/npm-37/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/npm-37/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)`
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@CacklingCapybara commented on GitHub (Jan 13, 2024):

Stumbled upon this while evaluating other reverse proxies. It does indeed seem like the issue with the certificate not showing as renewed in the GUI (despite it renewing successfully) is when some other renewal error occurs. I switched domains, but when deleting the certificate in the GUI it does not actually delete the cert on disk, as mentioned above. Here is an easy way to fix it:

This will list all certificates, even if deleted in NPM GUI. Make note of the certificate name
certbot certificates

Then delete the certificate. This option will give you a list of certificates to choose from. Simply choose the certificate that you want deleted, from the number you took a note of above
certbot delete
Confirm you chose the right certificate. Restart the container. Expiration date updated successfully in GUI.

<!-- gh-comment-id:1890583291 --> @CacklingCapybara commented on GitHub (Jan 13, 2024): Stumbled upon this while evaluating other reverse proxies. It does indeed seem like the issue with the certificate not showing as renewed in the GUI (despite it renewing successfully) is when some other renewal error occurs. I switched domains, but when deleting the certificate in the GUI it does not actually delete the cert on disk, as mentioned above. Here is an easy way to fix it: This will list all certificates, even if deleted in NPM GUI. Make note of the certificate name `certbot certificates` Then delete the certificate. This option will give you a list of certificates to choose from. Simply choose the certificate that you want deleted, from the number you took a note of above `certbot delete` Confirm you chose the right certificate. Restart the container. Expiration date updated successfully in GUI.
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Aug 26, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2309152555 --> @github-actions[bot] commented on GitHub (Aug 26, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:33:56 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Sep 21, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:3315439177 --> @github-actions[bot] commented on GitHub (Sep 21, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#671
No description provided.