[GH-ISSUE #999] Unable to renew cert because of outdated certbot? #838

New issue

Closed

opened 2026-02-26 06:34:37 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 06:34:37 +03:00

Owner

Copy link

Originally created by @ikomhoog on GitHub (Apr 4, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/999

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image? yes
• Are you sure you're not using someone else's docker image? yes
• If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? yes

Describe the bug

• A clear and concise description of what the bug is.
  My certs expired and npm cannot renew them because of an error, there is a timeout when trying it manually.
  My certs are cloudflare DNS challenges for "*.mydomain.com" and "mydomain.com" in 1 cert

[4/4/2021] [9:36:57 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/npm-1/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1051:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

• What version of Nginx Proxy Manager is reported on the login page? 2.8.1

To Reproduce
Steps to reproduce the behavior:

1. have an expired cloudflare dns cert
2. try to renew them

Expected behavior
I expected the certs to be renewed

Operating System

• Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error.
  UnRaid Docker

Additional context
UnRaid 6.9.1

Originally created by @ikomhoog on GitHub (Apr 4, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/999 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? yes - Are you sure you're not using someone else's docker image? yes - If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? yes **Describe the bug** - A clear and concise description of what the bug is. My certs expired and npm cannot renew them because of an error, there is a timeout when trying it manually. My certs are cloudflare DNS challenges for "*.mydomain.com" and "mydomain.com" in 1 cert ``` [4/4/2021] [9:36:57 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS. Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-1/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) at ChildProcess.exithandler (child_process.js:308:12) at ChildProcess.emit (events.js:314:20) at maybeClose (internal/child_process.js:1051:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5) ``` - What version of Nginx Proxy Manager is reported on the login page? 2.8.1 **To Reproduce** Steps to reproduce the behavior: 1. have an expired cloudflare dns cert 2. try to renew them **Expected behavior** I expected the certs to be renewed **Operating System** - Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. UnRaid Docker **Additional context** UnRaid 6.9.1

kerem 2026-02-26 06:34:37 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@akanealw commented on GitHub (May 6, 2021):

Did you ever fix this? I'm having the same issue.

<!-- gh-comment-id:833264080 --> @akanealw commented on GitHub (May 6, 2021): Did you ever fix this? I'm having the same issue.

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 6, 2021):

@akanealw what version of Nginx Proxy Manager is shown in the UI?

<!-- gh-comment-id:833300554 --> @jc21 commented on GitHub (May 6, 2021): @akanealw what version of Nginx Proxy Manager is shown in the UI?

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@akanealw commented on GitHub (May 6, 2021):

2.9.0. I'm running jc21/nginx-proxy-manager:latest and I repulled it just in case there was a new version but no change.

<!-- gh-comment-id:833304103 --> @akanealw commented on GitHub (May 6, 2021): 2.9.0. I'm running jc21/nginx-proxy-manager:latest and I repulled it just in case there was a new version but no change.

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@akanealw commented on GitHub (May 6, 2021):

I must have left this comment on the wrong issue. I'm trying to generate a certificate for a new domain. My error is different but still something about an outdated certbot version.

An unexpected error occurred:
pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0'))
Please see the logfile '/tmp/tmpe23xh9ls' for more details.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

<!-- gh-comment-id:833306669 --> @akanealw commented on GitHub (May 6, 2021): I must have left this comment on the wrong issue. I'm trying to generate a certificate for a new domain. My error is different but still something about an outdated certbot version. ```Error: Command failed: /usr/bin/certbot certonly --non-interactive --cert-name "npm-11" --agree-tos --email "akanealw@gmail.com" --domains "mydomain.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-11" An unexpected error occurred: pkg_resources.VersionConflict: (certbot 0.31.0 (/usr/lib/python3/dist-packages), Requirement.parse('certbot>=1.1.0')) Please see the logfile '/tmp/tmpe23xh9ls' for more details. at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 6, 2021):

right so the previous certbot version in 2.8.1 (alpine) is 1.4.0, the one in 2.9.0 (debian) is 0.31.0. I'll look at pulling from a more up to date source.

<!-- gh-comment-id:833323562 --> @jc21 commented on GitHub (May 6, 2021): right so the previous certbot version in 2.8.1 (alpine) is 1.4.0, the one in 2.9.0 (debian) is 0.31.0. I'll look at pulling from a more up to date source.

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@akanealw commented on GitHub (May 6, 2021):

Ok, cool. I'm just a bit confused that I'm on 2.9.0 but still somehow 2.8.1? Should I pull jc21/nginx-proxy-manager:2.9.0 instead?

<!-- gh-comment-id:833328341 --> @akanealw commented on GitHub (May 6, 2021): Ok, cool. I'm just a bit confused that I'm on 2.9.0 but still somehow 2.8.1? Should I pull jc21/nginx-proxy-manager:2.9.0 instead?

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (May 6, 2021):

but still somehow 2.8.1

? how do you know you're on an old version, if the UI reports the newest version?

<!-- gh-comment-id:833333137 --> @jc21 commented on GitHub (May 6, 2021): > but still somehow 2.8.1 ? how do you know you're on an old version, if the UI reports the newest version?

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@akanealw commented on GitHub (May 6, 2021):

oh nvm, I was misreading the version mismatch.

<!-- gh-comment-id:833335582 --> @akanealw commented on GitHub (May 6, 2021): oh nvm, I was misreading the version mismatch.

kerem commented 2026-02-26 06:34:38 +03:00

Author

Owner

Copy link

@ikomhoog commented on GitHub (May 6, 2021):

Sorry for the late reply, I didn't fix this, I closed it because it was a duplicate and only discovered it after I made this one.
The other issue thread is: #967
Should have commented that when closing.

<!-- gh-comment-id:833543250 --> @ikomhoog commented on GitHub (May 6, 2021): Sorry for the late reply, I didn't fix this, I closed it because it was a duplicate and only discovered it after I made this one. The other issue thread is: #967 Should have commented that when closing.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#838

No description provided.