starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00

[GH-ISSUE #1004] Unable to obtain LE Certificate #843

New issue

Closed

opened 2026-02-26 06:34:38 +03:00 by kerem · 3 comments

kerem commented

2026-02-26 06:34:38 +03:00

Owner

Originally created by @LiohMoeller on GitHub (Apr 9, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1004

I am trying to set up LE Certificates for a specific host, but always get the following error:

2021-04-09 10:04:33,837:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: mydomain.xyz
Type: connection
Detail: Fetching http://mydomain.xyz/.well-known/acme-challenge/3CH5dAf75xZ3hJ5AMqtkLix6JP2G1pbi2UWLN4CChDI: Connection reset by peer

Domain: www.mydomain.xyz
Type: connection
Detail: Fetching http://www.mydomain.xyz/.well-known/acme-challenge/zEAly2rGTXwZUWKEQsp5AVJZH8Hn1SbuyR3xo1R9HLc: Connection reset by peer

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-04-09 10:04:33,837:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

DNS is setup correctly and the domains are reachable via 80 and 443 from the internet.

What am I missing?

Originally created by @LiohMoeller on GitHub (Apr 9, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1004 I am trying to set up LE Certificates for a specific host, but always get the following error: 2021-04-09 10:04:33,837:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server: Domain: mydomain.xyz Type: connection Detail: Fetching http://mydomain.xyz/.well-known/acme-challenge/3CH5dAf75xZ3hJ5AMqtkLix6JP2G1pbi2UWLN4CChDI: Connection reset by peer Domain: www.mydomain.xyz Type: connection Detail: Fetching http://www.mydomain.xyz/.well-known/acme-challenge/zEAly2rGTXwZUWKEQsp5AVJZH8Hn1SbuyR3xo1R9HLc: Connection reset by peer To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. 2021-04-09 10:04:33,837:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. DNS is setup correctly and the domains are reachable via 80 and 443 from the internet. What am I missing?

kerem

2026-02-26 06:34:38 +03:00

closed this issue
added the
stale

bug
labels

kerem commented

2026-02-26 06:34:38 +03:00

Author

Owner

@LiohMoeller commented on GitHub (Apr 12, 2021):

The issue was related to IPv6 being enabled on the host. The default configuration using docker-compose does not enable IPv6 on the docker network.

A solution is to manually configure the network manually in docker-compose.yml like:

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    networks:
      nginx-proxy-manager:
        ipv4_address: 172.18.0.10
        ipv6_address: fd00::10
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: always
    networks:
      nginx-proxy-manager:
        ipv4_address: 172.18.0.11
        ipv6_address: fd00::11
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
networks:
  nginx-proxy-manager:
    name: nginx-proxy-manager
    driver: bridge
    enable_ipv6: true
    ipam:
      driver: default
      config:
      - subnet: 172.18.0.0/16
      - subnet: fd00::/64

In addition, recent Docker versions include ip6tables for IPv6-NAT which can be enabled in: /etc/docker/daemon.json

{
  "experimental": true,
  "ip6tables": true,
  "userland-proxy": false
}

Disabling userland-proxy is recommended if real-IP should be visible in Proxy Logs.

@LiohMoeller commented on GitHub (Apr 12, 2021): The issue was related to IPv6 being enabled on the host. The default configuration using docker-compose does not enable IPv6 on the docker network. A solution is to manually configure the network manually in docker-compose.yml like: ``` version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: always networks: nginx-proxy-manager: ipv4_address: 172.18.0.10 ipv6_address: fd00::10 ports: - '80:80' - '81:81' - '443:443' environment: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "npm" DB_MYSQL_NAME: "npm" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt db: image: 'jc21/mariadb-aria:latest' restart: always networks: nginx-proxy-manager: ipv4_address: 172.18.0.11 ipv6_address: fd00::11 environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'npm' volumes: - ./data/mysql:/var/lib/mysql networks: nginx-proxy-manager: name: nginx-proxy-manager driver: bridge enable_ipv6: true ipam: driver: default config: - subnet: 172.18.0.0/16 - subnet: fd00::/64 ``` In addition, recent Docker versions include ip6tables for IPv6-NAT which can be enabled in: _/etc/docker/daemon.json_ ``` { "experimental": true, "ip6tables": true, "userland-proxy": false } ``` Disabling userland-proxy is recommended if real-IP should be visible in Proxy Logs.

kerem commented

2026-02-26 06:34:39 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Mar 14, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Mar 14, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 06:34:39 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 26, 2025):

Issue was closed due to inactivity.

@github-actions[bot] commented on GitHub (Apr 26, 2025): Issue was closed due to inactivity.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#843

No description provided.

Rows
Columns