starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1018] Problems in renewing certificates #857

New issue
Closed
opened 2026-02-26 06:34:42 +03:00 by kerem · 2 comments
kerem commented 2026-02-26 06:34:42 +03:00
Owner
Copy link

Originally created by @trenetics on GitHub (Apr 14, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1018

Describe the bug
Im having some trouble renewing certs with CloudFlare DNS Token. If i try to renew my certs manually it works, but takes a couple of minutes and the UI times out.

Auto renewals fail:

today at 21:26:56  `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
today at 21:26:56  `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
today at 21:26:56  QueryBuilder#omit is deprecated. This method will be removed in version 3.0
today at 21:27:24  [4/14/2021] [7:27:24 PM] [SSL      ] › ✖  error     Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
today at 21:27:24  Challenge failed for domain te55er4ct.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain dr1v3.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-21) from /etc/letsencrypt/renewal/npm-21.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain qu4n7um.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain tr3nw1k1.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-30) from /etc/letsencrypt/renewal/npm-30.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain b1tw4rd3n.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-34) from /etc/letsencrypt/renewal/npm-34.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain a1rs0n1c.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-35) from /etc/letsencrypt/renewal/npm-35.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain s3nt1n3l.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-36) from /etc/letsencrypt/renewal/npm-36.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  Challenge failed for domain tr3nw1k1.trenetics.io
today at 21:27:24  Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Some challenges have failed.. Skipping.
today at 21:27:24  All renewal attempts failed. The following certs could not be renewed:
today at 21:27:24    /etc/letsencrypt/live/npm-20/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-21/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-22/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-30/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-34/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-35/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-36/fullchain.pem (failure)
today at 21:27:24    /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
today at 21:27:24  8 renew failure(s), 0 parse failure(s)
today at 21:27:24  
today at 21:27:24      at ChildProcess.exithandler (child_process.js:308:12)
today at 21:27:24      at ChildProcess.emit (events.js:314:20)
today at 21:27:24      at maybeClose (internal/child_process.js:1051:16)
today at 21:27:24      at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)`

If i try to renew one of the above certs manually: (it works, but extremely slow)

today at 21:29:26  [4/14/2021] [7:29:26 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates via Cloudflare for Cert #35: xxx.xxx.xx
today at 21:34:26  [4/14/2021] [7:34:26 PM] [SSL      ] › ℹ  info      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
today at 21:34:26  Processing /etc/letsencrypt/renewal/npm-35.conf
today at 21:34:26  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
today at 21:34:26  
today at 21:34:26  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
today at 21:34:26  new certificate deployed without reload, fullchain is
today at 21:34:26  /etc/letsencrypt/live/npm-35/fullchain.pem
today at 21:34:26  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
today at 21:34:26  
today at 21:34:26  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
today at 21:34:26  
today at 21:34:26  Congratulations, all renewals succeeded. The following certs have been renewed:
today at 21:34:26    /etc/letsencrypt/live/npm-35/fullchain.pem (success)
today at 21:34:26  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I get a time out in UI: (but the cert, renews in background)

image

Operating System
Ubuntu Docker - Latest image of NPM pulled

Any ideas?

Originally created by @trenetics on GitHub (Apr 14, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1018 **Describe the bug** Im having some trouble renewing certs with CloudFlare DNS Token. If i try to renew my certs manually it works, but takes a couple of minutes and the UI times out. Auto renewals fail: ``` today at 21:26:56 `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0 today at 21:26:56 `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0 today at 21:26:56 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 today at 21:27:24 [4/14/2021] [7:27:24 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation today at 21:27:24 Challenge failed for domain te55er4ct.trenetics.io today at 21:27:24 Attempting to renew cert (npm-20) from /etc/letsencrypt/renewal/npm-20.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain dr1v3.trenetics.io today at 21:27:24 Attempting to renew cert (npm-21) from /etc/letsencrypt/renewal/npm-21.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain qu4n7um.trenetics.io today at 21:27:24 Attempting to renew cert (npm-22) from /etc/letsencrypt/renewal/npm-22.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain tr3nw1k1.trenetics.io today at 21:27:24 Attempting to renew cert (npm-30) from /etc/letsencrypt/renewal/npm-30.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain b1tw4rd3n.trenetics.io today at 21:27:24 Attempting to renew cert (npm-34) from /etc/letsencrypt/renewal/npm-34.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain a1rs0n1c.trenetics.io today at 21:27:24 Attempting to renew cert (npm-35) from /etc/letsencrypt/renewal/npm-35.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain s3nt1n3l.trenetics.io today at 21:27:24 Attempting to renew cert (npm-36) from /etc/letsencrypt/renewal/npm-36.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 Challenge failed for domain tr3nw1k1.trenetics.io today at 21:27:24 Attempting to renew cert (npm-4) from /etc/letsencrypt/renewal/npm-4.conf produced an unexpected error: Some challenges have failed.. Skipping. today at 21:27:24 All renewal attempts failed. The following certs could not be renewed: today at 21:27:24 /etc/letsencrypt/live/npm-20/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-21/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-22/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-30/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-34/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-35/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-36/fullchain.pem (failure) today at 21:27:24 /etc/letsencrypt/live/npm-4/fullchain.pem (failure) today at 21:27:24 8 renew failure(s), 0 parse failure(s) today at 21:27:24 today at 21:27:24 at ChildProcess.exithandler (child_process.js:308:12) today at 21:27:24 at ChildProcess.emit (events.js:314:20) today at 21:27:24 at maybeClose (internal/child_process.js:1051:16) today at 21:27:24 at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)` ``` If i try to renew one of the above certs manually: (it works, but extremely slow) ``` today at 21:29:26 [4/14/2021] [7:29:26 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via Cloudflare for Cert #35: xxx.xxx.xx today at 21:34:26 [4/14/2021] [7:34:26 PM] [SSL ] › ℹ info - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - today at 21:34:26 Processing /etc/letsencrypt/renewal/npm-35.conf today at 21:34:26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - today at 21:34:26 today at 21:34:26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - today at 21:34:26 new certificate deployed without reload, fullchain is today at 21:34:26 /etc/letsencrypt/live/npm-35/fullchain.pem today at 21:34:26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - today at 21:34:26 today at 21:34:26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - today at 21:34:26 today at 21:34:26 Congratulations, all renewals succeeded. The following certs have been renewed: today at 21:34:26 /etc/letsencrypt/live/npm-35/fullchain.pem (success) today at 21:34:26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` I get a time out in UI: (but the cert, renews in background) ![image](https://user-images.githubusercontent.com/56591389/114769663-c90b7e80-9d6a-11eb-8437-eb948e09547f.png) **Operating System** Ubuntu Docker - Latest image of NPM pulled Any ideas?
kerem 2026-02-26 06:34:42 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 06:34:43 +03:00
Author
Owner
Copy link

@jonasled commented on GitHub (Apr 16, 2021):

I had the same problem, it looks like certbot shippped with alpine is a older version, which isn't anymore supported. I've switched in my custom container to a install via pip and then everything works again. (https://gitlab.jonasled.de/jonasled/nginx-proxy-manager-dark/-/blob/master/docker/Dockerfile)

<!-- gh-comment-id:820984343 --> @jonasled commented on GitHub (Apr 16, 2021): I had the same problem, it looks like certbot shippped with alpine is a older version, which isn't anymore supported. I've switched in my custom container to a install via pip and then everything works again. (https://gitlab.jonasled.de/jonasled/nginx-proxy-manager-dark/-/blob/master/docker/Dockerfile)
kerem commented 2026-02-26 06:34:43 +03:00
Author
Owner
Copy link

@jonasled commented on GitHub (May 8, 2021):

Interesting news. I had the problem again on the new debian based container and after executing certbot renew by hand and restarting the container it worked

<!-- gh-comment-id:835415355 --> @jonasled commented on GitHub (May 8, 2021): Interesting news. I had the problem again on the new debian based container and after executing `certbot renew` by hand and restarting the container it worked
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#857
No description provided.