[GH-ISSUE #1126] DNS Challenge DuckDNS #926

New issue

Closed

opened 2026-02-26 06:34:59 +03:00 by kerem · 3 comments

kerem commented 2026-02-26 06:34:59 +03:00

Owner

Copy link

Originally created by @Thomas55555 on GitHub (May 26, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1126

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

With the DNS Challenge I can create a certificate for yyy.xxx.duckdns.org. But it's no possible for *.xxx.duckdns.org or xxx.duckdns.org

Nginx Proxy Manager Version

2.9.3

Expected behavior

It should also be able to create a certificate for the domain, one level higher. In general it should be possible: https://github.com/infinityofspace/certbot_dns_duckdns

Operating System

Debian 10.9

Additional context
This is the error log:

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns  --dns-duckdns-token dns_duckdns_token=secret_token
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-duckdns, Installer None
Performing the following challenges:
dns-01 challenge for xxx.duckdns.org
Cleaning up challenges
Encountered exception during recovery: certbot.errors.PluginError: The clearing of the TXT record for domain "xxx.duckdns.org" was not successful.
Request status code: 200
Request response text: KO
The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Looking in /var/log/letsencrypt/letsencrypt.log shows:

Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1304, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/plugins/dns_common.py", line 60, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/cert/client.py", line 72, in _perform
    raise errors.PluginError(e)
certbot.errors.PluginError: The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO
2021-05-26 14:17:15,451:ERROR:certbot._internal.log:The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO

Originally created by @Thomas55555 on GitHub (May 26, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1126 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** <!-- A clear and concise description of what the bug is. --> With the DNS Challenge I can create a certificate for yyy.xxx.duckdns.org. But it's no possible for *.xxx.duckdns.org or xxx.duckdns.org **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> 2.9.3 **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> It should also be able to create a certificate for the domain, one level higher. In general it should be possible: https://github.com/infinityofspace/certbot_dns_duckdns **Operating System** <!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. --> Debian 10.9 **Additional context** This is the error log: ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token dns_duckdns_token=secret_token Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-duckdns, Installer None Performing the following challenges: dns-01 challenge for xxx.duckdns.org Cleaning up challenges Encountered exception during recovery: certbot.errors.PluginError: The clearing of the TXT record for domain "xxx.duckdns.org" was not successful. Request status code: 200 Request response text: KO The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) ``` Looking in /var/log/letsencrypt/letsencrypt.log shows: ``` Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1304, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/opt/certbot/lib/python3.7/site-packages/certbot/plugins/dns_common.py", line 60, in perform self._perform(domain, validation_domain_name, validation) File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/cert/client.py", line 72, in _perform raise errors.PluginError(e) certbot.errors.PluginError: The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO 2021-05-26 14:17:15,451:ERROR:certbot._internal.log:The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO ```

kerem 2026-02-26 06:34:59 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 06:34:59 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 26, 2021):

I'm pretty sure this is not an issue with npm but instead with the DNS plugin you linked. Have you checked whether the same issue arises with a local installation of certbot and the duckdns plugin? If it works locally, but not in npm I will reopen this issue. Otherwise please open an issue over there.

<!-- gh-comment-id:848965291 --> @chaptergy commented on GitHub (May 26, 2021): I'm pretty sure this is not an issue with npm but instead with the DNS plugin you linked. Have you checked whether the same issue arises with a local installation of certbot and the duckdns plugin? If it works locally, but not in npm I will reopen this issue. Otherwise please open an issue over there.

kerem commented 2026-02-26 06:34:59 +03:00

Author

Owner

Copy link

@Thomas55555 commented on GitHub (May 26, 2021):

Yes, I have checked it on my desktop there it is working. In the meanwhile, i figured out, that the subdomains are not working all the time. And i modified the command in that way:
/opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token secret_token (<dns_duckdns_token=> is missing)
and then it was even working without the subdomain. I also don't understand it. But as it is working for me now, and a have reached the Let's Encrypt fair use limit in the meantime, you can keep it closed.

<!-- gh-comment-id:848974805 --> @Thomas55555 commented on GitHub (May 26, 2021): Yes, I have checked it on my desktop there it is working. In the meanwhile, i figured out, that the subdomains are not working all the time. And i modified the command in that way: `/opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token secret_token` (<dns_duckdns_token=> is missing) and then it was even working without the subdomain. I also don't understand it. But as it is working for me now, and a have reached the Let's Encrypt fair use limit in the meantime, you can keep it closed.

kerem commented 2026-02-26 06:34:59 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 26, 2021):

Allright, let me know if anything "fixable" ever comes of it. And just FYI if you didn't already know: certbot has the flag --dry-run, if you add that the command is run against letsencrypts staging environment, and not the actual thing, so you won't be rate limited by the actual API

<!-- gh-comment-id:849038604 --> @chaptergy commented on GitHub (May 26, 2021): Allright, let me know if anything "fixable" ever comes of it. And just FYI if you didn't already know: certbot has the flag `--dry-run`, if you add that the command is run against letsencrypts staging environment, and not the actual thing, so you won't be rate limited by the actual API

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#926

No description provided.