[GH-ISSUE #1130] Unable to create a SSL Certificate #928

New issue

Closed

opened 2026-02-26 06:35:00 +03:00 by kerem · 17 comments

kerem commented 2026-02-26 06:35:00 +03:00

Owner

Copy link

Originally created by @LeducH on GitHub (May 27, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1130

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

I am unable to create a ssl certificate

Nginx Proxy Manager Version

v2.9.3

To Reproduce
Steps to reproduce the behavior:
Run nginx proxy manager with the following compose

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    restart: unless-stopped
  db:
    image: 'jc21/mariadb-aria:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
    restart: always

go to ssl certificate. create a certificate for a new domain example.com

Expected behavior

I am able to create the ssl certificate for my domain example.com

Screenshots

Error message

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "huy.theduke@gmail.com" --preferred-challenges "dns,http" --domains "example.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for example.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain example.com
http-01 challenge for example.com
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Operating System

arch for raspberryPi

Additional context

Originally created by @LeducH on GitHub (May 27, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1130 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** <!-- A clear and concise description of what the bug is. --> I am unable to create a ssl certificate **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> v2.9.3 **To Reproduce** Steps to reproduce the behavior: Run nginx proxy manager with the following compose ``` version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' ports: - '80:80' - '81:81' - '443:443' environment: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: "npm" DB_MYSQL_NAME: "npm" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt restart: unless-stopped db: image: 'jc21/mariadb-aria:latest' environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'npm' volumes: - ./data/mysql:/var/lib/mysql restart: always ``` go to ssl certificate. create a certificate for a new domain `example.com` **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> I am able to create the ssl certificate for my domain `example.com` **Screenshots** <!-- If applicable, add screenshots to help explain your problem. --> Error message ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "huy.theduke@gmail.com" --preferred-challenges "dns,http" --domains "example.com" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for example.com Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain example.com http-01 challenge for example.com Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) ``` **Operating System** <!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. --> arch for raspberryPi **Additional context** <!-- Add any other context about the problem here, docker version, browser version, logs if applicable to the problem. Too much info is better than too little. -->

kerem 2026-02-26 06:35:00 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@yieldhog commented on GitHub (May 28, 2021):

Also getting this error, specifically with Cloudflare when adding a new domain, had been working perfectly.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "xxxxxx@gmail.com" --domains "my.domain.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-34"
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-cloudflare-credentials /etc/letsencrypt/credentials/credentials-34

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Socket. (node:internal/child_process:453:11)
    at Socket.emit (node:events:369:20)
    at Pipe. (node:net:666:12)

<!-- gh-comment-id:850088542 --> @yieldhog commented on GitHub (May 28, 2021): Also getting this error, specifically with Cloudflare when adding a new domain, had been working perfectly. ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "xxxxxx@gmail.com" --domains "my.domain.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-34" usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-cloudflare-credentials /etc/letsencrypt/credentials/credentials-34 at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Socket. (node:internal/child_process:453:11) at Socket.emit (node:events:369:20) at Pipe. (node:net:666:12) ```

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 28, 2021):

@LeducH Is your pi (port 80 / 443) exposed to the internet and does the domain example.com you are trying to verify have a record containg the public IP of your pi? See Hosting your home network.

@yieldhog Your problem is totally different than what this issue is about. The issue you have seems to be identical to this one: https://github.com/jc21/nginx-proxy-manager/issues/1109

<!-- gh-comment-id:850189497 --> @chaptergy commented on GitHub (May 28, 2021): @LeducH Is your pi (port 80 / 443) exposed to the internet and does the domain `example.com` you are trying to verify have a record containg the public IP of your pi? See [Hosting your home network](https://nginxproxymanager.com/guide/#hosting-your-home-network). @yieldhog Your problem is totally different than what this issue is about. The issue you have seems to be identical to this one: https://github.com/jc21/nginx-proxy-manager/issues/1109

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@LeducH commented on GitHub (May 28, 2021):

@chaptergy Yes the ports are open.

<!-- gh-comment-id:850212637 --> @LeducH commented on GitHub (May 28, 2021): @chaptergy Yes the ports are open.

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 28, 2021):

Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network?

<!-- gh-comment-id:850218161 --> @chaptergy commented on GitHub (May 28, 2021): Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network?

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@StarkITA commented on GitHub (May 28, 2021):

I do have the same problem. Since a few days my nginxproxymanager seems completely broken.

<!-- gh-comment-id:850405156 --> @StarkITA commented on GitHub (May 28, 2021): I do have the same problem. Since a few days my nginxproxymanager seems completely broken.

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@Knocks83 commented on GitHub (May 28, 2021):

Are you using the DNS challenge?

<!-- gh-comment-id:850572173 --> @Knocks83 commented on GitHub (May 28, 2021): Are you using the DNS challenge?

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@joaomarioss commented on GitHub (May 29, 2021):

I'm also having a problem. the certificates have expired. Now there is an error generating a new certificate.

<!-- gh-comment-id:850897299 --> @joaomarioss commented on GitHub (May 29, 2021): I'm also having a problem. the certificates have expired. Now there is an error generating a new certificate.

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@LeducH commented on GitHub (May 29, 2021):

Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network?

Jo I am able to access it with my public ip since other services work

<!-- gh-comment-id:850898730 --> @LeducH commented on GitHub (May 29, 2021): > Just to make extra sure, you are able to reach pages proxied by your npm instance from outside your network? Jo I am able to access it with my public ip since other services work

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@Knocks83 commented on GitHub (May 30, 2021):

what does docker logs say?

<!-- gh-comment-id:850960920 --> @Knocks83 commented on GitHub (May 30, 2021): what does `docker logs` say?

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 30, 2021):

Also have a look at the files inside the container in folder /var/log/letsencrypt/, if they contain any useful information to help pinpoint this issue

<!-- gh-comment-id:850974472 --> @chaptergy commented on GitHub (May 30, 2021): Also have a look at the files inside the container in folder `/var/log/letsencrypt/`, if they contain any useful information to help pinpoint this issue

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@joaomarioss commented on GitHub (Jun 2, 2021):

My error, the dns ip was wrong.
its work.
thanks for help.

<!-- gh-comment-id:852878450 --> @joaomarioss commented on GitHub (Jun 2, 2021): My error, the dns ip was wrong. its work. thanks for help.

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@Hakker commented on GitHub (Jun 3, 2021):

Getting the same behaviour although for me it's a subdomain.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "someone@example.com" --preferred-challenges "dns,http" --domains "wikijs.example.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for wikijs.example.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain wikijs.example.com
http-01 challenge for wikijs.example.com
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

<!-- gh-comment-id:854074669 --> @Hakker commented on GitHub (Jun 3, 2021): Getting the same behaviour although for me it's a subdomain. ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-15" --agree-tos --email "someone@example.com" --preferred-challenges "dns,http" --domains "wikijs.example.com" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for wikijs.example.com Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain wikijs.example.com http-01 challenge for wikijs.example.com Cleaning up challenges Some challenges have failed. at ChildProcess.exithandler (child_process.js:308:12) at ChildProcess.emit (events.js:314:20) at maybeClose (internal/child_process.js:1022:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5) ```

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@Knocks83 commented on GitHub (Jun 3, 2021):

Are you sure the subdomain is reachable from the internet?

If yes, try running the certbot renew command inside the container and see what happens

<!-- gh-comment-id:854079350 --> @Knocks83 commented on GitHub (Jun 3, 2021): Are you sure the subdomain is reachable from the internet? If yes, try running the `certbot renew` command inside the container and see what happens

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@theouitdenwaal commented on GitHub (Jun 30, 2021):

In my case, same issue, same error, domain is not reachable from the internet and running certbot renew in the container brings:

2021-06-30 19:41:32,006:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Arguments: []
2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-google,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-30 19:41:32,055:DEBUG:certbot._internal.log:Root logging level set at 30
2021-06-30 19:41:32,058:DEBUG:certbot.display.util:Notifying user:

---

2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: No renewals were attempted.
2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-06-30 19:41:32,060:DEBUG:certbot._internal.renewal:no renewal failures

<!-- gh-comment-id:871257071 --> @theouitdenwaal commented on GitHub (Jun 30, 2021): In my case, same issue, same error, domain is not reachable from the internet and running certbot renew in the container brings: 2021-06-30 19:41:32,006:DEBUG:certbot._internal.main:certbot version: 1.16.0 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Arguments: [] 2021-06-30 19:41:32,007:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-google,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-06-30 19:41:32,055:DEBUG:certbot._internal.log:Root logging level set at 30 2021-06-30 19:41:32,058:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: No renewals were attempted. 2021-06-30 19:41:32,059:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-06-30 19:41:32,060:DEBUG:certbot._internal.renewal:no renewal failures

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@LeducH commented on GitHub (Feb 10, 2022):

still open

<!-- gh-comment-id:1034569138 --> @LeducH commented on GitHub (Feb 10, 2022): still open

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Mar 11, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1987487796 --> @github-actions[bot] commented on GitHub (Mar 11, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 06:35:00 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 23, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2822884856 --> @github-actions[bot] commented on GitHub (Apr 23, 2025): Issue was closed due to inactivity.

kerem referenced this issue 2026-02-26 07:33:58 +03:00

[GH-ISSUE #3072] Support For FASTCGI? #2085

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#928

No description provided.