[GH-ISSUE #1154] Support for Strato Let'e Encrypt DNS challenge #949

New issue

Open

opened 2026-02-26 06:35:08 +03:00 by kerem · 107 comments

kerem commented 2026-02-26 06:35:08 +03:00

Owner

Copy link

Originally created by @psychofaktory on GitHub (Jun 5, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1154

What provider would you like to see added to NPM?
Strato

Have you checked if a certbot plugin exists?
I found this here:
https://github.com/Buxdehuda/strato-certbot

Originally created by @psychofaktory on GitHub (Jun 5, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1154 **What provider would you like to see added to NPM?** Strato **Have you checked if a certbot plugin exists?** I found this here: https://github.com/Buxdehuda/strato-certbot

kerem added the

stale

dns provider request

no certbot plugin available

labels 2026-02-26 06:35:08 +03:00

kerem commented 2026-02-26 06:35:08 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Jun 6, 2021):

Unfortunately the current version of NPM only supports DNS-challenge providers which have a certbot dns plugin. The link you posted is only a manual auth hook certbot integration, which is not supported. And it seems there currently is no actual certbot dns plugin.

<!-- gh-comment-id:855463505 --> @chaptergy commented on GitHub (Jun 6, 2021): Unfortunately the current version of NPM only supports DNS-challenge providers which have a [certbot dns plugin](https://certbot.eff.org/docs/using.html#dns-plugins). The link you posted is only a manual auth hook certbot integration, which is not supported. And it seems there currently is no actual certbot dns plugin.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@psychofaktory commented on GitHub (Jun 8, 2021):

For others with the same problem:

Not a certbot dns plugin, but I've got it managed to get a wildcart cert with the workaround mentioned here:

1. Setup proxy host in NPM (Nginx Proxy Manager) for both domain and wildcard subdomain

2. Setup SSL certificate for just the domain (wildcard input is currently not possible).

Up until here you should have SSL working for the domain, but not the subdomains.

3. In my case NginxProxyManager is a Docker-Container running on Unraid, so /config ist mounted to /mnt/user/appdata/NginxProxyManager

4. Copy auth-hook.py to /config/letsencrypt/renewal-hooks/deploy/

5. Make auth-hook.py executable:
   chmod a+x /config/letsencrypt/renewal-hooks/deploy/auth-hook.py

6. Create strato-auth.json in /config/letsencrypt/renewal-hooks/deploy/
   {
"username": "<username>",
"password": "<password>"
}

7. Replace with open("strato-auth.json") as file: in /config/letsencrypt/renewal-hooks/deploy/auth-hook.py with with open ("/config/letsencrypt/renewal-hooks/deploy/strato-auth.json") as file:

8. Change permissions:
   chmod 0400 /config/letsencrypt/renewal-hooks/deploy/strato-auth.json

9. Modify /config/letsencrypt/renewal/npm-.conf and update the section [renewalparams]:
   authenticator = manual
manual_public_ip_logging_ok = True
manual_auth_hook = /config/letsencrypt/renewal-hooks/deploy/auth-hook.py

10. Extend the certificate (replace <domain>):
    certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py

Now the cert setup in step 2. contains an wildcard-alias an can be assigned to the wildcard subdomain from step 1.

I hope this help some.

<!-- gh-comment-id:857226927 --> @psychofaktory commented on GitHub (Jun 8, 2021): For others with the same problem: Not a certbot dns plugin, but I've got it managed to get a wildcart cert with the workaround mentioned [here](https://github.com/jc21/nginx-proxy-manager/issues/456#issuecomment-671294485): 1. Setup proxy host in NPM (Nginx Proxy Manager) for both domain and wildcard subdomain 2. Setup SSL certificate for just the domain (wildcard input is currently not possible). Up until here you should have SSL working for the domain, but not the subdomains. 3. In my case NginxProxyManager is a Docker-Container running on Unraid, so /config ist mounted to /mnt/user/appdata/NginxProxyManager 4. Copy [auth-hook.py](https://raw.githubusercontent.com/Buxdehuda/strato-certbot/master/auth-hook.py) to /config/letsencrypt/renewal-hooks/deploy/ 5. Make auth-hook.py executable: `chmod a+x /config/letsencrypt/renewal-hooks/deploy/auth-hook.py` 6. Create strato-auth.json in /config/letsencrypt/renewal-hooks/deploy/ `{` ` "username": "<username>",` ` "password": "<password>"` `}` 7. Replace `with open("strato-auth.json") as file:` in /config/letsencrypt/renewal-hooks/deploy/auth-hook.py with `with open ("/config/letsencrypt/renewal-hooks/deploy/strato-auth.json") as file:` 8. Change permissions: `chmod 0400 /config/letsencrypt/renewal-hooks/deploy/strato-auth.json` 9. Modify /config/letsencrypt/renewal/npm-<id>.conf and update the section [renewalparams]: `authenticator = manual` `manual_public_ip_logging_ok = True` `manual_auth_hook = /config/letsencrypt/renewal-hooks/deploy/auth-hook.py` 10. Extend the certificate (replace `<domain>`): `certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py` Now the cert setup in step 2. contains an wildcard-alias an can be assigned to the wildcard subdomain from step 1. I hope this help some.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@BeSve commented on GitHub (Nov 8, 2022):

10. Extend the certificate (replace <domain>):
    certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py

Thanks for your how to.
Will this automaticly update the certificate every 90 days or have I do this manualy?
Or is there a way to execute the command mentioned under 10 every n days?

Thanks a lot.

<!-- gh-comment-id:1307791462 --> @BeSve commented on GitHub (Nov 8, 2022): > 10. Extend the certificate (replace `<domain>`): > `certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py` > Thanks for your how to. Will this automaticly update the certificate every 90 days or have I do this manualy? Or is there a way to execute the command mentioned under 10 every n days? Thanks a lot.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@psychofaktory commented on GitHub (Nov 9, 2022):

Will this automaticly update the certificate every 90 days or have I do this manualy?

When the SSL certificate is created in step 2, NPP automatically creates a job that regularly renews the certificate.

<!-- gh-comment-id:1308454761 --> @psychofaktory commented on GitHub (Nov 9, 2022): > Will this automaticly update the certificate every 90 days or have I do this manualy? When the SSL certificate is created in step 2, NPP automatically creates a job that regularly renews the certificate.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Substanzlos commented on GitHub (Feb 21, 2023):

Hi, some things i have noticed.

(All files mentioned come from here: https://github.com/Buxdehuda/strato-certbot)

• First of, it look's like the auth-hook.py hast changed, point 7. isn't requiered anymore, with open has been removed/replaced.
• There is a new include, so you will need the file certbotstratoapi.py
• you need to install the requirements listed under requirements.txt

Okay, after this, your workaround works, but i get this error message, even so the certificate generation works:

After issuing point 8. of the workaround i get this output.

[...]
Renewing an existing certificate for abc.xyz and *abc.xyz

Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with error output:
Traceback (most recent call last):
File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 42, in
main()
File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 25, in main
strato = CertbotStratoApi()
File "/etc/letsencrypt/renewal-hooks/deploy/certbotstratoapi.py", line 17, in init
self.txt_value = os.environ['CERTBOT_VALIDATION']
File "/usr/lib/python3.7/os.py", line 678, in getitem
raise KeyError(key) from None
KeyError: 'CERTBOT_VALIDATION'

Successfully received certificate.
[...]

Any ideas?

<!-- gh-comment-id:1438966684 --> @Substanzlos commented on GitHub (Feb 21, 2023): Hi, some things i have noticed. (All files mentioned come from here: https://github.com/Buxdehuda/strato-certbot) - First of, it look's like the auth-hook.py hast changed, point 7. isn't requiered anymore, with open has been removed/replaced. - There is a new include, so you will need the file certbotstratoapi.py - you need to install the requirements listed under requirements.txt Okay, after this, your workaround works, but i get this error message, even so the certificate generation works: After issuing point 8. of the workaround i get this output. [...] Renewing an existing certificate for abc.xyz and *abc.xyz **Hook 'deploy-hook' reported error code 1 Hook 'deploy-hook' ran with error output: Traceback (most recent call last): File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 42, in <module> main() File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 25, in main strato = CertbotStratoApi() File "/etc/letsencrypt/renewal-hooks/deploy/certbotstratoapi.py", line 17, in __init__ self.txt_value = os.environ['CERTBOT_VALIDATION'] File "/usr/lib/python3.7/os.py", line 678, in __getitem__ raise KeyError(key) from None KeyError: 'CERTBOT_VALIDATION'** Successfully received certificate. [...] Any ideas?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Mar 5, 2023):

I modified the code from the aforementioned repository to provide a regular certbot dns authentication plugin, which can be directly integrated into NPM (see here).

If you would like to give it a try, follow these instructions.
The dns plugin configuration in globals/certbot-dns-plugins.js should be adjusted to include the service for Strato:

.
.
.
    //####################################################//
    strato: {
        display_name:        'Strato',
        package_name:        'certbot-dns-strato',
        version_requirement: '~=0.1.1',
        dependencies:        '',
        credentials:         `dns_strato_username = user
dns_strato_password = pass
# uncomment if domain name contains special characters
# insert domain display name as seen on your account page here
# dns_strato_domain_display_name = my-punicode-url.de`,
        full_plugin_name:    'dns-strato',
    },
.
.
.

I was successful using option 2 mentioned in the linked comment.
An exemplary docker-compose.yml could be:

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      - '80:80'
      - '1080:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
      # map custom code into the container to support strato dns
      - ./custom-npm/global/certbot-dns-plugins.js:/app/global/certbot-dns-plugins.js:ro
      - ./custom-npm/frontend/dist:/app/frontend:ro
      
networks:
  default:
    external: true
    name: nginx-proxy-manager

Note that the code is still in an experimental stage.

<!-- gh-comment-id:1454941847 --> @FlixMa commented on GitHub (Mar 5, 2023): I modified the code from the [aforementioned repository](https://github.com/Buxdehuda/strato-certbot) to provide a regular certbot dns authentication plugin, which can be directly integrated into NPM (see [here](https://github.com/FlixMa/certbot-dns-strato)). If you would like to give it a try, follow [these instructions](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2086#issuecomment-1272610645). The dns plugin configuration in `globals/certbot-dns-plugins.js` should be adjusted to include the service for Strato: ```js . . . //####################################################// strato: { display_name: 'Strato', package_name: 'certbot-dns-strato', version_requirement: '~=0.1.1', dependencies: '', credentials: `dns_strato_username = user dns_strato_password = pass # uncomment if domain name contains special characters # insert domain display name as seen on your account page here # dns_strato_domain_display_name = my-punicode-url.de`, full_plugin_name: 'dns-strato', }, . . . ``` I was successful using option 2 mentioned in the linked comment. An exemplary `docker-compose.yml` could be: ```yml version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: always ports: - '80:80' - '1080:81' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt # map custom code into the container to support strato dns - ./custom-npm/global/certbot-dns-plugins.js:/app/global/certbot-dns-plugins.js:ro - ./custom-npm/frontend/dist:/app/frontend:ro networks: default: external: true name: nginx-proxy-manager ``` Note that the code is still in an experimental stage.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Substanzlos commented on GitHub (May 17, 2023):

Nice work. :)

Where do i need to place the files from your repository?

<!-- gh-comment-id:1551969292 --> @Substanzlos commented on GitHub (May 17, 2023): Nice work. :) Where do i need to place the files from your repository?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (May 18, 2023):

Nice work. :)

Where do i need to place the files from your repository?

Thank you :-)

You don't need to touch my repository -- it is just a place for the plugin to live. The code is uploaded to PyPi so it is available from anywhere where there is python pip installed. Thus npm can grab it by itself. You just need to introduce this plugin to npm by inserting the given configuration snippet posted above and then building the npm frontend from this repository.

Once that's done, you can use the build directory and mount it into your docker container at the specific location where the prebuilt frontend was living (you basically shadow it with the new version).

Then you're good to go. In fact I have this setup up and running since my post without any issues :-)

So what you need to do:

1. clone this repository (nginx-proxy-manager, not my plugin)
2. edit globals/certbot-dns-plugins.js as shown above.
3. rebuild the npm frontend using the provided build script: sudo ./scripts/frontend-build
4. mount the new version into your container using the docker-compose.yml as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in ./custom-npm/)

(-: Hope this helps

<!-- gh-comment-id:1552929562 --> @FlixMa commented on GitHub (May 18, 2023): > Nice work. :) > > Where do i need to place the files from your repository? Thank you :-) You don't need to touch my repository -- it is just a place for the plugin to live. The code is uploaded to PyPi so it is available from anywhere where there is python pip installed. Thus npm can grab it by itself. You just need to introduce this plugin to npm by inserting the given configuration snippet posted above and then building the npm frontend from this repository. Once that's done, you can use the build directory and mount it into your docker container at the specific location where the prebuilt frontend was living (you basically shadow it with the new version). Then you're good to go. In fact I have this setup up and running since my post without any issues :-) So what you need to do: 1. clone this repository (nginx-proxy-manager, not my plugin) 2. edit `globals/certbot-dns-plugins.js` as shown above. 3. rebuild the npm frontend using the provided build script: `sudo ./scripts/frontend-build` 4. mount the new version into your container using the `docker-compose.yml` as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in `./custom-npm/`) (-: Hope this helps

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Substanzlos commented on GitHub (May 18, 2023):

Thank you. :)

You Pull requests got answered: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2929#issuecomment-1553032491

I've tested the docker image, works like a charm!

Thank you so much for your work!

<!-- gh-comment-id:1553225303 --> @Substanzlos commented on GitHub (May 18, 2023): Thank you. :) You Pull requests got answered: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2929#issuecomment-1553032491 I've tested the docker image, works like a charm! Thank you so much for your work!

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Aug 3, 2023):

Hi guys,

i postet this also in the Pull Request but dont know if anyone sees this there:

i read this and wanted to try it out but i think i dont get it...
how and what for things do i have to put in the challange textfield?

also my strato is locked with 2fa
is there an example file i can use?

sorry but i dont understand the things under user and pass...
and for the SSL Domain i need "*.DOMAIN.COM"? or without the * for wildcard?

this is the example:
dns_strato_username = user
dns_strato_password = pass
'# uncomment if domain name contains special characters
'# insert domain display name as seen on your account page here
'# dns_strato_domain_display_name = my-punicode-url.de

and now how to fill it?

the last two i dont understand...
do i have to remove the # and fill in something?
if i do i get an error....

i testet with:
'*.DOMAIN.com

dns_strato_username = NUMBERS
dns_strato_password = PASSWORD
dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS
dns_strato_totp_devicename = NAME OF TOTP
'# uncomment if domain name contains special characters <-- Leav this as it was
'# DOMAIN.COM
'# dns_strato_domain_display_name = *.DOMAIN.COM

pls help or point me a good example from someone who got it to work. it would be easier then the normal challenge then there are at time internal errors -,- (new request worked...)

thank you so much...

EDIT: have to put ' infront of # to avoid funky things...

<!-- gh-comment-id:1664583729 --> @Yoshi315161 commented on GitHub (Aug 3, 2023): Hi guys, i postet this also in the Pull Request but dont know if anyone sees this there: i read this and wanted to try it out but i think i dont get it... how and what for things do i have to put in the challange textfield? also my strato is locked with 2fa is there an example file i can use? sorry but i dont understand the things under user and pass... and for the SSL Domain i need "*.DOMAIN.COM"? or without the * for wildcard? this is the example: dns_strato_username = user dns_strato_password = pass '# uncomment if domain name contains special characters '# insert domain display name as seen on your account page here '# dns_strato_domain_display_name = my-punicode-url.de and now how to fill it? the last two i dont understand... do i have to remove the # and fill in something? if i do i get an error.... i testet with: '*.DOMAIN.com dns_strato_username = NUMBERS dns_strato_password = PASSWORD dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS dns_strato_totp_devicename = NAME OF TOTP '# uncomment if domain name contains special characters <-- Leav this as it was '# DOMAIN.COM '# dns_strato_domain_display_name = *.DOMAIN.COM pls help or point me a good example from someone who got it to work. it would be easier then the normal challenge then there are at time internal errors -,- (new request worked...) thank you so much... EDIT: have to put ' infront of # to avoid funky things...

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Aug 4, 2023):

sorry but i dont understand the things under user and pass... and for the SSL Domain i need "*.DOMAIN.COM"? or without the * for wildcard?

In the topmost field of the basic certificate settings it should say *.domain.com (the CN, the certificate is issued for).
In the custom configuration for strato dns you only need to add your domain name, if it has special characters in it (aka punycode). If that's the case you need to enter the name in the exact same spelling as it appears on your strato domain configuration overview page (on strato.de it's called "Paketübersicht"). In my case it shows without the asterisk. Otherwise, so if you do not provide the dns_strato_domain_display_name, it is inferred from your CN.

I guess you already tried both variants, rights? If that's the case, I might have spotted an error with TFA.
It might be a problem in the code of my python certbot plugin, where the credentials setup function does not include the totp keys.

Since I did not configure it yet (shame on me), this didn't come to light.
Your configuration looks correct:

dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS
dns_strato_totp_devicename = NAME OF TOTP

Please try as I explained, if you did not already do so and report back. Then I will proceed to making the adjustments in code.
Cheers

<!-- gh-comment-id:1664933424 --> @FlixMa commented on GitHub (Aug 4, 2023): > sorry but i dont understand the things under user and pass... and for the SSL Domain i need "*.DOMAIN.COM"? or without the * for wildcard? In the topmost field of the basic certificate settings it should say `*.domain.com` (the CN, the certificate is issued for). In the custom configuration for strato dns you only need to add your domain name, if it has special characters in it (aka [punycode](https://en.wikipedia.org/wiki/Punycode)). If that's the case you need to enter the name in the exact same spelling as it appears on your strato domain configuration overview page (on strato.de it's called "Paketübersicht"). In my case it shows without the asterisk. Otherwise, so if you do not provide the `dns_strato_domain_display_name`, it is inferred from your CN. I guess you already tried both variants, rights? If that's the case, I might have spotted an error with TFA. It might be a problem in the code of my python certbot plugin, where the [credentials setup function](https://github.com/FlixMa/certbot-dns-strato/blob/4775821b56f5a7140adc2c900871ef689f2b10f5/certbot_dns_strato/dns_strato.py#L41) does not include the `totp` keys. Since I did not configure it yet (shame on me), this didn't come to light. Your configuration looks correct: > dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS > dns_strato_totp_devicename = NAME OF TOTP Please try as I explained, if you did not already do so and report back. Then I will proceed to making the adjustments in code. Cheers

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Aug 4, 2023):

hi ho and thx for the answer,

ok then i think its easier to work with pictures...

i testet a lot, but i always get an Error so hier my config (as i understand from your text):

and this is the error i get:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-30" --agree-tos --email "jxxxxxxxxxx.com" --domains "*.hxxxxxxxxxx.com" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-30" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

`at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)`

Do i have to put something in Strato first? i own the domain but is something to do for the wildcard *.hxxxxxxx.com SSL Cert?

Thank you for your help :)

<!-- gh-comment-id:1665452720 --> @Yoshi315161 commented on GitHub (Aug 4, 2023): hi ho and thx for the answer, ok then i think its easier to work with pictures... i testet a lot, but i always get an Error so hier my config (as i understand from your text): <img width="490" alt="Config" src="https://github.com/NginxProxyManager/nginx-proxy-manager/assets/95760319/224fdf4e-4f67-4ffa-ab8f-e6a5b1ef80e6"> and this is the error i get: `Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-30" --agree-tos --email "jxxxxxxxxxx.com" --domains "*.hxxxxxxxxxx.com" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-30" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log` `at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)` Do i have to put something in Strato first? i own the domain but is something to do for the wildcard `*.hxxxxxxx.com` SSL Cert? Thank you for your help :)

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Aug 17, 2023):

Do you have something new for me @FlixMa ?

<!-- gh-comment-id:1682365297 --> @Yoshi315161 commented on GitHub (Aug 17, 2023): Do you have something new for me @FlixMa ?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Aug 18, 2023):

I am sorry, I didn’t have time to do it as I am currently on vacation. I’ll be back in September.

<!-- gh-comment-id:1684157561 --> @FlixMa commented on GitHub (Aug 18, 2023): I am sorry, I didn’t have time to do it as I am currently on vacation. I’ll be back in September.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@ThomasKuijper commented on GitHub (Sep 15, 2023):

I tried the same @Yoshi315161, but im getting the same error.
I tried both with a wildcard and a specific hostname, both gave the same childprocess error.
I disabled TOTP and tried, but same problem.
Maybe strato changed something.

Is there something i can look for in the debug log?

////Update

I checked some more, what i think happens, is that the url you use in your 'certbotstratoapi.py' is for strato.DE
When you login with a login from another country, instead of loggin in right now, it redirects you to the login page for the correct country.

Is it an option to add the API url to the settings?

<!-- gh-comment-id:1720880506 --> @ThomasKuijper commented on GitHub (Sep 15, 2023): I tried the same @Yoshi315161, but im getting the same error. I tried both with a wildcard and a specific hostname, both gave the same childprocess error. I disabled TOTP and tried, but same problem. Maybe strato changed something. Is there something i can look for in the debug log? ////Update I checked some more, what i think happens, is that the url you use in your 'certbotstratoapi.py' is for strato.DE When you login with a login from another country, instead of loggin in right now, it redirects you to the login page for the correct country. Is it an option to add the API url to the settings?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Sep 16, 2023):

Hey all, sorry for the late reply. I did not know, that strato was serving their page in other countries than Germany. So this actually might be cause for troubles with some users.

In the recent commit I added the option to fully customise the API endpoint:

• custom_api_scheme,
• custom_api_host,
• custom_api_port and
• custom_api_path

You will probably only set the custom_api_host, but yeah, might be nice to have in the future...

I have just published a new version of the certbot strato dns challenge pypi package:
Please pip install this package and test whether your TXT records show up on Strato Management Site.
You can use this snippet for testing:

from certbot_dns_strato.dns_strato import _StratoApi

# change the placeholders and api host to match the one you are logging in to (e.g. '.nl' for the Netherlands).
strato = _StratoApi('your_domain_display_name', custom_api_host='www.strato.nl')
strato.login('my_username', 'my_password')

strato.set_domain_name('your_domain_name')
strato.get_package_id()
strato.get_txt_records()
strato.set_amce_record('hello', 'world')
strato.push_txt_records()

The result should look like this:

I hope the NPM auto-updates the package soon, so you'll be able to use the additional options from inside NPM.
Don't forget to add the mandatory prefix in your NPM wildcard certificate configuration dns_strato_. So custom_api_host needs to be set as dns_strato_custom_api_host = www.strato.nl(e.g. for the Netherlands).

Also please let me know, if this fixes the problem for you, @Yoshi315161.
And thank you @ThomasKuijper so much for investigating.

Cheers

<!-- gh-comment-id:1722185791 --> @FlixMa commented on GitHub (Sep 16, 2023): Hey all, sorry for the late reply. I did not know, that strato was serving their page in other countries than Germany. So this actually might be cause for troubles with some users. In the recent [commit](https://github.com/FlixMa/certbot-dns-strato/commit/484176d940593486c9531bd21ab5c770102bcad8) I added the option to fully customise the API endpoint: - `custom_api_scheme`, - `custom_api_host`, - `custom_api_port` and - `custom_api_path` You will probably only set the `custom_api_host`, but yeah, might be nice to have in the future... I have just published a [new version](https://pypi.org/project/certbot-dns-strato/0.2.0/) of the certbot strato dns challenge pypi package: Please `pip install` this package and test whether your TXT records show up on Strato Management Site. You can use this snippet for testing: ```python from certbot_dns_strato.dns_strato import _StratoApi # change the placeholders and api host to match the one you are logging in to (e.g. '.nl' for the Netherlands). strato = _StratoApi('your_domain_display_name', custom_api_host='www.strato.nl') strato.login('my_username', 'my_password') strato.set_domain_name('your_domain_name') strato.get_package_id() strato.get_txt_records() strato.set_amce_record('hello', 'world') strato.push_txt_records() ``` The result should look like this: <img width="1137" alt="Screenshot 2023-09-16 at 11 09 27" src="https://github.com/NginxProxyManager/nginx-proxy-manager/assets/22214292/b34ad5b1-728d-4792-8549-28c1de623171"> I hope the NPM auto-updates the package soon, so you'll be able to use the additional options from inside NPM. Don't forget to add the mandatory prefix in your NPM wildcard certificate configuration `dns_strato_`. So `custom_api_host` needs to be set as `dns_strato_custom_api_host = www.strato.nl`(e.g. for the Netherlands). Also please let me know, if this fixes the problem for you, @Yoshi315161. And thank you @ThomasKuijper so much for investigating. Cheers

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Sep 16, 2023):

Hey @FlixMa,
i hope you had a good vacation. My Strato is also in Germany.
I only updated the pip installation and now its working without changing anything..
AWESOME :)

now i have a wildcard with DNS Challange :D (and TOPT)
Thank you so much

my config is the same like the picture above the only difference is that i deletet the last three lines.

<!-- gh-comment-id:1722194444 --> @Yoshi315161 commented on GitHub (Sep 16, 2023): Hey @FlixMa, i hope you had a good vacation. My Strato is also in Germany. I only updated the pip installation and now its working without changing anything.. AWESOME :) now i have a wildcard with DNS Challange :D (and TOPT) Thank you so much my config is the same like the picture above the only difference is that i deletet the last three lines.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Sep 16, 2023):

Hey @Yoshi315161, vacation was alright; thanks for asking. Glad to hear you got it working. Then the issue might actually have been that the 2FA detection was not only broken for other countries, but also for strato.de. That is actually very likely as it was based on user-facing string matching, which of course might change more frequently than an API. I did. change that behaviour to be based on whether you provide 2FA credentials or not, to make it compatible with other languages.

Do you mind sharing how you updated the pip package inside your NPM docker container? This way others can profit as well :)

Have a nice weekend!

<!-- gh-comment-id:1722204739 --> @FlixMa commented on GitHub (Sep 16, 2023): Hey @Yoshi315161, vacation was alright; thanks for asking. Glad to hear you got it working. Then the issue might actually have been that the 2FA detection was not only broken for other countries, but also for strato.de. That is actually very likely as it was based on user-facing string matching, which of course might change more frequently than an API. I did. change that behaviour to be based on whether you provide 2FA credentials or not, to make it compatible with other languages. Do you mind sharing how you updated the pip package inside your NPM docker container? This way others can profit as well :) Have a nice weekend!

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Sep 16, 2023):

Ofcourse I can.
I have portainer installed in my Docker server.
So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter:
pip install certbot-dns-strato==0.2.0

After that I tested again in NPM and it worked.

You too :)

<!-- gh-comment-id:1722209467 --> @Yoshi315161 commented on GitHub (Sep 16, 2023): Ofcourse I can. I have portainer installed in my Docker server. So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter: pip install certbot-dns-strato==0.2.0 After that I tested again in NPM and it worked. You too :)

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Anocos commented on GitHub (Sep 22, 2023):

So what you need to do:

1. clone this repository (nginx-proxy-manager, not my plugin)

2. edit `globals/certbot-dns-plugins.js` as shown above.

3. rebuild the npm frontend using the provided build script: `sudo ./scripts/frontend-build`

4. mount the new version into your container using the `docker-compose.yml` as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in `./custom-npm/`)

Hi, when I run:
sudo ./scripts/frontend-build
sudo: ./scripts/frontend-build: command not found

frontend-build file does not exist

Any suggestion

<!-- gh-comment-id:1732071194 --> @Anocos commented on GitHub (Sep 22, 2023): # > So what you need to do: > > 1. clone this repository (nginx-proxy-manager, not my plugin) > > 2. edit `globals/certbot-dns-plugins.js` as shown above. > > 3. rebuild the npm frontend using the provided build script: `sudo ./scripts/frontend-build` > > 4. mount the new version into your container using the `docker-compose.yml` as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in `./custom-npm/`) Hi, when I run: `sudo ./scripts/frontend-build` `sudo: ./scripts/frontend-build: command not found` frontend-build file does not exist Any suggestion

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Sep 23, 2023):

The script has been moved to a subfolder: scripts/ci/frontend-build

I am not sure if it will work, though. There might have been other breaking changes since spring 2023.

But may I ask, why you want to use those steps? The plugin should already show up without any additional changes since #2929 got merged. So you probably don’t need to build it for yourself :)

<!-- gh-comment-id:1732220193 --> @FlixMa commented on GitHub (Sep 23, 2023): The script has been moved to a subfolder: `scripts/ci/frontend-build` I am not sure if it will work, though. There might have been other breaking changes since spring 2023. But may I ask, why you want to use those steps? The plugin should already show up without any additional changes since #2929 got merged. So you probably don’t need to build it for yourself :)

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Anocos commented on GitHub (Sep 23, 2023):

I have updated to the latest version 2.10.4 and I have already seen it
Now I will do tests
Thank you

<!-- gh-comment-id:1732235231 --> @Anocos commented on GitHub (Sep 23, 2023): I have updated to the latest version 2.10.4 and I have already seen it Now I will do tests Thank you

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Anocos commented on GitHub (Sep 23, 2023):

When I try to create an SSL certificate it gives an error:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --agree-tos --email "xxxx@xxxx.es" --domains "xxxxxxxxx.es" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-1" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Socket. (node:internal/child_process:458:11) at Socket.emit (node:events:513:28) at Pipe. (node:net:301:12)

Ofcourse I can. I have portainer installed in my Docker server. So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter: pip install certbot-dns-strato==0.2.0

After that I tested again in NPM and it worked.

You too :)

I have also updated to version 0.2.0 from Portainer

<!-- gh-comment-id:1732359266 --> @Anocos commented on GitHub (Sep 23, 2023): When I try to create an SSL certificate it gives an error: `Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --agree-tos --email "xxxx@xxxx.es" --domains "xxxxxxxxx.es" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-1" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log` ` at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Socket. (node:internal/child_process:458:11) at Socket.emit (node:events:513:28) at Pipe. (node:net:301:12)`  > Ofcourse I can. I have portainer installed in my Docker server. So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter: pip install certbot-dns-strato==0.2.0 > > After that I tested again in NPM and it worked. > > You too :) I have also updated to version 0.2.0 from Portainer

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Sep 24, 2023):

Unfortunately I haven't seen this error before. You can try to have a look into the debug log. There might be useful information inside. If you are unsure if this has to do with the strato plugin itself, you might want to post a new issue.

<!-- gh-comment-id:1732575937 --> @FlixMa commented on GitHub (Sep 24, 2023): Unfortunately I haven't seen this error before. You can try to have a look into the debug log. There might be useful information inside. If you are unsure if this has to do with the strato plugin itself, you might want to post a new issue.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Anocos commented on GitHub (Sep 24, 2023):

It's already solved.
It is necessary to put in the Credentials File Content section:
dns_strato_custom_api_host = www.strato.es

In case it helps anyone :)

<!-- gh-comment-id:1732593823 --> @Anocos commented on GitHub (Sep 24, 2023): It's already solved. It is necessary to put in the Credentials File Content section: `dns_strato_custom_api_host = www.strato.es` In case it helps anyone :)

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Sep 24, 2023):

I added a more descriptive configuration template to simplify onboarding for new users. See pull request #3212 for more information.

<!-- gh-comment-id:1732624754 --> @FlixMa commented on GitHub (Sep 24, 2023): I added a more descriptive configuration template to simplify onboarding for new users. See pull request #3212 for more information.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@hamiller commented on GitHub (Jan 11, 2024):

looks as if this is broken again...
i think the get_package_id method is not able to find the package ID.

Maybe we could get completely rid of the method - or provide an override - and read an additional config field "dns_strato_package_id"?

<!-- gh-comment-id:1886629737 --> @hamiller commented on GitHub (Jan 11, 2024): looks as if this is broken again... i think the `get_package_id` method is not able to find the package ID. Maybe we could get completely rid of the method - or provide an override - and read an additional config field "dns_strato_package_id"?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Jan 11, 2024):

Mine is still working...
Do you have updated your NPM Container?
If yes, you have to update the internal:
pip install certbot-dns-strato==0.2.0
again
its not importet yet...
sad because there were two container updates till now...

<!-- gh-comment-id:1886817529 --> @Yoshi315161 commented on GitHub (Jan 11, 2024): Mine is still working... Do you have updated your NPM Container? If yes, you have to update the internal: pip install certbot-dns-strato==0.2.0 again its not importet yet... sad because there were two container updates till now...

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Jan 19, 2024):

Now there was an update with your implementation BUT now it doesn’t work anymore…

and i can also do not update with pip because there is an error with command not found…

after i did an apt update and install pip there is an error that this Environment ist external managed… pip installation doesn‘t work…
Hope you can do some cool things so we can use it again (my cert will be expired early feb…)

I also tested to new create the SSL config. But there is also an error
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1105:16)
at ChildProcess._handle.onexit (node:internal/child_process:305:5)

<!-- gh-comment-id:1900322195 --> @Yoshi315161 commented on GitHub (Jan 19, 2024): Now there was an update with your implementation BUT now it doesn’t work anymore… and i can also do not update with pip because there is an error with command not found… after i did an apt update and install pip there is an error that this Environment ist external managed… pip installation doesn‘t work… Hope you can do some cool things so we can use it again (my cert will be expired early feb…) I also tested to new create the SSL config. But there is also an error CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5)

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@thomas292 commented on GitHub (Jan 20, 2024):

Dear @FlixMa,
today I updated to Nginx Proxy Manager 2.11, which includes your fix as documented in the release notes.
Just got the same error as @Yoshi315161.
Thank you for any help.
Thomas

<!-- gh-comment-id:1902254644 --> @thomas292 commented on GitHub (Jan 20, 2024): Dear @FlixMa, today I updated to Nginx Proxy Manager 2.11, which includes your fix as documented in the release notes. Just got the same error as @Yoshi315161. Thank you for any help. Thomas

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@thomas292 commented on GitHub (Jan 20, 2024):

@Yoshi315161
Just to clarify. Is there anything special you have configured on the Strato side?

<!-- gh-comment-id:1902262499 --> @thomas292 commented on GitHub (Jan 20, 2024): @Yoshi315161 Just to clarify. Is there anything special you have configured on the Strato side?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Jan 21, 2024):

Hey all,
apparently Strato did change the way of accessing the individual packages.
In the past this was done through an absolute package id. Now this changed to incrementing numbers per account.

Hopefully the uploaded fix 0.2.1 will account for that. The tests on my end are looking fine.
Please try to update the pip package and let me know :-)
Felix

<!-- gh-comment-id:1902602039 --> @FlixMa commented on GitHub (Jan 21, 2024): Hey all, apparently Strato did change the way of accessing the individual packages. In the past this was done through an absolute package id. Now this changed to incrementing numbers per account. Hopefully the uploaded fix 0.2.1 will account for that. The tests on my end are looking fine. Please try to update the pip package and let me know :-) Felix

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Jan 21, 2024):

hey @FlixMa,

i tried to bash into console and do the pip install certbot-dns-strato==0.2.1 but i got the bash: pip: command not found
i think on the debian was something changed.. how to you got the update in your NPM container?

@thomas292
no i have nothing changed in strato

<!-- gh-comment-id:1902630259 --> @Yoshi315161 commented on GitHub (Jan 21, 2024): hey @FlixMa, i tried to bash into console and do the `pip install certbot-dns-strato==0.2.1` but i got the `bash: pip: command not found` i think on the debian was something changed.. how to you got the update in your NPM container? @thomas292 no i have nothing changed in strato

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@dernilz commented on GitHub (Jan 21, 2024):

Hey,
to change the version of certbot plugin
the version has to be changes in the file global/certbot-dns-plugins.json.

This can either be done temporarily in the container
(exec into container, edit /app/global/certbot-dns-plugins.json, restart container)
or permanently by creating a custom image that inherits from the official image
(override /app/global/certbot-dns-plugins.json).

Search for this part and replace version with your desired version:

...
"strato": {
	"name": "Strato",
	"package_name": "certbot-dns-strato",
-->	"version": "~=0.1.1",
	"dependencies": "",
	"credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
	"full_plugin_name": "dns-strato"
},
...

Disclaimer: I have not explicitly tested this fix

<!-- gh-comment-id:1902722032 --> @dernilz commented on GitHub (Jan 21, 2024): Hey, to change the version of certbot plugin the version has to be changes in the file `global/certbot-dns-plugins.json`. This can either be done temporarily in the container (exec into container, edit `/app/global/certbot-dns-plugins.json`, restart container) or permanently by creating a custom image that inherits from the official image (override `/app/global/certbot-dns-plugins.json`). Search for this part and replace version with your desired version: ``` ... "strato": { "name": "Strato", "package_name": "certbot-dns-strato", --> "version": "~=0.1.1", "dependencies": "", "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"", "full_plugin_name": "dns-strato" }, ... ``` Disclaimer: I have not explicitly tested this fix

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@tbreitha commented on GitHub (Jan 22, 2024):

With Version 0.2.1 it is still not working.
Here is my config/request incl. error message:

This is form the letsencrypt log after the request:

<!-- gh-comment-id:1904389752 --> @tbreitha commented on GitHub (Jan 22, 2024): With Version 0.2.1 it is still not working. Here is my config/request incl. error message:  This is form the letsencrypt log after the request: 

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@KeenBockwurst commented on GitHub (Jan 22, 2024):

Same here.
cat global/certbot-dns-plugins.json

"strato": {
                "name": "Strato",
                "package_name": "certbot-dns-strato",
                "version": "~=0.2.1",
                "dependencies": "",
                "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
                "full_plugin_name": "dns-strato"

also used

 pip install certbot-dns-strato==0.2.1
Requirement already satisfied: certbot-dns-strato==0.2.1 in /opt/certbot/lib/python3.11/site-packages (0.2.1)
Requirement already satisfied: setuptools in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (66.1.1)
Requirement already satisfied: certbot>=2.0 in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.8.0)
Requirement already satisfied: requests in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.31.0)
Requirement already satisfied: pyotp in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.9.0)
Requirement already satisfied: acme>=2.8.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.8.0)
Requirement already satisfied: ConfigArgParse>=1.5.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.7)
Requirement already satisfied: configobj>=5.0.6 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (5.0.8)
Requirement already satisfied: cryptography>=3.2.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (41.0.7)
Requirement already satisfied: distro>=1.0.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.9.0)
Requirement already satisfied: josepy>=1.13.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.14.0)
Requirement already satisfied: parsedatetime>=2.4 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.6)
Requirement already satisfied: pyrfc3339 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.1)
Requirement already satisfied: pytz>=2019.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2023.3.post1)
Requirement already satisfied: charset-normalizer<4,>=2 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.3.2)
Requirement already satisfied: idna<4,>=2.5 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.6)
Requirement already satisfied: urllib3<3,>=1.21.1 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2.1.0)
Requirement already satisfied: certifi>=2017.4.17 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2023.11.17)
Requirement already satisfied: PyOpenSSL!=23.1.0,>=17.5.0 in /opt/certbot/lib/python3.11/site-packages (from acme>=2.8.0->certbot>=2.0->certbot-dns-strato==0.2.1) (23.3.0)
Requirement already satisfied: six in /opt/certbot/lib/python3.11/site-packages (from configobj>=5.0.6->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0)
Requirement already satisfied: cffi>=1.12 in /opt/certbot/lib/python3.11/site-packages (from cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0)
Requirement already satisfied: pycparser in /opt/certbot/lib/python3.11/site-packages (from cffi>=1.12->cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (2.21)

Only get internal error

<!-- gh-comment-id:1904506726 --> @KeenBockwurst commented on GitHub (Jan 22, 2024): Same here. `cat global/certbot-dns-plugins.json` ``` "strato": { "name": "Strato", "package_name": "certbot-dns-strato", "version": "~=0.2.1", "dependencies": "", "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"", "full_plugin_name": "dns-strato" ``` also used ``` pip install certbot-dns-strato==0.2.1 Requirement already satisfied: certbot-dns-strato==0.2.1 in /opt/certbot/lib/python3.11/site-packages (0.2.1) Requirement already satisfied: setuptools in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (66.1.1) Requirement already satisfied: certbot>=2.0 in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.8.0) Requirement already satisfied: requests in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.31.0) Requirement already satisfied: pyotp in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.9.0) Requirement already satisfied: acme>=2.8.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.8.0) Requirement already satisfied: ConfigArgParse>=1.5.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.7) Requirement already satisfied: configobj>=5.0.6 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (5.0.8) Requirement already satisfied: cryptography>=3.2.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (41.0.7) Requirement already satisfied: distro>=1.0.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.9.0) Requirement already satisfied: josepy>=1.13.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.14.0) Requirement already satisfied: parsedatetime>=2.4 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.6) Requirement already satisfied: pyrfc3339 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.1) Requirement already satisfied: pytz>=2019.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2023.3.post1) Requirement already satisfied: charset-normalizer<4,>=2 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.3.2) Requirement already satisfied: idna<4,>=2.5 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.6) Requirement already satisfied: urllib3<3,>=1.21.1 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2.1.0) Requirement already satisfied: certifi>=2017.4.17 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2023.11.17) Requirement already satisfied: PyOpenSSL!=23.1.0,>=17.5.0 in /opt/certbot/lib/python3.11/site-packages (from acme>=2.8.0->certbot>=2.0->certbot-dns-strato==0.2.1) (23.3.0) Requirement already satisfied: six in /opt/certbot/lib/python3.11/site-packages (from configobj>=5.0.6->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0) Requirement already satisfied: cffi>=1.12 in /opt/certbot/lib/python3.11/site-packages (from cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0) Requirement already satisfied: pycparser in /opt/certbot/lib/python3.11/site-packages (from cffi>=1.12->cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (2.21) ``` Only get internal error

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@tbreitha commented on GitHub (Jan 22, 2024):

I got it working now with the latest NPM in Docker:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.1
6. nano certbot-dns-plugins.json
7. change the version from Strato 0.1.1 to 0,2.1 and save it
8. restart the container
9. Request a new Wildcard within NPM
   

Hope that helps
Cheers
Tom

<!-- gh-comment-id:1904527179 --> @tbreitha commented on GitHub (Jan 22, 2024): I got it working now with the latest NPM in Docker: 1. exec in to the container 2. apt update 3. apt install pip 4. apt install nano 5. pip install certbot-dns-strato==0.2.1 6. nano certbot-dns-plugins.json 7. change the version from Strato 0.1.1 to 0,2.1 and save it 8. restart the container 9. Request a new Wildcard within NPM  10.  Hope that helps Cheers Tom

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@KeenBockwurst commented on GitHub (Jan 22, 2024):

@tbreitha
Did again what you posted just to be sure, but i get instantly internal error without anything else :/

<!-- gh-comment-id:1904538268 --> @KeenBockwurst commented on GitHub (Jan 22, 2024): @tbreitha Did again what you posted just to be sure, but i get instantly internal error without anything else :/

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@tbreitha commented on GitHub (Jan 22, 2024):

@KeenBockwurst Did again what you posted just to be sure, but i get instantly internal error without anything else :/

Strange, i did it twice now, on my system and friends system. It worked just fine.

<!-- gh-comment-id:1904544470 --> @tbreitha commented on GitHub (Jan 22, 2024): @KeenBockwurst Did again what you posted just to be sure, but i get instantly internal error without anything else :/ Strange, i did it twice now, on my system and friends system. It worked just fine.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@KeenBockwurst commented on GitHub (Jan 22, 2024):

Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/

<!-- gh-comment-id:1904968165 --> @KeenBockwurst commented on GitHub (Jan 22, 2024): Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Jan 22, 2024):

This is very odd behaviour I haven’t seen so far.
Maybe you have two colliding renewals at the same time? If so try to only renew once the othe process did finish.

<!-- gh-comment-id:1904985022 --> @FlixMa commented on GitHub (Jan 22, 2024): This is very odd behaviour I haven’t seen so far. Maybe you have two colliding renewals at the same time? If so try to only renew once the othe process did finish.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@ponchoboob commented on GitHub (Jan 27, 2024):

Hi, thank you for your plugin. When I first tried, i didn't work and I tried it manually with certbot the see how all this stuff actually works and it worked. There is a little issue with reading the password. Passwords beginning with '#' are not working. Guess it is interpreted as commentary. With updateing to version0.2.1 of your plugin it finally worked here for me, but the issue with passwords starting with # is still there.

kind regards,
robert

<!-- gh-comment-id:1913253158 --> @ponchoboob commented on GitHub (Jan 27, 2024): Hi, thank you for your plugin. When I first tried, i didn't work and I tried it manually with certbot the see how all this stuff actually works and it worked. There is a little issue with reading the password. Passwords beginning with '#' are not working. Guess it is interpreted as commentary. With updateing to version0.2.1 of your plugin it finally worked here for me, but the issue with passwords starting with # is still there. kind regards, robert

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Jan 27, 2024):

the issue with passwords starting with # is still there.

Please try using quotes around it like so dns_strato_password = "#mysupersecretpassword". Otherwise I guess the only option to get it working is to change the password to not include such problematic characters.

<!-- gh-comment-id:1913350211 --> @FlixMa commented on GitHub (Jan 27, 2024): > the issue with passwords starting with # is still there. Please try using quotes around it like so `dns_strato_password = "#mysupersecretpassword"`. Otherwise I guess the only option to get it working is to change the password to not include such problematic characters.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Jan 28, 2024):

I got it working now with the latest NPM in Docker:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.1

how do you get pip install cert...... to work? i only get this error...

<!-- gh-comment-id:1913515895 --> @Yoshi315161 commented on GitHub (Jan 28, 2024): > I got it working now with the latest NPM in Docker: > > 1. exec in to the container > 2. apt update > 3. apt install pip > 4. apt install nano > 5. pip install certbot-dns-strato==0.2.1 how do you get pip install cert...... to work? i only get this error... 

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@nevyen commented on GitHub (Jan 29, 2024):

Which username and password are used?

The one to login into my account or the one which is used to login into dyndns?

<!-- gh-comment-id:1914024186 --> @nevyen commented on GitHub (Jan 29, 2024): Which username and password are used? The one to login into my account or the one which is used to login into dyndns?

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@ponchoboob commented on GitHub (Jan 29, 2024):

Hi, just use your credentials that you use to login on the strato service portal.
Or to take your words, the "one to login into my account"...

kind regards.

<!-- gh-comment-id:1914252364 --> @ponchoboob commented on GitHub (Jan 29, 2024): Hi, just use your credentials that you use to login on the strato service portal. Or to take your words, the "one to login into my account"... kind regards.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@ponchoboob commented on GitHub (Jan 29, 2024):

Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/

Try setting the propagation time to 60 seconds or longer. When manually using Certbot with the DNS-01 challenge, you will see a message instructing you to wait for a specified amount of time after entering the provided key (challenge) into the CNAME field. Another possible issue could be the plugin itself. Since it employs web scraping techniques to log into your account and automate tasks, the webpage may not fully load. As a result, the plugin might not be able to locate the required HTML/CSS tags. Generally, most websites do not appreciate being scraped and have protections against it. This is why libraries such as Puppeteer (Node.js) offer proxy settings, as well as delay and wait mechanisms for web scraping.

kind regards.

<!-- gh-comment-id:1914273505 --> @ponchoboob commented on GitHub (Jan 29, 2024): > Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/ Try setting the propagation time to 60 seconds or longer. When manually using Certbot with the DNS-01 challenge, you will see a message instructing you to wait for a specified amount of time after entering the provided key (challenge) into the CNAME field. Another possible issue could be the plugin itself. Since it employs web scraping techniques to log into your account and automate tasks, the webpage may not fully load. As a result, the plugin might not be able to locate the required HTML/CSS tags. Generally, most websites do not appreciate being scraped and have protections against it. This is why libraries such as Puppeteer (Node.js) offer proxy settings, as well as delay and wait mechanisms for web scraping. kind regards.

kerem commented 2026-02-26 06:35:09 +03:00

Author

Owner

Copy link

@Cookiecollecto commented on GitHub (Feb 12, 2024):

I got it working now with the latest NPM in Docker:

Hope that helps Cheers Tom

Thank you so mutch! Its working again.

<!-- gh-comment-id:1939077127 --> @Cookiecollecto commented on GitHub (Feb 12, 2024): > I got it working now with the latest NPM in Docker: > > > Hope that helps Cheers Tom Thank you so mutch! Its working again.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Feb 12, 2024):

I got it working now with the latest NPM in Docker:
Hope that helps Cheers Tom

Thank you so mutch! Its working again.

Can you explain how?
I am stuck at the point with pip install… i always got an error…

<!-- gh-comment-id:1939534216 --> @Yoshi315161 commented on GitHub (Feb 12, 2024): > > I got it working now with the latest NPM in Docker: > > Hope that helps Cheers Tom > > Thank you so mutch! Its working again. Can you explain how? I am stuck at the point with pip install… i always got an error…

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Cookiecollecto commented on GitHub (Feb 12, 2024):

I got it working now with the latest NPM in Docker:
Hope that helps Cheers Tom

Thank you so mutch! Its working again.

Can you explain how? I am stuck at the point with pip install… i always got an error…

I followed the instructions step by step, and it worked in the end. I had no error, sry.

<!-- gh-comment-id:1939565696 --> @Cookiecollecto commented on GitHub (Feb 12, 2024): > > > I got it working now with the latest NPM in Docker: > > > Hope that helps Cheers Tom > > > > > > Thank you so mutch! Its working again. > > Can you explain how? I am stuck at the point with pip install… i always got an error… I followed the instructions step by step, and it worked in the end. I had no error, sry.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Feb 13, 2024):

Can you explain how? I am stuck at the point with pip install… i always got an error…

Hey @Yoshi315161, did you try the suggestion at the end of the error message?
the Strato package doesn’t need to much dependencies. Good chance, nothing will break. Just saying that it might be worth a try, just make sure to have a backup.

<!-- gh-comment-id:1940650162 --> @FlixMa commented on GitHub (Feb 13, 2024): > Can you explain how? I am stuck at the point with pip install… i always got an error… Hey @Yoshi315161, did you try the suggestion at the end of the error message? the Strato package doesn’t need to much dependencies. Good chance, nothing will break. Just saying that it might be worth a try, just make sure to have a backup.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Yoshi315161 commented on GitHub (Feb 13, 2024):

Ok got it to work now
Thx for the hint FlixMa :)
If someone have the same problems with the error:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.1 --break-system-packages
6. cd global/
7. nano certbot-dns-plugins.json
8. change the version from Strato 0.1.1 to 0.2.1 and save it
9. restart the container
10. Request a new Wildcard within NPM

<!-- gh-comment-id:1942715825 --> @Yoshi315161 commented on GitHub (Feb 13, 2024): Ok got it to work now Thx for the hint FlixMa :) If someone have the same problems with the error: 1. exec in to the container 2. apt update 3. apt install pip 4. apt install nano 5. pip install certbot-dns-strato==0.2.1 --break-system-packages 6. cd global/ 7. nano certbot-dns-plugins.json 8. change the version from Strato 0.1.1 to 0.2.1 and save it 9. restart the container 10. Request a new Wildcard within NPM

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@nevyen commented on GitHub (Feb 14, 2024):

Hey I followed the instructions serveral times.

But I still get an Error.
I've got a guess what the problem is.

In my strato login are different packages. So on the first login I got the list with packages and need to select one before I can edit a domain.

It seems there is a param cID in the URL which select the right package.

I tried to add it to the custom_api_path but it seems this isn't the solution.

@FlixMa maybe you got an idea how to manage it.

<!-- gh-comment-id:1943477412 --> @nevyen commented on GitHub (Feb 14, 2024): Hey I followed the instructions serveral times. But I still get an Error. I've got a guess what the problem is. In my strato login are different packages. So on the first login I got the list with packages and need to select one before I can edit a domain. It seems there is a param `cID` in the URL which select the right package. I tried to add it to the `custom_api_path `but it seems this isn't the solution. @FlixMa maybe you got an idea how to manage it.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Feb 14, 2024):

The cID is determined automatically by the domain name you specify in the configuration.
It is wrong to add it to the custom path. Is your cid 0 or 1 or something way higher like 6-digits? Strato did change this behaviour and broke it for my setup some weeks ago, but I thought I fixed that.

<!-- gh-comment-id:1944379700 --> @FlixMa commented on GitHub (Feb 14, 2024): The `cID` is determined automatically by the domain name you specify in the configuration. It is wrong to add it to the custom path. Is your cid 0 or 1 or something way higher like 6-digits? Strato did change this behaviour and broke it for my setup some weeks ago, but I thought I fixed that.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Estradamis commented on GitHub (Feb 17, 2024):

Joining here as the steps provided didnt fix the issue :(

<!-- gh-comment-id:1950238072 --> @Estradamis commented on GitHub (Feb 17, 2024): Joining here as the steps provided didnt fix the issue :(

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@speede83 commented on GitHub (Feb 18, 2024):

Hey all, apparently Strato did change the way of accessing the individual packages. In the past this was done through an absolute package id. Now this changed to incrementing numbers per account.

Hopefully the uploaded fix 0.2.1 will account for that. The tests on my end are looking fine. Please try to update the pip package and let me know :-) Felix

Thanks a lot. Updated NPM to v2.11.1 and updated the certbot-dns-strato to fix 0.2.1. I instatly was able to renew my wildcard certificat.

<!-- gh-comment-id:1951373986 --> @speede83 commented on GitHub (Feb 18, 2024): > Hey all, apparently Strato did change the way of accessing the individual packages. In the past this was done through an absolute package id. Now this changed to incrementing numbers per account. > > Hopefully the uploaded fix 0.2.1 will account for that. The tests on my end are looking fine. Please try to update the pip package and let me know :-) Felix Thanks a lot. Updated NPM to v2.11.1 and updated the `certbot-dns-strato` to fix 0.2.1. I instatly was able to renew my wildcard certificat.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@nevyen commented on GitHub (Feb 20, 2024):

I tried it once again but it didn't work

my Config is:

dns_strato_username = "myloginnumber"
dns_strato_password = "mySecretPasswordWitha$asSpecialChar"

Propagation Seconds = 70

The log gives the following output

2024-02-20 14:29:12,215:DEBUG:acme.client:Storing nonce: 1pTQTQeXzVAON8O3Q591coWeQUvKkxzhPFA_m3dQMlrt4jo7VBI
2024-02-20 14:29:12,218:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-02-20 14:29:12,219:INFO:certbot._internal.auth_handler:dns-01 challenge for mydomain.de
2024-02-20 14:29:12,228:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.de:443
2024-02-20 14:29:12,528:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2024-02-20 14:29:13,011:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "POST /apps/CustomerService HTTP/1.1" 302 0
2024-02-20 14:29:13,082:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService?sessionID=5dc882acc8846e453a5e95c7019079&node=kds_CustomerEntryPage&cID=0&swtssa=gerbksnst0000000000000000 HTTP/1.1" 200 None
2024-02-20 14:29:13,146:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService?sessionID=5dc882acc8846e453a5e95c7019079&cID=0&node=kds_CustomerEntryPage HTTP/1.1" 200 None

As you can see my cID above is 0 when I login into my account the cID is 1.

Maybe this is my problem.

<!-- gh-comment-id:1954377388 --> @nevyen commented on GitHub (Feb 20, 2024): I tried it once again but it didn't work my Config is: ``` dns_strato_username = "myloginnumber" dns_strato_password = "mySecretPasswordWitha$asSpecialChar" ``` Propagation Seconds = 70 The log gives the following output ``` 2024-02-20 14:29:12,215:DEBUG:acme.client:Storing nonce: 1pTQTQeXzVAON8O3Q591coWeQUvKkxzhPFA_m3dQMlrt4jo7VBI 2024-02-20 14:29:12,218:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-02-20 14:29:12,219:INFO:certbot._internal.auth_handler:dns-01 challenge for mydomain.de 2024-02-20 14:29:12,228:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.de:443 2024-02-20 14:29:12,528:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2024-02-20 14:29:13,011:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "POST /apps/CustomerService HTTP/1.1" 302 0 2024-02-20 14:29:13,082:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService?sessionID=5dc882acc8846e453a5e95c7019079&node=kds_CustomerEntryPage&cID=0&swtssa=gerbksnst0000000000000000 HTTP/1.1" 200 None 2024-02-20 14:29:13,146:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService?sessionID=5dc882acc8846e453a5e95c7019079&cID=0&node=kds_CustomerEntryPage HTTP/1.1" 200 None ``` As you can see my cID above is 0 when I login into my account the cID is 1. Maybe this is my problem.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@4EverChaos commented on GitHub (Feb 26, 2024):

Ok got it to work now Thx for the hint FlixMa :) If someone have the same problems with the error:

1. exec in to the container

2. apt update

3. apt install pip

4. apt install nano

5. pip install certbot-dns-strato==0.2.1 --break-system-packages

6. cd global/

7. nano certbot-dns-plugins.json

8. change the version from Strato 0.1.1 to 0.2.1 and save it

9. restart the container

10. Request a new Wildcard within NPM

This helped in my case, thanks for the steps!

<!-- gh-comment-id:1965156792 --> @4EverChaos commented on GitHub (Feb 26, 2024): > Ok got it to work now Thx for the hint FlixMa :) If someone have the same problems with the error: > > 1. exec in to the container > > 2. apt update > > 3. apt install pip > > 4. apt install nano > > 5. pip install certbot-dns-strato==0.2.1 --break-system-packages > > 6. cd global/ > > 7. nano certbot-dns-plugins.json > > 8. change the version from Strato 0.1.1 to 0.2.1 and save it > > 9. restart the container > > 10. Request a new Wildcard within NPM This helped in my case, thanks for the steps!

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Mar 1, 2024):

Trying to setup a new LXC on proxmox but cannot get it to run. Requesting single subdomain certificates is working fine, but DNS challenge with strato isn't.

Already updated certbot-dns-strato, modified certbot-dns-plugins.json etc. but no success.

2FA is NOT activated & no '#' inside my password.

NPM: v2.11.1 also tried with 2.10

Credentials File Content

dns_strato_username = "XXXXX"
dns_strato_password = "XXXXXXXXXXXX"
#uncomment if youre using two factor authentication:
#dns_strato_totp_devicename = 2fa_device
#dns_strato_totp_secret = 2fa_secret
#
#uncomment if domain name contains special characters
#insert domain display name as seen on your account page here
#dns_strato_domain_display_name = my-punicode-url.de
#
#if youre not using strato.de or another special endpoint you can customise it below
#you will probably only need to adjust the host, but you can also change the complete endpoint url
#dns_strato_custom_api_scheme = https
#dns_strato_custom_api_host = www.strato.de
#dns_strato_custom_api_port = 443
#dns_strato_custom_api_path = "/apps/CustomerService"

Error in NPM

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:410:5)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

letsencrypt.log

2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-3', '--agree-tos', '--email', 'webmaster@XXXXX.de', '--domains', 'XXXXX.de', '--authenticator', 'dns-strato', '--dns-strato-credentials', '/etc/letsencrypt/credentials/credentials-3']
2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-duckdns,PluginEntryPoint#dns-porkbun,PluginEntryPoint#dns-strato,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-01 14:41:04,693:DEBUG:certbot._internal.log:Root logging level set at 30
2024-03-01 14:41:04,694:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-strato and installer None
2024-03-01 14:41:04,694:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-strato
Description: Obtain certificates using a DNS TXT record (if you are using Strato for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-strato = certbot_dns_strato.dns_strato:Authenticator
Initialized: <certbot_dns_strato.dns_strato.Authenticator object at 0x798b0eb23f90>
Prep: True
2024-03-01 14:41:04,695:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_strato.dns_strato.Authenticator object at 0x798b0eb23f90> and installer None
2024-03-01 14:41:04,695:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-strato, Installer None
2024-03-01 14:41:04,727:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1596796947', new_authzr_uri=None, terms_of_service=None), 6f0a8cb6b0a20a11d5dc2f93ddbfba38, Meta(creation_dt=datetime.datetime(2024, 3, 1, 13, 37, 36, tzinfo=<UTC>), creation_host='npm.localdomain', register_to_eff=None))>
2024-03-01 14:41:04,727:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-03-01 14:41:05,165:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 01 Mar 2024 13:41:05 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "6_Pvodmp9nQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-03-01 14:41:05,166:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for XXXXX.de
2024-03-01 14:41:05,178:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
2024-03-01 14:41:05,188:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
2024-03-01 14:41:05,192:DEBUG:acme.client:Requesting fresh nonce
2024-03-01 14:41:05,192:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-03-01 14:41:05,333:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 01 Mar 2024 13:41:05 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: iCRP5AvKBZQQDNabOqaNZb8VQSj0sAOmXtGuOTI0WpwW76p--LY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-03-01 14:41:05,334:DEBUG:acme.client:Storing nonce: iCRP5AvKBZQQDNabOqaNZb8VQSj0sAOmXtGuOTI0WpwW76p--LY
2024-03-01 14:41:05,335:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "XXXXX.de"\n    }\n  ]\n}'
2024-03-01 14:41:05,343:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5Njc5Njk0NyIsICJub25jZSI6ICJpQ1JQNUF2S0JaUVFETmFiT3FhTlpiOFZRU2owc0FPbVh0R3VPVEkwV3B3Vzc2cC0tTFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "ftcKQsGnUrRi7tg2DMXnzw3azVcCRJgvHldRbp_WLmI2ov_Z5ys5xcJF5gouD5vbNls1j7c_lklzTW4XqVTONZ1N9DQIfmsxjfN4G-s78GDLIr3xVu9TzaMtWjodZd1cb9jfQbORsBskeU27iVDZDmP91vvIPP4yVIUJC1T5rF6qIaZQVeqm99Kbk5SG_5P_USdvq--z9J72QLoWRXuHvA-kyonnWjECCL9vwhZIGl9ihQkjxTmzWrsBw5TZSac1TJE_bFYnHzbWtgnxfgwWisRatRTJgtqt8x9ByyN6O5TrP2TQ7UJD7xrsT4N8wWiMzjpxudIC56DtAMxS6oNoyQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvbGV3aWVuc2tpLmRlIgogICAgfQogIF0KfQ"
}
2024-03-01 14:41:05,736:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 01 Mar 2024 13:41:05 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 1596796947
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1596796947/248728721787
Replay-Nonce: iCRP5AvKuHwnj8SJuFgqR7PK3u2C4C33ZccsWzxV0T5YEalgkpg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-03-08T13:37:36Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "XXXXX.de"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/321228332677"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1596796947/248728721787"
}
2024-03-01 14:41:05,737:DEBUG:acme.client:Storing nonce: iCRP5AvKuHwnj8SJuFgqR7PK3u2C4C33ZccsWzxV0T5YEalgkpg
2024-03-01 14:41:05,738:DEBUG:acme.client:JWS payload:
b''
2024-03-01 14:41:05,741:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/321228332677:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5Njc5Njk0NyIsICJub25jZSI6ICJpQ1JQNUF2S3VId25qOFNKdUZncVI3UEszdTJDNEMzM1pjY3NXenhWMFQ1WUVhbGdrcGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyMTIyODMzMjY3NyJ9",
  "signature": "HApgjJKW2K4bNfizVUGjacGbefTRQaWLGRMKN3pfH4IRsDbiHjI_mg48rUqv85Fh5A2O4vBdoDirSdZie7G3d6yEn0CtEaYvJQidtN7jq8Hs_w-mSJJKpx_lS-NzaRcReEVIHgeiYVrqGHIiPM5bnoEMs5YAKHJdayoZBRcmUNxmV3PgzsX0ywHDor5zdYIt5-XuYxERNrCnBlbc2bn0Cnuc9Zhmo_OHuZ1vR-FPuFv5h0iHiHrr4R4v6WgpooRdGM_FRa6Bj077z3_B-MgGKKFXxzFbqdED_15xRHXgjPzZHKnZy1ankVPSovvcZuWvcq1Xo8bKpKABxgb6oT0Mgw",
  "payload": ""
}
2024-03-01 14:41:05,893:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 01 Mar 2024 13:41:05 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1596796947
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: iCRP5AvKDvj1FvscYFwwsTlUU1kHvR7yRVh3muiUBT0T4JBLoVQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "XXXXX.de"
  },
  "status": "pending",
  "expires": "2024-03-08T13:37:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/H8KNtg",
      "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/I5rWVg",
      "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/Hl0VMg",
      "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4"
    }
  ]
}
2024-03-01 14:41:05,894:DEBUG:acme.client:Storing nonce: iCRP5AvKDvj1FvscYFwwsTlUU1kHvR7yRVh3muiUBT0T4JBLoVQ
2024-03-01 14:41:05,895:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-03-01 14:41:05,896:INFO:certbot._internal.auth_handler:dns-01 challenge for XXXXX.de

Had it running in docker on unraid successful but want to move the critical applications to my proxmox cluster.
I would really appreciate your help here.

EDIT: I just saw, on my existing NPM on Unraid, also v2.11.1 I run into problems too, when renewing the domain (XXXXX.de) which I´ve tried with the new NPM container. When trying with one of my other domains (YYYYY.com), I can renew without problems. I´ve checked both config files, they are the same. So I have no idea why it's not working for that one domain.
In the new container, it is working with my second domain (YYYYY.com) too, with the first one (XXXXX.de) not. Tested with exactly the same settings but ran into the above issue.

<!-- gh-comment-id:1973267199 --> @mwLabs-eu commented on GitHub (Mar 1, 2024): Trying to setup a new LXC on proxmox but cannot get it to run. Requesting single subdomain certificates is working fine, but DNS challenge with strato isn't. Already updated `certbot-dns-strato`, modified `certbot-dns-plugins.json` etc. but no success. 2FA is NOT activated & no '#' inside my password. NPM: v2.11.1 also tried with 2.10 <details><summary>Credentials File Content</summary> <p> ```shell dns_strato_username = "XXXXX" dns_strato_password = "XXXXXXXXXXXX" #uncomment if youre using two factor authentication: #dns_strato_totp_devicename = 2fa_device #dns_strato_totp_secret = 2fa_secret # #uncomment if domain name contains special characters #insert domain display name as seen on your account page here #dns_strato_domain_display_name = my-punicode-url.de # #if youre not using strato.de or another special endpoint you can customise it below #you will probably only need to adjust the host, but you can also change the complete endpoint url #dns_strato_custom_api_scheme = https #dns_strato_custom_api_host = www.strato.de #dns_strato_custom_api_port = 443 #dns_strato_custom_api_path = "/apps/CustomerService" ``` </p> </details> <details><summary>Error in NPM</summary> <p> ```shell CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ``` </p> </details> <details><summary>letsencrypt.log</summary> <p> ```shell 2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:certbot version: 2.1.0 2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-3', '--agree-tos', '--email', 'webmaster@XXXXX.de', '--domains', 'XXXXX.de', '--authenticator', 'dns-strato', '--dns-strato-credentials', '/etc/letsencrypt/credentials/credentials-3'] 2024-03-01 14:41:04,687:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-duckdns,PluginEntryPoint#dns-porkbun,PluginEntryPoint#dns-strato,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-03-01 14:41:04,693:DEBUG:certbot._internal.log:Root logging level set at 30 2024-03-01 14:41:04,694:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-strato and installer None 2024-03-01 14:41:04,694:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-strato Description: Obtain certificates using a DNS TXT record (if you are using Strato for DNS). Interfaces: Authenticator, Plugin Entry point: dns-strato = certbot_dns_strato.dns_strato:Authenticator Initialized: <certbot_dns_strato.dns_strato.Authenticator object at 0x798b0eb23f90> Prep: True 2024-03-01 14:41:04,695:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_strato.dns_strato.Authenticator object at 0x798b0eb23f90> and installer None 2024-03-01 14:41:04,695:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-strato, Installer None 2024-03-01 14:41:04,727:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1596796947', new_authzr_uri=None, terms_of_service=None), 6f0a8cb6b0a20a11d5dc2f93ddbfba38, Meta(creation_dt=datetime.datetime(2024, 3, 1, 13, 37, 36, tzinfo=<UTC>), creation_host='npm.localdomain', register_to_eff=None))> 2024-03-01 14:41:04,727:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2024-03-01 14:41:05,165:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Fri, 01 Mar 2024 13:41:05 GMT Content-Type: application/json Content-Length: 752 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "6_Pvodmp9nQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2024-03-01 14:41:05,166:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for XXXXX.de 2024-03-01 14:41:05,178:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem 2024-03-01 14:41:05,188:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem 2024-03-01 14:41:05,192:DEBUG:acme.client:Requesting fresh nonce 2024-03-01 14:41:05,192:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2024-03-01 14:41:05,333:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Fri, 01 Mar 2024 13:41:05 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: iCRP5AvKBZQQDNabOqaNZb8VQSj0sAOmXtGuOTI0WpwW76p--LY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2024-03-01 14:41:05,334:DEBUG:acme.client:Storing nonce: iCRP5AvKBZQQDNabOqaNZb8VQSj0sAOmXtGuOTI0WpwW76p--LY 2024-03-01 14:41:05,335:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "XXXXX.de"\n }\n ]\n}' 2024-03-01 14:41:05,343:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5Njc5Njk0NyIsICJub25jZSI6ICJpQ1JQNUF2S0JaUVFETmFiT3FhTlpiOFZRU2owc0FPbVh0R3VPVEkwV3B3Vzc2cC0tTFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "ftcKQsGnUrRi7tg2DMXnzw3azVcCRJgvHldRbp_WLmI2ov_Z5ys5xcJF5gouD5vbNls1j7c_lklzTW4XqVTONZ1N9DQIfmsxjfN4G-s78GDLIr3xVu9TzaMtWjodZd1cb9jfQbORsBskeU27iVDZDmP91vvIPP4yVIUJC1T5rF6qIaZQVeqm99Kbk5SG_5P_USdvq--z9J72QLoWRXuHvA-kyonnWjECCL9vwhZIGl9ihQkjxTmzWrsBw5TZSac1TJE_bFYnHzbWtgnxfgwWisRatRTJgtqt8x9ByyN6O5TrP2TQ7UJD7xrsT4N8wWiMzjpxudIC56DtAMxS6oNoyQ", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvbGV3aWVuc2tpLmRlIgogICAgfQogIF0KfQ" } 2024-03-01 14:41:05,736:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Fri, 01 Mar 2024 13:41:05 GMT Content-Type: application/json Content-Length: 340 Connection: keep-alive Boulder-Requester: 1596796947 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/1596796947/248728721787 Replay-Nonce: iCRP5AvKuHwnj8SJuFgqR7PK3u2C4C33ZccsWzxV0T5YEalgkpg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2024-03-08T13:37:36Z", "identifiers": [ { "type": "dns", "value": "XXXXX.de" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/321228332677" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1596796947/248728721787" } 2024-03-01 14:41:05,737:DEBUG:acme.client:Storing nonce: iCRP5AvKuHwnj8SJuFgqR7PK3u2C4C33ZccsWzxV0T5YEalgkpg 2024-03-01 14:41:05,738:DEBUG:acme.client:JWS payload: b'' 2024-03-01 14:41:05,741:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/321228332677: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5Njc5Njk0NyIsICJub25jZSI6ICJpQ1JQNUF2S3VId25qOFNKdUZncVI3UEszdTJDNEMzM1pjY3NXenhWMFQ1WUVhbGdrcGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyMTIyODMzMjY3NyJ9", "signature": "HApgjJKW2K4bNfizVUGjacGbefTRQaWLGRMKN3pfH4IRsDbiHjI_mg48rUqv85Fh5A2O4vBdoDirSdZie7G3d6yEn0CtEaYvJQidtN7jq8Hs_w-mSJJKpx_lS-NzaRcReEVIHgeiYVrqGHIiPM5bnoEMs5YAKHJdayoZBRcmUNxmV3PgzsX0ywHDor5zdYIt5-XuYxERNrCnBlbc2bn0Cnuc9Zhmo_OHuZ1vR-FPuFv5h0iHiHrr4R4v6WgpooRdGM_FRa6Bj077z3_B-MgGKKFXxzFbqdED_15xRHXgjPzZHKnZy1ankVPSovvcZuWvcq1Xo8bKpKABxgb6oT0Mgw", "payload": "" } 2024-03-01 14:41:05,893:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Fri, 01 Mar 2024 13:41:05 GMT Content-Type: application/json Content-Length: 798 Connection: keep-alive Boulder-Requester: 1596796947 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: iCRP5AvKDvj1FvscYFwwsTlUU1kHvR7yRVh3muiUBT0T4JBLoVQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.de" }, "status": "pending", "expires": "2024-03-08T13:37:36Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/H8KNtg", "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/I5rWVg", "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/321228332677/Hl0VMg", "token": "grWJn6XTE8BdkTUAselPoSFhquwisYXDt7PsU_XetV4" } ] } 2024-03-01 14:41:05,894:DEBUG:acme.client:Storing nonce: iCRP5AvKDvj1FvscYFwwsTlUU1kHvR7yRVh3muiUBT0T4JBLoVQ 2024-03-01 14:41:05,895:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-03-01 14:41:05,896:INFO:certbot._internal.auth_handler:dns-01 challenge for XXXXX.de ``` </p> </details> Had it running in docker on unraid successful but want to move the critical applications to my proxmox cluster. I would really appreciate your help here. EDIT: I just saw, on my existing NPM on Unraid, also v2.11.1 I run into problems too, when renewing the domain (XXXXX.de) which I´ve tried with the new NPM container. When trying with one of my other domains (YYYYY.com), I can renew without problems. I´ve checked both config files, they are the same. So I have no idea why it's not working for that one domain. In the new container, it is working with my second domain (YYYYY.com) too, with the first one (XXXXX.de) not. Tested with exactly the same settings but ran into the above issue.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Vientus commented on GitHub (Mar 4, 2024):

Try to use your package password and your domain.

Go to your strato account and set your package password. Then check, if you can login to your strato account with your domain name (e.g. example.com) as user and for your password use your package password.

If that works, enter those credentials into the Credential File:

dns_strato_username = "example.com"
dns_strato_password = "package password"  
#uncomment if youre using two factor authentication:
#dns_strato_totp_devicename = 2fa_device
#dns_strato_totp_secret = 2fa_secret
#
#uncomment if domain name contains special characters
#insert domain display name as seen on your account page here
#dns_strato_domain_display_name = my-punicode-url.de
#
#if youre not using strato.de or another special endpoint you can customise it below
#you will probably only need to adjust the host, but you can also change the complete endpoint url
#dns_strato_custom_api_scheme = https
#dns_strato_custom_api_host = www.strato.de
#dns_strato_custom_api_port = 443
#dns_strato_custom_api_path = "/apps/CustomerService"

<!-- gh-comment-id:1977486433 --> @Vientus commented on GitHub (Mar 4, 2024): Try to use your package password and your domain. Go to your strato account and set your package password. Then check, if you can login to your strato account with your domain name (e.g. example.com) as user and for your password use your package password. If that works, enter those credentials into the Credential File: ``` dns_strato_username = "example.com" dns_strato_password = "package password" #uncomment if youre using two factor authentication: #dns_strato_totp_devicename = 2fa_device #dns_strato_totp_secret = 2fa_secret # #uncomment if domain name contains special characters #insert domain display name as seen on your account page here #dns_strato_domain_display_name = my-punicode-url.de # #if youre not using strato.de or another special endpoint you can customise it below #you will probably only need to adjust the host, but you can also change the complete endpoint url #dns_strato_custom_api_scheme = https #dns_strato_custom_api_host = www.strato.de #dns_strato_custom_api_port = 443 #dns_strato_custom_api_path = "/apps/CustomerService" ```

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@anubis-genix commented on GitHub (Mar 7, 2024):

Ok got it to work now Thx for the hint FlixMa :) If someone have the same problems with the error:

1. exec in to the container

2. apt update

3. apt install pip

4. apt install nano

5. pip install certbot-dns-strato==0.2.1 --break-system-packages

6. cd global/

7. nano certbot-dns-plugins.json

8. change the version from Strato 0.1.1 to 0.2.1 and save it

9. restart the container

10. Request a new Wildcard within NPM

And I had assumed that it was just a bug in the older version. It was all the more annoying to discover that it doesn't work with the newer version either. It finally got it to work thanks to your instructions. Thanks a lot!

<!-- gh-comment-id:1983419856 --> @anubis-genix commented on GitHub (Mar 7, 2024): > Ok got it to work now Thx for the hint FlixMa :) If someone have the same problems with the error: > > 1. exec in to the container > > 2. apt update > > 3. apt install pip > > 4. apt install nano > > 5. pip install certbot-dns-strato==0.2.1 --break-system-packages > > 6. cd global/ > > 7. nano certbot-dns-plugins.json > > 8. change the version from Strato 0.1.1 to 0.2.1 and save it > > 9. restart the container > > 10. Request a new Wildcard within NPM And I had assumed that it was just a bug in the older version. It was all the more annoying to discover that it doesn't work with the newer version either. It finally got it to work thanks to your instructions. Thanks a lot!

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Mar 7, 2024):

Try to use your package password and your domain.

Go to your strato account and set your package password. Then check, if you can login to your strato account with your domain name (e.g. example.com) as user and for your password use your package password.

If that works, enter those credentials into the Credential File:

dns_strato_username = "example.com"

dns_strato_password = "package password"  

#uncomment if youre using two factor authentication:

#dns_strato_totp_devicename = 2fa_device

#dns_strato_totp_secret = 2fa_secret

#

#uncomment if domain name contains special characters

#insert domain display name as seen on your account page here

#dns_strato_domain_display_name = my-punicode-url.de

#

#if youre not using strato.de or another special endpoint you can customise it below

#you will probably only need to adjust the host, but you can also change the complete endpoint url

#dns_strato_custom_api_scheme = https

#dns_strato_custom_api_host = www.strato.de

#dns_strato_custom_api_port = 443

#dns_strato_custom_api_path = "/apps/CustomerService"

This finally worked for me! Thank you very much!!! 😁

<!-- gh-comment-id:1983731084 --> @mwLabs-eu commented on GitHub (Mar 7, 2024): > Try to use your package password and your domain. > > > > Go to your strato account and set your package password. Then check, if you can login to your strato account with your domain name (e.g. example.com) as user and for your password use your package password. > > > > If that works, enter those credentials into the Credential File: > > > > ``` > > dns_strato_username = "example.com" > > dns_strato_password = "package password" > > #uncomment if youre using two factor authentication: > > #dns_strato_totp_devicename = 2fa_device > > #dns_strato_totp_secret = 2fa_secret > > # > > #uncomment if domain name contains special characters > > #insert domain display name as seen on your account page here > > #dns_strato_domain_display_name = my-punicode-url.de > > # > > #if youre not using strato.de or another special endpoint you can customise it below > > #you will probably only need to adjust the host, but you can also change the complete endpoint url > > #dns_strato_custom_api_scheme = https > > #dns_strato_custom_api_host = www.strato.de > > #dns_strato_custom_api_port = 443 > > #dns_strato_custom_api_path = "/apps/CustomerService" > > ``` > > This finally worked for me! Thank you very much!!! 😁

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Mar 9, 2024):

Hey, again me. Looks like I was able to request a cert for my domain now. but it seems not to be a wildcard. There is no "*" in front of the domain, and we also receive the message from Firefox, that the domain name (subdomain) is missing in the cert.

EDIT: Also, whats interesting, now my default strato credentials are working again for this domain...

<!-- gh-comment-id:1986944953 --> @mwLabs-eu commented on GitHub (Mar 9, 2024): Hey, again me. Looks like I was able to request a cert for my domain now. but it seems not to be a wildcard. There is no "*" in front of the domain, and we also receive the message from Firefox, that the domain name (subdomain) is missing in the cert. EDIT: Also, whats interesting, now my default strato credentials are working again for this domain...

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Vientus commented on GitHub (Mar 9, 2024):

Hey, again me. Looks like I was able to request a cert for my domain now. but it seems not to be a wildcard. There is no "*" in front of the domain, and we also receive the message from Firefox, that the domain name (subdomain) is missing in the cert.

EDIT: Also, whats interesting, now my default strato credentials are working again for this domain...

You added your domain to nginx like domain.com and also *.domain.com? Then you should receive a wildcard cert.

<!-- gh-comment-id:1986959261 --> @Vientus commented on GitHub (Mar 9, 2024): > Hey, again me. Looks like I was able to request a cert for my domain now. but it seems not to be a wildcard. There is no "*" in front of the domain, and we also receive the message from Firefox, that the domain name (subdomain) is missing in the cert. > > EDIT: Also, whats interesting, now my default strato credentials are working again for this domain... You added your domain to nginx like domain.com and also *.domain.com? Then you should receive a wildcard cert.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Mar 9, 2024):

No, I´ve just added "domain.de" to the textbox, like I did in the past. When additionally adding "*.domain.de" I run into an issue.

EDIT: Anyway, now I´m running into the cert limit. ._.

<!-- gh-comment-id:1986961343 --> @mwLabs-eu commented on GitHub (Mar 9, 2024): No, I´ve just added "domain.de" to the textbox, like I did in the past. When additionally adding "*.domain.de" I run into an issue. EDIT: Anyway, now I´m running into the cert limit. ._.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@Vientus commented on GitHub (Mar 10, 2024):

I am just a noob myself in that area of expertise ;-). But I think, you have to add *.domain.de for receiving a second level subdomain wildcard certificate.

<!-- gh-comment-id:1987150566 --> @Vientus commented on GitHub (Mar 10, 2024): I am just a noob myself in that area of expertise ;-). But I think, you have to add *.domain.de for receiving a second level subdomain wildcard certificate.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Mar 11, 2024):

I think I never did this in the past, but it's possible, it got automatically added. Not sure to be honest.
But with adding it, it did not work, as the resolved address is not routed to my server (its checking for *.domain.de).

<!-- gh-comment-id:1989330429 --> @mwLabs-eu commented on GitHub (Mar 11, 2024): I think I never did this in the past, but it's possible, it got automatically added. Not sure to be honest. But with adding it, it did not work, as the resolved address is not routed to my server (its checking for *.domain.de).

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@kaptewn commented on GitHub (Mar 14, 2024):

Hi,

I just found this thread and it has helped me greatly in managing to create a cert for my domain on strato.

One small (big) problem though. Even though the cert shows up, and I can use it for my reverse proxy, i get an "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error when I'm trying to connect to the domain. Why woud that be if I have used the config below?

*.example.se

dns_strato_username = username
dns_strato_password = "password"
dns_strato_domain_display_name = example.se
dns_strato_custom_api_host = www.strato.se

I have tried the full subdomain instead of the wildcard and as display name aswell, but nothing works. The Cert is created with no problems, but I get the version or mismatch error in chrome every time. In firefox the error is "SSL_ERROR_NO_CYPHER_OVERLAP" instead.

If i create a cert for duckdns.org for example, there is no problems at all.

Can anyone elaborate on what I need to do?

EDIT: I solved it myselv by adding the domain to Cloudflare and bypassing Strato DNS completely.
Then I could also just make a DNS challenge to Cloudflare instead of Strato.

<!-- gh-comment-id:1997866392 --> @kaptewn commented on GitHub (Mar 14, 2024): Hi, I just found this thread and it has helped me greatly in managing to create a cert for my domain on strato. One small (big) problem though. Even though the cert shows up, and I can use it for my reverse proxy, i get an "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error when I'm trying to connect to the domain. Why woud that be if I have used the config below? *.example.se dns_strato_username = username dns_strato_password = "password" dns_strato_domain_display_name = example.se dns_strato_custom_api_host = www.strato.se I have tried the full subdomain instead of the wildcard and as display name aswell, but nothing works. The Cert is created with no problems, but I get the version or mismatch error in chrome every time. In firefox the error is "SSL_ERROR_NO_CYPHER_OVERLAP" instead. If i create a cert for duckdns.org for example, there is no problems at all. Can anyone elaborate on what I need to do? EDIT: I solved it myselv by adding the domain to Cloudflare and bypassing Strato DNS completely. Then I could also just make a DNS challenge to Cloudflare instead of Strato.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@PLanB2008 commented on GitHub (Mar 19, 2024):

After updating to 0.2.1 I could renew the wildcard certificate for one of my two domains. For the other I still get the same error as before. Any hints how to solve this?

Using the https://github.com/Buxdehuda/strato-certbot certbot I can at least receive the fitting certificate, so there it seems to be fixed :)

<!-- gh-comment-id:2006661480 --> @PLanB2008 commented on GitHub (Mar 19, 2024): After updating to 0.2.1 I could renew the wildcard certificate for one of my two domains. For the other I still get the same error as before. Any hints how to solve this? Using the https://github.com/Buxdehuda/strato-certbot certbot I can at least receive the fitting certificate, so there it seems to be fixed :)

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@wolflu05 commented on GitHub (Mar 27, 2024):

I can confirm that renewal after manually updating to 0.2.1 works. But why is that version not updated in the official docker container?

<!-- gh-comment-id:2022247979 --> @wolflu05 commented on GitHub (Mar 27, 2024): I can confirm that renewal after manually updating to 0.2.1 works. But why is that version not updated in the official docker container?

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@PLanB2008 commented on GitHub (Mar 27, 2024):

For me it still only works for the first of my domains.

<!-- gh-comment-id:2022444874 --> @PLanB2008 commented on GitHub (Mar 27, 2024): For me it still only works for the first of my domains.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@pdsccode commented on GitHub (Apr 3, 2024):

Sadly, neither can I renew my wildcard cert nor can I request a new one with any combination of the settings from above. I tried with updating the python package as well. I still get an "internal error" without any indication to the error itself.

<!-- gh-comment-id:2035075888 --> @pdsccode commented on GitHub (Apr 3, 2024): Sadly, neither can I renew my wildcard cert nor can I request a new one with any combination of the settings from above. I tried with updating the python package as well. I still get an "internal error" without any indication to the error itself.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 11, 2024):

I could successfully create my wildcard certificate, but still can't reach the subdomains when I select it for the proxy host. Btw it says the domains have to already be created. Does that mean that the wildcard certificate will only be created for the subdomains already added in the Strato account?

<!-- gh-comment-id:2050462824 --> @jclsn commented on GitHub (Apr 11, 2024): I could successfully create my wildcard certificate, but still can't reach the subdomains when I select it for the proxy host. Btw it says the domains have to already be created. Does that mean that the wildcard certificate will only be created for the subdomains already added in the Strato account?

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@nevyen commented on GitHub (Apr 12, 2024):

I could successfully create my wildcard certificate, but still can't reach the subdomains when I select it for the proxy host. Btw it says the domains have to already be created. Does that mean that the wildcard certificate will only be created for the subdomains already added in the Strato account?

You need to register your subdomains manually at strato. NGINX can't register Subdomains for you.

You need to register your subdomains and set the ip where they should point to. Or you could set a CNAME to point to the same IP as your DYNDNS Domain.

The Wildcard certificate is valid for all subdomains. No matter if they existed before or after the certificate generation.

<!-- gh-comment-id:2051008973 --> @nevyen commented on GitHub (Apr 12, 2024): > I could successfully create my wildcard certificate, but still can't reach the subdomains when I select it for the proxy host. Btw it says the domains have to already be created. Does that mean that the wildcard certificate will only be created for the subdomains already added in the Strato account? You need to register your subdomains manually at strato. NGINX can't register Subdomains for you. You need to register your subdomains and set the ip where they should point to. Or you could set a CNAME to point to the same IP as your DYNDNS Domain. The Wildcard certificate is valid for all subdomains. No matter if they existed before or after the certificate generation.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 12, 2024):

@nevyen I would like it to use the same IP as the DynDNS domain. How do I do this with the CNAME? Shouldn't this be automatically set up? I have DynDNS deactivated for the subdomain and I realized that the IP differs from the main domain. I would assume they are the same.

I am still being greeted with the Strato landing page on the subdomain, so the proxy doesn't seem to work. The certificate for my main domain also is not trusted by Firefox today and it points to my router's WebUI. Yesterday this still worked. Really hard to set this up. DuckDNS was so straight-forward.

<!-- gh-comment-id:2051089316 --> @jclsn commented on GitHub (Apr 12, 2024): @nevyen I would like it to use the same IP as the DynDNS domain. How do I do this with the CNAME? Shouldn't this be automatically set up? I have DynDNS deactivated for the subdomain and I realized that the IP differs from the main domain. I would assume they are the same. I am still being greeted with the Strato landing page on the subdomain, so the proxy doesn't seem to work. The certificate for my main domain also is not trusted by Firefox today and it points to my router's WebUI. Yesterday this still worked. Really hard to set this up. DuckDNS was so straight-forward.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@nevyen commented on GitHub (Apr 12, 2024):

@jclsn for each subdomain you must set the CNAME to the domain you registered in your routers dyndns.
Then the subdomain will automaticly get the ip from the "main" domain.

Referr to https://www.strato.de/faq/domains/wie-kann-ich-bei-strato-meine-dns-eintraege-verwalten/#cname

<!-- gh-comment-id:2051095525 --> @nevyen commented on GitHub (Apr 12, 2024): @jclsn for each subdomain you must set the CNAME to the domain you registered in your routers dyndns. Then the subdomain will automaticly get the ip from the "main" domain. Referr to https://www.strato.de/faq/domains/wie-kann-ich-bei-strato-meine-dns-eintraege-verwalten/#cname

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@FlixMa commented on GitHub (Apr 12, 2024):

@jclsn Its not about your proxy not working, but rather a wrong configuration in your strato package. Each subdomain can point to a different server, thus strato allowing you to assign different IPs to each subdomain.

If you just need them to all point to the same server (e.g. your npm instance) than you can either set up your router to supply dyndns for all your subdomains or just use CNAME records in your primary domain. CNAME stands for canonical name and are basically the DNS way of saying „this is an alias for that“.

<!-- gh-comment-id:2051097884 --> @FlixMa commented on GitHub (Apr 12, 2024): @jclsn Its not about your proxy not working, but rather a wrong configuration in your strato package. Each subdomain can point to a different server, thus strato allowing you to assign different IPs to each subdomain. If you just need them to all point to the same server (e.g. your npm instance) than you can either set up your router to supply dyndns for all your subdomains or just use CNAME records in your primary domain. CNAME stands for canonical name and are basically the DNS way of saying „this is an alias for that“.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 12, 2024):

The link you sent me is an A-record, where I should enter an IP, although I don't understand how this would work with DynDNS. Afaik the IP changes from time to time.

I looked at changing the CNAME, but it doesn't accept maindomain.de. Calling the Strato support now. I just wonder why the proxy for the main domain is not working anymore. This is probably a configuration issue with NPM. My DuckDNS proxies are still active and working though.

<!-- gh-comment-id:2051105424 --> @jclsn commented on GitHub (Apr 12, 2024): The link you sent me is an A-record, where I should enter an IP, although I don't understand how this would work with DynDNS. Afaik the IP changes from time to time. I looked at changing the CNAME, but it doesn't accept maindomain.de. Calling the Strato support now. I just wonder why the proxy for the main domain is not working anymore. This is probably a configuration issue with NPM. My DuckDNS proxies are still active and working though.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 12, 2024):

So I added maindomain.de. as CNAME and now the FritzBox is complaining about DNS Rebind protection. The Strato customer support didn't know how to help me :D Guess they only have qualified support for corporate customers.

<!-- gh-comment-id:2051129283 --> @jclsn commented on GitHub (Apr 12, 2024): So I added maindomain.de. as CNAME and now the FritzBox is complaining about DNS Rebind protection. The Strato customer support didn't know how to help me :D Guess they only have qualified support for corporate customers.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 12, 2024):

I just realized it works correctly from outside my network. Just tried it with my phone. As soon as I connect to the wifi thoug, the maindomain.de is showing me the router's web ui and the subdomains gives me the rebind protection warning.

<!-- gh-comment-id:2051138991 --> @jclsn commented on GitHub (Apr 12, 2024): I just realized it works correctly from outside my network. Just tried it with my phone. As soon as I connect to the wifi thoug, the maindomain.de is showing me the router's web ui and the subdomains gives me the rebind protection warning.

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@tbreitha commented on GitHub (Apr 12, 2024):

I gave up with Strato DNS plugin. I kept my domain with Strato but moved the DNS Records off to a free Account on Cloudflare. Now the certs incl. wildcard working without any issues also renewing them is not a problem anymore.
Cheers
Tom

<!-- gh-comment-id:2051161257 --> @tbreitha commented on GitHub (Apr 12, 2024): I gave up with Strato DNS plugin. I kept my domain with Strato but moved the DNS Records off to a free Account on Cloudflare. Now the certs incl. wildcard working without any issues also renewing them is not a problem anymore. Cheers Tom

kerem commented 2026-02-26 06:35:10 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Apr 12, 2024):

Ha, I made it! Seems like you can't use the DynDNS in the FritzBox. Using ddclient works much better!

So here is what I did:

1. Update the certbot-dns-strato plugin to 0.2.1 as mentioned above
2. In your Strato account: Create all you subdomains and don't activate DynDNS for them
3. In your Strato account: Go to subdomain configuration -> DNS configuration -> CNAME-Record -> enter "mydomain.de." including the last dot and save
4. For DynDNS: I had no luck with doing it directly on the FritzBox, as I could only access the website from outside my network. So I used ddclient. Download the ddclient package to your Linux server and use the template posted here to set it up. Just running ddclient and following the instructions will probably also work. SSL will not work with checkip.dyndns.org, so use ssl=no (see). Use your DynDNS credentials here!
5. Create your wildcard certificate in NPM using your Strato account credentials, not your DynDNS credentials!
6. Create your proxies for your subdomains and add the wildcard certificate
7. Don't forget to open ports 80 and 443 for your server on your router to make NPM reachable from outside your network!

<!-- gh-comment-id:2051830850 --> @jclsn commented on GitHub (Apr 12, 2024): Ha, I made it! Seems like you can't use the DynDNS in the FritzBox. Using ddclient works much better! So here is what I did: 1. Update the ``certbot-dns-strato`` plugin to 0.2.1 as mentioned above 2. In your Strato account: Create all you subdomains and don't activate DynDNS for them 3. In your Strato account: Go to subdomain configuration -> DNS configuration -> CNAME-Record -> enter "mydomain.de." including the last dot and save 4. For DynDNS: I had no luck with doing it directly on the FritzBox, as I could only access the website from outside my network. So I used ``ddclient``. Download the ``ddclient`` package to your Linux server and use the template posted [here](https://www.guido-schenk.de/webserver/dyndns-mit-linux-homeserver-ddclient-und-strato-nutzen/) to set it up. Just running ``ddclient`` and following the instructions will probably also work. SSL will not work with ``checkip.dyndns.org``, so use ``ssl=no`` ([see](https://github.com/ddclient/ddclient/issues/597)). Use your DynDNS credentials here! 5. Create your wildcard certificate in NPM using your Strato account credentials, not your DynDNS credentials! 6. Create your proxies for your subdomains and add the wildcard certificate 7. Don't forget to open ports 80 and 443 for your server on your router to make NPM reachable from outside your network!

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (May 2, 2024):

When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here?

Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1

Full log of issue

2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-52', '--agree-tos', '--email', 'webmaster@domain.de', '--domains', 'domain.de', '--authenticator', 'dns-strato', '--dns-strato-credentials', '/etc/letsencrypt/credentials/credentials-52']
2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-duckdns,PluginEntryPoint#dns-porkbun,PluginEntryPoint#dns-strato,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-05-02 16:18:38,619:DEBUG:certbot._internal.log:Root logging level set at 30
2024-05-02 16:18:38,619:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-strato and installer None
2024-05-02 16:18:38,620:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-strato
Description: Obtain certificates using a DNS TXT record (if you are using Strato for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-strato = certbot_dns_strato.dns_strato:Authenticator
Initialized: <certbot_dns_strato.dns_strato.Authenticator object at 0x7e703bb94090>
Prep: True
2024-05-02 16:18:38,620:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_strato.dns_strato.Authenticator object at 0x7e703bb94090> and installer None
2024-05-02 16:18:38,620:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-strato, Installer None
2024-05-02 16:18:38,658:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1598501227', new_authzr_uri=None, terms_of_service=None), 307c450e4e4c8df29a05c7f1e282d970, Meta(creation_dt=datetime.datetime(2024, 3, 2, 14, 50, 24, tzinfo=<UTC>), creation_host='reverse-proxy.localdomain', register_to_eff=None))>
2024-05-02 16:18:38,658:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-05-02 16:18:39,085:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 14:18:39 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "OCi65trDFA8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-05-02 16:18:39,086:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for domain.de
2024-05-02 16:18:39,097:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0064_key-certbot.pem
2024-05-02 16:18:39,107:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0064_csr-certbot.pem
2024-05-02 16:18:39,110:DEBUG:acme.client:Requesting fresh nonce
2024-05-02 16:18:39,111:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-05-02 16:18:39,251:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 14:18:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDIUYo_tvD0qKgcSxmqX1tK9R_NX45BGoQ8WT4UCWOsn-U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-05-02 16:18:39,252:DEBUG:acme.client:Storing nonce: O0afatDIUYo_tvD0qKgcSxmqX1tK9R_NX45BGoQ8WT4UCWOsn-U
2024-05-02 16:18:39,252:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.de"\n    }\n  ]\n}'
2024-05-02 16:18:39,260:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5ODUwMTIyNyIsICJub25jZSI6ICJPMGFmYXRESVVZb190dkQwcUtnY1N4bXFYMXRLOVJfTlg0NUJHb1E4V1Q0VUNXT3NuLVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "TNaLqp0iX0oneAfzg9KFPB5WFMIwk-983BR1hw2ProTI74Str79_tfoXWjx40wIBPFiIG5eQkohC93KrX6iPNFIo9se4OlTJwpYxolUYDehXtyY6yULfpOMXQBcDUxkUARB0cW5ERoyRVz16CHi8oiCxOkYGRwB3St_EOPCYPKNAxAiRSjT-hb4ONIe_9iSRcgeDBGfqwrp104cRnNJB9qVPVOCpqtoM9WzX5pF9TIY6pKI-uX47FPQR9fcZ3_lbFm53a5Iz9Byt7_Bav1wKvZmZf_noK3u66AAHMjSg05bb3hqS2FoJqR1TB0Kc4YIPF_BSX_3CA-ronONwE4dfhA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvbGV3aWVuc2tpLmRlIgogICAgfQogIF0KfQ"
}
2024-05-02 16:18:39,414:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 02 May 2024 14:18:39 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 1598501227
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1598501227/265980151337
Replay-Nonce: Y_7AIQuUkd3e3_rcDcX4pgPvzO4_O7YtbF9-GNnBAG3kkijVcoA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-05-09T14:10:50Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "domain.de"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/345790981617"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1598501227/265980151337"
}
2024-05-02 16:18:39,415:DEBUG:acme.client:Storing nonce: Y_7AIQuUkd3e3_rcDcX4pgPvzO4_O7YtbF9-GNnBAG3kkijVcoA
2024-05-02 16:18:39,415:DEBUG:acme.client:JWS payload:
b''
2024-05-02 16:18:39,417:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/345790981617:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5ODUwMTIyNyIsICJub25jZSI6ICJZXzdBSVF1VWtkM2UzX3JjRGNYNHBnUHZ6TzRfTzdZdGJGOS1HTm5CQUcza2tpalZjb0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0NTc5MDk4MTYxNyJ9",
  "signature": "PNZq4tTE50GX_sy3ClPHI4W9tjzlHLWdvZEpCcHHVUfNxTFCGFPXQNLV-XApHrRlhytrTU6GhuVR7l378zqCOV2z4r5nXQe75t0ZqEeHJ-HE70PGhV6uD3bdpNhKdGSpZ4jmEV50oWUpWEL_AG-WjJx4E_5KV5BC3Xlno-0i9OYRlQqTmi4eki2_8NQAmJMfZliUoqiukSLyuLk126OJqGVdhiiF7Q2G4i36e1VH9VbyadoLbtfv3OAn87dJjpFJM_TBVb2X9HsA_0NnUIFp8YTYOimmRRA4--PZdlFfND0KSR4TdPlDeQoiKnlAJ-fVeA7eXyvybYqYJwyONpUWZw",
  "payload": ""
}
2024-05-02 16:18:39,553:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 14:18:39 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1598501227
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.de"
  },
  "status": "pending",
  "expires": "2024-05-09T14:10:50Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/e0m2DA",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/coLV5g",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/2sm9nQ",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    }
  ]
}
2024-05-02 16:18:39,553:DEBUG:acme.client:Storing nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk
2024-05-02 16:18:39,554:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-05-02 16:18:39,555:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.de

EDIT:
Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both.

.de-challenges

HTTP 200
Server: nginx
Date: Thu, 02 May 2024 14:18:39 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1598501227
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.de"
  },
  "status": "pending",
  "expires": "2024-05-09T14:10:50Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/e0m2DA",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/coLV5g",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/2sm9nQ",
      "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak"
    }
  ]
}
2024-05-02 16:18:39,553:DEBUG:acme.client:Storing nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk
2024-05-02 16:18:39,554:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-05-02 16:18:39,555:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.de

.com challenges

HTTP 200
Server: nginx
Date: Thu, 02 May 2024 15:07:11 GMT
Content-Type: application/json
Content-Length: 572
Connection: keep-alive
Boulder-Requester: 1598501227
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDIdLAdBXwvNoaYXhbL05VSQ_hxdNdTa93qwsZcu146X04
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.com"
  },
  "status": "valid",
  "expires": "2024-06-01T14:08:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345789827577/3hjyKg",
      "token": "YIgmMMYgKo7si214ERMxND-lVFb80uxq2TIMyoeHJ4k",
      "validationRecord": [
        {
          "hostname": "domain.com",
          "resolverAddrs": [
            "10.1.12.85:30182"
          ]
        }
      ],
      "validated": "2024-05-02T14:08:39Z"
    }
  ]
}

<!-- gh-comment-id:2090648567 --> @mwLabs-eu commented on GitHub (May 2, 2024): When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here? Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1 <details><summary>Full log of issue</summary> <p> ```bash 2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:certbot version: 2.1.0 2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-52', '--agree-tos', '--email', 'webmaster@domain.de', '--domains', 'domain.de', '--authenticator', 'dns-strato', '--dns-strato-credentials', '/etc/letsencrypt/credentials/credentials-52'] 2024-05-02 16:18:38,612:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-duckdns,PluginEntryPoint#dns-porkbun,PluginEntryPoint#dns-strato,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-05-02 16:18:38,619:DEBUG:certbot._internal.log:Root logging level set at 30 2024-05-02 16:18:38,619:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-strato and installer None 2024-05-02 16:18:38,620:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-strato Description: Obtain certificates using a DNS TXT record (if you are using Strato for DNS). Interfaces: Authenticator, Plugin Entry point: dns-strato = certbot_dns_strato.dns_strato:Authenticator Initialized: <certbot_dns_strato.dns_strato.Authenticator object at 0x7e703bb94090> Prep: True 2024-05-02 16:18:38,620:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_strato.dns_strato.Authenticator object at 0x7e703bb94090> and installer None 2024-05-02 16:18:38,620:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-strato, Installer None 2024-05-02 16:18:38,658:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1598501227', new_authzr_uri=None, terms_of_service=None), 307c450e4e4c8df29a05c7f1e282d970, Meta(creation_dt=datetime.datetime(2024, 3, 2, 14, 50, 24, tzinfo=<UTC>), creation_host='reverse-proxy.localdomain', register_to_eff=None))> 2024-05-02 16:18:38,658:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2024-05-02 16:18:39,085:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 02 May 2024 14:18:39 GMT Content-Type: application/json Content-Length: 747 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "OCi65trDFA8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2024-05-02 16:18:39,086:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for domain.de 2024-05-02 16:18:39,097:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0064_key-certbot.pem 2024-05-02 16:18:39,107:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0064_csr-certbot.pem 2024-05-02 16:18:39,110:DEBUG:acme.client:Requesting fresh nonce 2024-05-02 16:18:39,111:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2024-05-02 16:18:39,251:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 02 May 2024 14:18:39 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O0afatDIUYo_tvD0qKgcSxmqX1tK9R_NX45BGoQ8WT4UCWOsn-U X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2024-05-02 16:18:39,252:DEBUG:acme.client:Storing nonce: O0afatDIUYo_tvD0qKgcSxmqX1tK9R_NX45BGoQ8WT4UCWOsn-U 2024-05-02 16:18:39,252:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "domain.de"\n }\n ]\n}' 2024-05-02 16:18:39,260:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5ODUwMTIyNyIsICJub25jZSI6ICJPMGFmYXRESVVZb190dkQwcUtnY1N4bXFYMXRLOVJfTlg0NUJHb1E4V1Q0VUNXT3NuLVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "TNaLqp0iX0oneAfzg9KFPB5WFMIwk-983BR1hw2ProTI74Str79_tfoXWjx40wIBPFiIG5eQkohC93KrX6iPNFIo9se4OlTJwpYxolUYDehXtyY6yULfpOMXQBcDUxkUARB0cW5ERoyRVz16CHi8oiCxOkYGRwB3St_EOPCYPKNAxAiRSjT-hb4ONIe_9iSRcgeDBGfqwrp104cRnNJB9qVPVOCpqtoM9WzX5pF9TIY6pKI-uX47FPQR9fcZ3_lbFm53a5Iz9Byt7_Bav1wKvZmZf_noK3u66AAHMjSg05bb3hqS2FoJqR1TB0Kc4YIPF_BSX_3CA-ronONwE4dfhA", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvbGV3aWVuc2tpLmRlIgogICAgfQogIF0KfQ" } 2024-05-02 16:18:39,414:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 02 May 2024 14:18:39 GMT Content-Type: application/json Content-Length: 340 Connection: keep-alive Boulder-Requester: 1598501227 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/1598501227/265980151337 Replay-Nonce: Y_7AIQuUkd3e3_rcDcX4pgPvzO4_O7YtbF9-GNnBAG3kkijVcoA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2024-05-09T14:10:50Z", "identifiers": [ { "type": "dns", "value": "domain.de" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/345790981617" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1598501227/265980151337" } 2024-05-02 16:18:39,415:DEBUG:acme.client:Storing nonce: Y_7AIQuUkd3e3_rcDcX4pgPvzO4_O7YtbF9-GNnBAG3kkijVcoA 2024-05-02 16:18:39,415:DEBUG:acme.client:JWS payload: b'' 2024-05-02 16:18:39,417:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/345790981617: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5ODUwMTIyNyIsICJub25jZSI6ICJZXzdBSVF1VWtkM2UzX3JjRGNYNHBnUHZ6TzRfTzdZdGJGOS1HTm5CQUcza2tpalZjb0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0NTc5MDk4MTYxNyJ9", "signature": "PNZq4tTE50GX_sy3ClPHI4W9tjzlHLWdvZEpCcHHVUfNxTFCGFPXQNLV-XApHrRlhytrTU6GhuVR7l378zqCOV2z4r5nXQe75t0ZqEeHJ-HE70PGhV6uD3bdpNhKdGSpZ4jmEV50oWUpWEL_AG-WjJx4E_5KV5BC3Xlno-0i9OYRlQqTmi4eki2_8NQAmJMfZliUoqiukSLyuLk126OJqGVdhiiF7Q2G4i36e1VH9VbyadoLbtfv3OAn87dJjpFJM_TBVb2X9HsA_0NnUIFp8YTYOimmRRA4--PZdlFfND0KSR4TdPlDeQoiKnlAJ-fVeA7eXyvybYqYJwyONpUWZw", "payload": "" } 2024-05-02 16:18:39,553:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 02 May 2024 14:18:39 GMT Content-Type: application/json Content-Length: 798 Connection: keep-alive Boulder-Requester: 1598501227 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "domain.de" }, "status": "pending", "expires": "2024-05-09T14:10:50Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/e0m2DA", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/coLV5g", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/2sm9nQ", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" } ] } 2024-05-02 16:18:39,553:DEBUG:acme.client:Storing nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk 2024-05-02 16:18:39,554:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-05-02 16:18:39,555:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.de ``` </p> </details> **EDIT:** Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both. <details><summary>.de-challenges</summary> <p> ```bash HTTP 200 Server: nginx Date: Thu, 02 May 2024 14:18:39 GMT Content-Type: application/json Content-Length: 798 Connection: keep-alive Boulder-Requester: 1598501227 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "domain.de" }, "status": "pending", "expires": "2024-05-09T14:10:50Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/e0m2DA", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/coLV5g", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345790981617/2sm9nQ", "token": "-4gozKMezPVXlBOFkulRMXBDmxXUlwEYdnkEjx8gSak" } ] } 2024-05-02 16:18:39,553:DEBUG:acme.client:Storing nonce: O0afatDI0RLN73rcITo_-Hrn3IjJ_80RKuQsTqncpUMtaf7q9jk 2024-05-02 16:18:39,554:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-05-02 16:18:39,555:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.de ``` </p> </details> <details><summary>.com challenges</summary> <p> ```bash HTTP 200 Server: nginx Date: Thu, 02 May 2024 15:07:11 GMT Content-Type: application/json Content-Length: 572 Connection: keep-alive Boulder-Requester: 1598501227 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O0afatDIdLAdBXwvNoaYXhbL05VSQ_hxdNdTa93qwsZcu146X04 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "domain.com" }, "status": "valid", "expires": "2024-06-01T14:08:39Z", "challenges": [ { "type": "dns-01", "status": "valid", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345789827577/3hjyKg", "token": "YIgmMMYgKo7si214ERMxND-lVFb80uxq2TIMyoeHJ4k", "validationRecord": [ { "hostname": "domain.com", "resolverAddrs": [ "10.1.12.85:30182" ] } ], "validated": "2024-05-02T14:08:39Z" } ] } ``` </p> </details>

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@markist commented on GitHub (Jul 20, 2024):

When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here?

Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1
Full log of issue

EDIT: Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both.
.de-challenges
.com challenges

Did you finally resolve this for .de domains? Having the same issue here

<!-- gh-comment-id:2241041157 --> @markist commented on GitHub (Jul 20, 2024): > When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here? > > Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1 > Full log of issue > > **EDIT:** Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both. > .de-challenges > .com challenges Did you finally resolve this for .de domains? Having the same issue here

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@mwLabs-eu commented on GitHub (Jul 20, 2024):

When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here?

Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1

Full log of issue

EDIT: Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both.

.de-challenges

.com challenges

Did you finally resolve this for .de domains? Having the same issue here

Unfortunately not. There where some recommendations later, but i switched to zoraxy in the meanwhile and never looked back. Wildcard ist there not possible for strato but tested it and it looked good.
Maybe i will try NPM again in the future.

Edit: Check this out, if Both of your Domains are in the Same Package, it could be this issue. So updating the cert it Plugin to 0.2.2 should fix it.

https://github.com/FlixMa/certbot-dns-strato/issues/3

<!-- gh-comment-id:2241043147 --> @mwLabs-eu commented on GitHub (Jul 20, 2024): > > When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here? > > > > > > Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1 > > > Full log of issue > > > > > > **EDIT:** Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both. > > > .de-challenges > > > .com challenges > > > > Did you finally resolve this for .de domains? Having the same issue here Unfortunately not. There where some recommendations later, but i switched to zoraxy in the meanwhile and never looked back. Wildcard ist there not possible for strato but tested it and it looked good. Maybe i will try NPM again in the future. Edit: Check this out, if Both of your Domains are in the Same Package, it could be this issue. So updating the cert it Plugin to 0.2.2 should fix it. https://github.com/FlixMa/certbot-dns-strato/issues/3

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (Jul 20, 2024):

With Strato I could solve by adding mydomain.de. as CNAMEAm 20.07.2024 um 09:20 schrieb markist @.***>:

When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here?
Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1
Full log of issue
EDIT: Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both.
.de-challenges
.com challenges

Did you finally resolve this for .de domains? Having the same issue here

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

<!-- gh-comment-id:2241053180 --> @jclsn commented on GitHub (Jul 20, 2024): With Strato I could solve by adding mydomain.de. as CNAMEAm 20.07.2024 um 09:20 schrieb markist ***@***.***>: When requesting wildcard certificates for my .de domain, i´m still running into issues. The cert request just aborts, with no visible error message. This problem only comes up for .de domains, found my .com and .eu domains from same strato account are working fine. Any idea, what could block me here? Using Nginx Proxy Manager v2.11.1, certbot-dns-strato v0.2.1 Full log of issue EDIT: Only difference i found is, that .de domain is trying way more challenges and stays on status "pending" compared to .com. But all domais are routed to my homelab via dyndns and can be used/pinged & i have used the exact same credentials for both. .de-challenges .com challenges Did you finally resolve this for .de domains? Having the same issue here —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@noname1001 commented on GitHub (Aug 17, 2024):

This worked for me

Instruction

1. set up a 2fa device in strato web interface
2. go to nginx proxy manager web interface
3. add ssl certificate
4. 

Credentials File Content

dns_strato_username = strato customer number
dns_strato_password = strato password
dns_strato_totp_devicename = 2fa_device
dns_strato_totp_secret = 2fa_secret

for example

dns_strato_username = 12345678
dns_strato_password = supersecret
dns_strato_totp_devicename = iPhone
dns_strato_totp_secret = ASHUQW12237811ZHRW109EJDE92HCEHH

Result

<!-- gh-comment-id:2294754881 --> @noname1001 commented on GitHub (Aug 17, 2024): This worked for me ## Instruction 1. set up a 2fa device in [strato web interface](https://www.strato.de/faq/sicherheit/zwei-faktor-authentifizierung-einstellen/#:~:text=Unter%20“Ihre%20Kundendaten”%20finden%20Sie,eine%20der%20verlinkten%20Apps%20herunter.) 2. go to nginx proxy manager web interface 3. add ssl certificate 4. <img width="418" alt="image" src="https://github.com/user-attachments/assets/dc509d2c-2076-45b0-9e9d-26140dc3204d"> Credentials File Content ``` dns_strato_username = strato customer number dns_strato_password = strato password dns_strato_totp_devicename = 2fa_device dns_strato_totp_secret = 2fa_secret ``` for example ``` dns_strato_username = 12345678 dns_strato_password = supersecret dns_strato_totp_devicename = iPhone dns_strato_totp_secret = ASHUQW12237811ZHRW109EJDE92HCEHH ``` ## Result <img width="1027" alt="Bildschirmfoto 2024-08-17 um 09 30 35" src="https://github.com/user-attachments/assets/e87d5a96-619a-4452-ad13-326faa6ca23b">

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@flyingToast3r commented on GitHub (Aug 30, 2024):

with activated 2FA certificate requests for subdomains or wildcards cause errors. Disabled 2FA "solves" the problem :)
error:
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Encountered exception during recovery: binascii.Error: Non-base32 digit found An unexpected error occurred: binascii.Error: Non-base32 digit found Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

<!-- gh-comment-id:2321125220 --> @flyingToast3r commented on GitHub (Aug 30, 2024): with activated 2FA certificate requests for subdomains or wildcards cause errors. Disabled 2FA "solves" the problem :) error: ` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Encountered exception during recovery: binascii.Error: Non-base32 digit found An unexpected error occurred: binascii.Error: Non-base32 digit found Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. ` ` at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) `

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@djtomybcn commented on GitHub (Sep 3, 2024):

Hi!
If I try to get the cert for mydomain.com working without problems.
But if I try to get the cert for *.mydomain.com i get this error:

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:519:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5)

I can see that I'm been using the version certbot-dns-strato==0.2.2

I have to configure something in strato?

Thanks in advance!

<!-- gh-comment-id:2327084786 --> @djtomybcn commented on GitHub (Sep 3, 2024): Hi! If I try to get the cert for mydomain.com working without problems. But if I try to get the cert for *.mydomain.com i get this error: ` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:519:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) ` I can see that I'm been using the version certbot-dns-strato==0.2.2 I have to configure something in strato? Thanks in advance!

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@djtomybcn commented on GitHub (Sep 11, 2024):

Finally I get my wildcard certificate after some attemtps. I think I just had to wait a few hours becouse is a new domain. Thanks!

For use this wildcard to subdomains like sub1.mydomain.com I have to configure something in stratos? Becouse it's not working 🙄 the one I generated for duckdns I didn't have to do anything and works.

<!-- gh-comment-id:2344085672 --> @djtomybcn commented on GitHub (Sep 11, 2024): Finally I get my wildcard certificate after some attemtps. I think I just had to wait a few hours becouse is a new domain. Thanks! For use this wildcard to subdomains like sub1.mydomain.com I have to configure something in stratos? Becouse it's not working 🙄 the one I generated for duckdns I didn't have to do anything and works.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@Loman0815 commented on GitHub (Sep 27, 2024):

Had to set up a new machine with npm and ran into some problems when using certbot-dns-strato==0.2.1

Updating to version 0.2.2 fixed it

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.2 --break-system-packages
6. cd global/
7. nano certbot-dns-plugins.json
8. change the version from Strato 0.2.1 to 0.2.2 and save it
9. restart the container
10. Request a new Wildcard within NPM

Im using 2FA as described by noname1001

<!-- gh-comment-id:2378735815 --> @Loman0815 commented on GitHub (Sep 27, 2024): Had to set up a new machine with npm and ran into some problems when using certbot-dns-strato==0.2.1 Updating to version 0.2.2 fixed it > 1. exec in to the container > 2. apt update > 3. apt install pip > 4. apt install nano > 5. pip install certbot-dns-strato==0.2.2 --break-system-packages > 6. cd global/ > 7. nano certbot-dns-plugins.json > 8. change the version from Strato 0.2.1 to 0.2.2 and save it > 9. restart the container > 10. Request a new Wildcard within NPM Im using 2FA as [described](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1154#issuecomment-2294754881) by noname1001 

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@Trust996 commented on GitHub (Jan 9, 2025):

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.2 --break-system-packages
6. cd global/
7. nano certbot-dns-plugins.json
8. change the version from Strato 0.2.1 to 0.2.2 and save it
9. restart the container
10. Request a new Wildcard within NPM

This solution worked immediately for me. Thank you very much. What happens when there is a new version of the container? Do I have to perform this customization again after each pull?
Thanks

<!-- gh-comment-id:2580429174 --> @Trust996 commented on GitHub (Jan 9, 2025): > > 1. exec in to the container > > 2. apt update > > 3. apt install pip > > 4. apt install nano > > 5. pip install certbot-dns-strato==0.2.2 --break-system-packages > > 6. cd global/ > > 7. nano certbot-dns-plugins.json > > 8. change the version from Strato 0.2.1 to 0.2.2 and save it > > 9. restart the container > > 10. Request a new Wildcard within NPM > This solution worked immediately for me. Thank you very much. What happens when there is a new version of the container? Do I have to perform this customization again after each pull? Thanks

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@timkolloch commented on GitHub (Jan 10, 2025):

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.2 --break-system-packages
6. cd global/
7. nano certbot-dns-plugins.json
8. change the version from Strato 0.2.1 to 0.2.2 and save it
9. restart the container
10. Request a new Wildcard within NPM

This solution worked immediately for me. Thank you very much. What happens when there is a new version of the container? Do I have to perform this customization again after each pull? Thanks

Yes, if the package version is not updated in the next image the modification has to be done again.

<!-- gh-comment-id:2583197774 --> @timkolloch commented on GitHub (Jan 10, 2025): > > > 1. exec in to the container > > > 2. apt update > > > 3. apt install pip > > > 4. apt install nano > > > 5. pip install certbot-dns-strato==0.2.2 --break-system-packages > > > 6. cd global/ > > > 7. nano certbot-dns-plugins.json > > > 8. change the version from Strato 0.2.1 to 0.2.2 and save it > > > 9. restart the container > > > 10. Request a new Wildcard within NPM > > This solution worked immediately for me. Thank you very much. What happens when there is a new version of the container? Do I have to perform this customization again after each pull? Thanks Yes, if the package version is not updated in the next image the modification has to be done again.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@Bl4cksus commented on GitHub (May 6, 2025):

Is this still functional? I installed strato certbot to 0.2.2 and updated the .json as mentioned. However, I always get
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5)

in NPM.
The logfile gives me no error indicators.

<!-- gh-comment-id:2854477331 --> @Bl4cksus commented on GitHub (May 6, 2025): Is this still functional? I installed strato certbot to 0.2.2 and updated the .json as mentioned. However, I always get `CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5)` in NPM. The logfile gives me no error indicators.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@jclsn commented on GitHub (May 6, 2025):

No idea. I moved to Ionos some time ago, because they have better domain packages with almost unlimited subdomains.

<!-- gh-comment-id:2854752395 --> @jclsn commented on GitHub (May 6, 2025): No idea. I moved to Ionos some time ago, because they have better domain packages with almost unlimited subdomains.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@TheCrimsonLady commented on GitHub (May 9, 2025):

Just tried it with NPM 2.12.3 and can confirm it works with @Loman0815 's guide:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.2 --break-system-packages
6. cd global/
7. nano certbot-dns-plugins.json
8. change the version from Strato 0.2.1 to 0.2.2 and save it
9. restart the container
10. Request a new Wildcard within NPM

Im using 2FA as described by noname1001

<!-- gh-comment-id:2866460482 --> @TheCrimsonLady commented on GitHub (May 9, 2025): Just tried it with NPM 2.12.3 and can confirm it works with @Loman0815 's guide: > 1. exec in to the container > 2. apt update > 3. apt install pip > 4. apt install nano > 5. pip install certbot-dns-strato==0.2.2 --break-system-packages > 6. cd global/ > 7. nano certbot-dns-plugins.json > 8. change the version from Strato 0.2.1 to 0.2.2 and save it > 9. restart the container > 10. Request a new Wildcard within NPM > > Im using 2FA as [described](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1154#issuecomment-2294754881) by noname1001 > > 

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@lvanbuiten commented on GitHub (Jul 2, 2025):

I installed NPM 2.12.4, which already contains certbot-dns-strato==0.2.2 in the certbot-dns-plugins.json but i'm still getting this error:

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:524:28)
    at maybeClose (node:internal/child_process:1104:16)
    at ChildProcess._handle.onexit (node:internal/child_process:304:5)

Certbot logs:

2025-07-02 09:46:25,692:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-07-02 09:46:25,692:INFO:certbot._internal.auth_handler:dns-01 challenge for <DOMAIN>.nl
2025-07-02 09:46:25,696:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.nl:443
2025-07-02 09:46:25,866:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-07-02 09:46:25,910:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-07-02 09:46:26,362:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "POST /apps/CustomerService HTTP/1.1" 200 None
[root@docker-610d697ca41f:/tmp/letsencrypt-log]# 

I did notice that Strato has updated their UI, perhaps that could (also) be an issue?

<!-- gh-comment-id:3026871807 --> @lvanbuiten commented on GitHub (Jul 2, 2025): I installed NPM 2.12.4, which already contains `certbot-dns-strato==0.2.2` in the `certbot-dns-plugins.json` but i'm still getting this error: ``` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) ``` Certbot logs: ``` 2025-07-02 09:46:25,692:INFO:certbot._internal.auth_handler:Performing the following challenges: 2025-07-02 09:46:25,692:INFO:certbot._internal.auth_handler:dns-01 challenge for <DOMAIN>.nl 2025-07-02 09:46:25,696:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.nl:443 2025-07-02 09:46:25,866:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-07-02 09:46:25,910:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-07-02 09:46:26,362:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "POST /apps/CustomerService HTTP/1.1" 200 None [root@docker-610d697ca41f:/tmp/letsencrypt-log]# ``` I did notice that Strato has updated their UI, perhaps that could (also) be an issue?

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@Fischje commented on GitHub (Jul 5, 2025):

Need help with that. Activated 2FA in webinterface * works with the certbot not ?!?

<!-- gh-comment-id:3038495682 --> @Fischje commented on GitHub (Jul 5, 2025): <img width="377" height="848" alt="Image" src="https://github.com/user-attachments/assets/681e27c1-b027-484b-86c0-670fc41f9d4a" /> Need help with that. Activated 2FA in webinterface * works with the certbot not ?!? <img width="332" height="76" alt="Image" src="https://github.com/user-attachments/assets/366ef4f8-05da-4ea2-b6e1-797385cc9d9b" />

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@noname1001 commented on GitHub (Jul 7, 2025):

@Fischje can you post your Credentials File Content / Inhalt der Berechtigungsnachweisdatei without any personal information.

for example

dns_strato_username = not readable content
dns_strato_password = not readable content
..

It seems to me that there is a = missing between dns_strato_totp_devicename and npm and maybe there are more mistakes I cannot see.

<!-- gh-comment-id:3043523845 --> @noname1001 commented on GitHub (Jul 7, 2025): @Fischje can you post your `Credentials File Content` / `Inhalt der Berechtigungsnachweisdatei` without any personal information. for example dns_strato_username = not readable content dns_strato_password = not readable content .. It seems to me that there is a `=` missing between `dns_strato_totp_devicename` and `npm` and maybe there are more mistakes I cannot see.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@sil1902 commented on GitHub (Jul 18, 2025):

Sadly I have the same problem. And then it says "internal error" in the ui. I tried it with and wihout 2AF but no chance to get it running.

2025-07-18 11:16:43,575:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-07-18 11:16:43,575:INFO:certbot._internal.auth_handler:dns-01 challenge for <my.domain>
2025-07-18 11:16:43,576:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.de:443
2025-07-18 11:16:43,689:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-07-18 11:16:43,720:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-07-18 11:16:43,755:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "POST /apps/CustomerService HTTP/1.1" 200 None

<!-- gh-comment-id:3088759294 --> @sil1902 commented on GitHub (Jul 18, 2025): Sadly I have the same problem. And then it says "internal error" in the ui. I tried it with and wihout 2AF but no chance to get it running. ``` 2025-07-18 11:16:43,575:INFO:certbot._internal.auth_handler:Performing the following challenges: 2025-07-18 11:16:43,575:INFO:certbot._internal.auth_handler:dns-01 challenge for <my.domain> 2025-07-18 11:16:43,576:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.de:443 2025-07-18 11:16:43,689:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-07-18 11:16:43,720:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-07-18 11:16:43,755:DEBUG:urllib3.connectionpool:https://www.strato.de:443 "POST /apps/CustomerService HTTP/1.1" 200 None ```

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@shinzoke commented on GitHub (Jul 25, 2025):

Same thing here... creating a wildcard cert trows an error

<!-- gh-comment-id:3117484877 --> @shinzoke commented on GitHub (Jul 25, 2025): Same thing here... creating a wildcard cert trows an error

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@noname1001 commented on GitHub (Jul 27, 2025):

I don't have any problems. Manually and automatically renewing my (wildcard) certificates works fine.

<!-- gh-comment-id:3124450126 --> @noname1001 commented on GitHub (Jul 27, 2025): I don't have any problems. Manually and automatically renewing my (wildcard) certificates works fine. <img width="1166" height="310" alt="Image" src="https://github.com/user-attachments/assets/467ffe02-f9b4-40b9-88aa-4380a945d2fd" /> <img width="1178" height="453" alt="Image" src="https://github.com/user-attachments/assets/ca23d986-a8e6-4236-9bc2-259bdf017a46" />

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@sndstone commented on GitHub (Aug 3, 2025):

Seems that I have the same error running the install in nginx proxy manager or manually with certbot-dns-strato:

Plugins selected: Authenticator dns-strato, Installer None
Requesting a certificate for *.domain.nl
Performing the following challenges:
dns-01 challenge for domain.nl
https://www.strato.nl:443/apps/CustomerService
https://www.strato.nl:443/apps/CustomerService
INFO: 2FA is not used.
https://www.strato.nl:443/apps/CustomerService
ERROR: Strato login not accepted.

Letscrypt logs (which seems to look the same for nginx proxy manager as for certbot-dns-strato):
2025-08-03 22:02:05,463:DEBUG:acme.client:Storing nonce: s8fHADmcwpwL1aeWertathaDcgV3u-_o37874kkOst7x-ts24h05XxE5f
2025-08-03 22:02:05,463:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-08-03 22:02:05,463:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.nl
2025-08-03 22:02:05,465:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.nl:443
2025-08-03 22:02:05,611:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-08-03 22:02:05,655:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None
2025-08-03 22:02:05,698:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "POST /apps/CustomerService HTTP/1.1" 200 None

I had a look at a tcp dump but did not see anything useful than the logs above did not show already.

<!-- gh-comment-id:3148694686 --> @sndstone commented on GitHub (Aug 3, 2025): Seems that I have the same error running the install in nginx proxy manager or manually with certbot-dns-strato: Plugins selected: Authenticator dns-strato, Installer None Requesting a certificate for *.domain.nl Performing the following challenges: dns-01 challenge for domain.nl https://www.strato.nl:443/apps/CustomerService https://www.strato.nl:443/apps/CustomerService INFO: 2FA is not used. https://www.strato.nl:443/apps/CustomerService ERROR: Strato login not accepted. Letscrypt logs (which seems to look the same for nginx proxy manager as for certbot-dns-strato): 2025-08-03 22:02:05,463:DEBUG:acme.client:Storing nonce: s8fHADmcwpwL1aeWertathaDcgV3u-_o37874kkOst7x-ts24h05XxE5f 2025-08-03 22:02:05,463:INFO:certbot._internal.auth_handler:Performing the following challenges: 2025-08-03 22:02:05,463:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.nl 2025-08-03 22:02:05,465:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): www.strato.nl:443 2025-08-03 22:02:05,611:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-08-03 22:02:05,655:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "GET /apps/CustomerService HTTP/1.1" 200 None 2025-08-03 22:02:05,698:DEBUG:urllib3.connectionpool:https://www.strato.nl:443 "POST /apps/CustomerService HTTP/1.1" 200 None I had a look at a tcp dump but did not see anything useful than the logs above did not show already.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@PLanB2008 commented on GitHub (Aug 4, 2025):

Its an issue Strato introduced on their end. I created a MR for the Package maintainer which fixes the issue:

https://github.com/FlixMa/certbot-dns-strato/pull/7

After applying this to my container it works again.

<!-- gh-comment-id:3149928944 --> @PLanB2008 commented on GitHub (Aug 4, 2025): Its an issue Strato introduced on their end. I created a MR for the Package maintainer which fixes the issue: https://github.com/FlixMa/certbot-dns-strato/pull/7 After applying this to my container it works again.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@sndstone commented on GitHub (Aug 4, 2025):

@PLanB2008 thanks it indeed seems to work for me after a quick test.

<!-- gh-comment-id:3151596979 --> @sndstone commented on GitHub (Aug 4, 2025): @PLanB2008 thanks it indeed seems to work for me after a quick test.

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@PLanB2008 commented on GitHub (Aug 5, 2025):

@FlixMa updated the package, so now its possible to upgrade the python package in the container until this is reflected in the NginxProxyManager container itself :)

pip3 install certbot-dns-strato==0.2.3 --break-system-packages

<!-- gh-comment-id:3154977767 --> @PLanB2008 commented on GitHub (Aug 5, 2025): @FlixMa updated the package, so now its possible to upgrade the python package in the container until this is reflected in the NginxProxyManager container itself :) ```pip3 install certbot-dns-strato==0.2.3 --break-system-packages```

kerem commented 2026-02-26 06:35:11 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 22, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3939942945 --> @github-actions[bot] commented on GitHub (Feb 22, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#949

No description provided.