[GH-ISSUE #1168] I cant renew SSL cert for my domain via http challenge... #958

New issue

Closed

opened 2026-02-26 06:35:13 +03:00 by kerem · 20 comments

kerem commented 2026-02-26 06:35:13 +03:00

Owner

Copy link

Originally created by @zantag on GitHub (Jun 10, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1168

Hi i cant renew SSL for my domain. Every time when i try to renew it manually message "Internal Error" appear...
What can i do?

This is the log of container via portainer GUI:

2021-06-10 06:21:27,054:DEBUG:certbot._internal.main:certbot version: 1.4.0
2021-06-10 06:21:27,055:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dn>
2021-06-10 06:21:27,055:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone>
2021-06-10 06:21:27,183:DEBUG:certbot._internal.log:Root logging level set at 30
2021-06-10 06:21:27,184:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-10 06:21:27,272:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object a>
2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var authenticator=webroot (set by user).
2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2021-06-10 06:21:27,274:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2021-06-10 06:21:27,274:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2021-06-10 06:21:27,351:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-06-10 06:21:27,586:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-06-10 06:21:27,589:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-1/cert2.pem is signed by the certificate's issuer.
2021-06-10 06:21:27,597:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-1/cert2.pem is: OCSPCertStatus.GOOD
2021-06-10 06:21:27,607:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-07-04 07:21:03 UTC.
2021-06-10 06:21:27,607:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2021-06-10 06:21:27,607:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 102.19420363800577 seconds
2021-06-10 06:23:09,811:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-06-10 06:23:09,826:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f23426e19d0>
Prep: True
2021-06-10 06:23:09,827:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f23426e19d0>
2021-06-10 06:23:09,828:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-06-10 06:23:09,835:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=>
2021-06-10 06:23:09,837:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-10 06:23:09,840:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-10 06:23:10,804:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-06-10 06:23:10,805:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 10 Jun 2021 06:23:10 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive

[6/10/2021] [5:41:57 AM] [Express  ] › ⚠  warning   Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 17.87999619603458 seconds
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for (hide.hide.hide)
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain (hide.hide.hide)
http-01 challenge for (hide.hide.hide)
Cleaning up challenges
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/npm-1/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Originally created by @zantag on GitHub (Jun 10, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1168 Hi i cant renew SSL for my domain. Every time when i try to renew it manually message "Internal Error" appear... What can i do?  This is the log of container via portainer GUI: ``` 2021-06-10 06:21:27,054:DEBUG:certbot._internal.main:certbot version: 1.4.0 2021-06-10 06:21:27,055:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dn> 2021-06-10 06:21:27,055:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone> 2021-06-10 06:21:27,183:DEBUG:certbot._internal.log:Root logging level set at 30 2021-06-10 06:21:27,184:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2021-06-10 06:21:27,272:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object a> 2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user). 2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var authenticator=webroot (set by user). 2021-06-10 06:21:27,273:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user). 2021-06-10 06:21:27,274:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user). 2021-06-10 06:21:27,274:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user). 2021-06-10 06:21:27,351:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80 2021-06-10 06:21:27,586:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503 2021-06-10 06:21:27,589:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-1/cert2.pem is signed by the certificate's issuer. 2021-06-10 06:21:27,597:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-1/cert2.pem is: OCSPCertStatus.GOOD 2021-06-10 06:21:27,607:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-07-04 07:21:03 UTC. 2021-06-10 06:21:27,607:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing... 2021-06-10 06:21:27,607:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 102.19420363800577 seconds 2021-06-10 06:23:09,811:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2021-06-10 06:23:09,826:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f23426e19d0> Prep: True 2021-06-10 06:23:09,827:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f23426e19d0> 2021-06-10 06:23:09,828:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2021-06-10 06:23:09,835:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=> 2021-06-10 06:23:09,837:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-06-10 06:23:09,840:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-06-10 06:23:10,804:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2021-06-10 06:23:10,805:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 10 Jun 2021 06:23:10 GMT Content-Type: application/json Content-Length: 658 Connection: keep-alive ``` ``` [6/10/2021] [5:41:57 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --preferred-challenges "dns,http" --disable-hook-validation Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Non-interactive renewal: random delay of 17.87999619603458 seconds Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for (hide.hide.hide) Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Challenge failed for domain (hide.hide.hide) http-01 challenge for (hide.hide.hide) Cleaning up challenges Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-1/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) ```

kerem 2026-02-26 06:35:13 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@zaqrt-zaq commented on GitHub (Jun 10, 2021):

same issue here . i been using this for about 6 mounth and today is stops working (i can`y request new certyfikate)

<!-- gh-comment-id:858444901 --> @zaqrt-zaq commented on GitHub (Jun 10, 2021): same issue here . i been using this for about 6 mounth and today is stops working (i can`y request new certyfikate)

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@frisodubach commented on GitHub (Jun 10, 2021):

Just a random guess here, but is the domain proxied by any change? Maybe try disabling the proxy when renewing the certificate.

<!-- gh-comment-id:858660555 --> @frisodubach commented on GitHub (Jun 10, 2021): Just a random guess here, but is the domain proxied by any change? Maybe try disabling the proxy when renewing the certificate.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@zaqrt-zaq commented on GitHub (Jun 10, 2021):

For me helped switching to the version 2.3.9 and deleting the let's encrypt folder

<!-- gh-comment-id:858670089 --> @zaqrt-zaq commented on GitHub (Jun 10, 2021): For me helped switching to the version 2.3.9 and deleting the let's encrypt folder

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@asage-me commented on GitHub (Jun 10, 2021):

I'm curious if my issue is related? I'm using DNS challenge but I see the same "Internal Error" message

https://github.com/jc21/nginx-proxy-manager/issues/1146

<!-- gh-comment-id:858735100 --> @asage-me commented on GitHub (Jun 10, 2021): I'm curious if my issue is related? I'm using DNS challenge but I see the same "Internal Error" message https://github.com/jc21/nginx-proxy-manager/issues/1146

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@apollo40 commented on GitHub (Jun 10, 2021):

Same problem here. Cant renew Certs via Certbot using DNS Challenge on Cloudflair

<!-- gh-comment-id:858746719 --> @apollo40 commented on GitHub (Jun 10, 2021): Same problem here. Cant renew Certs via Certbot using DNS Challenge on Cloudflair

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Jun 10, 2021):

I'm curious if my issue is related? I'm using DNS challenge but I see the same "Internal Error" message

#1146

I'm pretty sure they aren't, as this issue is about using the HTTP challenge. So any issues with DNS challenges most likely have nothing to do with this issue.

<!-- gh-comment-id:858783132 --> @chaptergy commented on GitHub (Jun 10, 2021): > I'm curious if my issue is related? I'm using DNS challenge but I see the same "Internal Error" message > > #1146 I'm pretty sure they aren't, as this issue is about using the HTTP challenge. So any issues with DNS challenges most likely have nothing to do with this issue.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@heyitsmdr commented on GitHub (Jun 10, 2021):

This is happening to me as well, using the http challenge. I'm going to see if I can debug this a bit further tonight.

<!-- gh-comment-id:859034996 --> @heyitsmdr commented on GitHub (Jun 10, 2021): This is happening to me as well, using the http challenge. I'm going to see if I can debug this a bit further tonight.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@zantag commented on GitHub (Jun 11, 2021):

My version on nginx proxy manager is v2.7.3 but i see the latest is v2.9.3... How to update to to the latest version i hope this version to fix my problem...

<!-- gh-comment-id:859542112 --> @zantag commented on GitHub (Jun 11, 2021): My version on nginx proxy manager is v2.7.3 but i see the latest is v2.9.3... How to update to to the latest version i hope this version to fix my problem...

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@apollo40 commented on GitHub (Jun 11, 2021):

My version on nginx proxy manager is v2.7.3 but i see the latest is v2.9.3... How to update to to the latest version i hope this version to fix my problem...

I updates mine too, and it didnt solve the Problem. Today i was able to renew 1 Cert then the Error displayed again.

For Updating it depands on your Setup. If you habe a docker-compose file, just enter the Directory and run

docker-compose pull
docker-compose up -d

<!-- gh-comment-id:859545155 --> @apollo40 commented on GitHub (Jun 11, 2021): > My version on nginx proxy manager is v2.7.3 but i see the latest is v2.9.3... How to update to to the latest version i hope this version to fix my problem... I updates mine too, and it didnt solve the Problem. Today i was able to renew 1 Cert then the Error displayed again. For Updating it depands on your Setup. If you habe a docker-compose file, just enter the Directory and run docker-compose pull docker-compose up -d

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@Verttigo28 commented on GitHub (Jun 11, 2021):

Yeah same issues for the past 6 months.
You need to remove the let's encrypt folder and redo it.

I don't know why, cause log say that the request could not be made but if i go on the HTTP Challenge URL i can access it shortly.

<!-- gh-comment-id:859580348 --> @Verttigo28 commented on GitHub (Jun 11, 2021): Yeah same issues for the past 6 months. You need to remove the let's encrypt folder and redo it. I don't know why, cause log say that the request could not be made but if i go on the HTTP Challenge URL i can access it shortly.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@zantag commented on GitHub (Jun 11, 2021):

I install nginx proxy manager via portainer like stack. I try to reinstall it but again is old v2.7.3... maybe integrated certbot is old or?

<!-- gh-comment-id:859601124 --> @zantag commented on GitHub (Jun 11, 2021): I install nginx proxy manager via portainer like stack. I try to reinstall it but again is old v2.7.3... maybe integrated certbot is old or?

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@Verttigo28 commented on GitHub (Jun 11, 2021):

You need to pull and check your docker.compose if the version is not hard coded.

<!-- gh-comment-id:859603003 --> @Verttigo28 commented on GitHub (Jun 11, 2021): You need to pull and check your docker.compose if the version is not hard coded.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@chartinger commented on GitHub (Jun 16, 2021):

Same problem here. (via docker-compose) Pulled the current image, error still there. @Verttigo28 which directory did you remove? If i remove the letsencrypt folder nginx fails to start.

<!-- gh-comment-id:862547482 --> @chartinger commented on GitHub (Jun 16, 2021): Same problem here. (via docker-compose) Pulled the current image, error still there. @Verttigo28 which directory did you remove? If i remove the letsencrypt folder nginx fails to start.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@zantag commented on GitHub (Jul 1, 2021):

I give up guys, i bought new cert from ssl provaider and upload it manually to the proxy server.

<!-- gh-comment-id:872035056 --> @zantag commented on GitHub (Jul 1, 2021): I give up guys, i bought new cert from ssl provaider and upload it manually to the proxy server.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@ChrisParsons commented on GitHub (Jan 19, 2022):

Has anyone figured out how to fix this? I'm having the same issue i.e. I cannot get new certificates or renew certificates using lets encrypt. This was working and now appears to be broken. I tried deleting the lets encrypt folder but had to restore it as NPM failed to start.

<!-- gh-comment-id:1016492825 --> @ChrisParsons commented on GitHub (Jan 19, 2022): Has anyone figured out how to fix this? I'm having the same issue i.e. I cannot get new certificates or renew certificates using lets encrypt. This was working and now appears to be broken. I tried deleting the lets encrypt folder but had to restore it as NPM failed to start.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Jan 19, 2022):

What do the letsencrypt logs say? See https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1749#user-content-certificate-error

<!-- gh-comment-id:1016508607 --> @chaptergy commented on GitHub (Jan 19, 2022): What do the letsencrypt logs say? See https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1749#user-content-certificate-error

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@ChrisParsons commented on GitHub (Jan 20, 2022):

Thanks for the response @chaptergy. I have ports 443 and 80 directed from the router to the NPM container. I'm not using DNS challenge.

Here is log from /var/log/letsencrypt/letsencrypt.log

Looks like I can't access the internet from the container. The DNS server for the container is 127.0.0.11 which I understand is correct?

Any ideas?

2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:certbot version: 1.21.0
2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-26', '--agree-tos', '--authenticator', 'webroot', '--email', 'redactedgmail.com', '--preferred-challenges', 'dns,http', '--domains', 'redacted.ca']
2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-01-20 10:07:57,578:DEBUG:certbot._internal.log:Root logging level set at 30
2022-01-20 10:07:57,579:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-01-20 10:07:57,583:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f7f32b56f60>
Prep: True
2022-01-20 10:07:57,583:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f7f32b56f60> and installer None
2022-01-20 10:07:57,584:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-01-20 10:07:57,741:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/281014530', new_authzr_uri=None, terms_of_service=None), 9d709dafa9c560ae2caf09710b7e78af, Meta(creation_dt=datetime.datetime(2021, 11, 15, 3, 24, 33, tzinfo=<UTC>), creation_host='49c7c2498084', register_to_eff=None))>
2022-01-20 10:07:57,742:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-01-20 10:07:57,745:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-01-20 10:08:07,756:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 175, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/connection.py", line 73, in create_connection
    for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 706, in urlopen
    chunked=chunked,
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 358, in connect
    conn = self._new_conn()
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 187, in _new_conn
    self, "Failed to establish a new connection: %s" % e
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 756, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1416, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 770, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 267, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 48, in acme_from_config_key
    client = acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 875, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1236, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1174, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
2022-01-20 10:08:07,854:ERROR:certbot._internal.log:An unexpected error occurred:
2022-01-20 10:08:07,854:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

<!-- gh-comment-id:1017617934 --> @ChrisParsons commented on GitHub (Jan 20, 2022): Thanks for the response @chaptergy. I have ports 443 and 80 directed from the router to the NPM container. I'm not using DNS challenge. Here is log from /var/log/letsencrypt/letsencrypt.log Looks like I can't access the internet from the container. The DNS server for the container is 127.0.0.11 which I understand is correct? Any ideas? ``` 2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:certbot version: 1.21.0 2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-26', '--agree-tos', '--authenticator', 'webroot', '--email', 'redactedgmail.com', '--preferred-challenges', 'dns,http', '--domains', 'redacted.ca'] 2022-01-20 10:07:57,557:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2022-01-20 10:07:57,578:DEBUG:certbot._internal.log:Root logging level set at 30 2022-01-20 10:07:57,579:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2022-01-20 10:07:57,583:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: Authenticator, Plugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f7f32b56f60> Prep: True 2022-01-20 10:07:57,583:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f7f32b56f60> and installer None 2022-01-20 10:07:57,584:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2022-01-20 10:07:57,741:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/281014530', new_authzr_uri=None, terms_of_service=None), 9d709dafa9c560ae2caf09710b7e78af, Meta(creation_dt=datetime.datetime(2021, 11, 15, 3, 24, 33, tzinfo=<UTC>), creation_host='49c7c2498084', register_to_eff=None))> 2022-01-20 10:07:57,742:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2022-01-20 10:07:57,745:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2022-01-20 10:08:07,756:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 175, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/connection.py", line 73, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Temporary failure in name resolution During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 706, in urlopen chunked=chunked, File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn conn.connect() File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 358, in connect conn = self._new_conn() File "/opt/certbot/lib/python3.7/site-packages/urllib3/connection.py", line 187, in _new_conn self, "Failed to establish a new connection: %s" % e urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/opt/certbot/lib/python3.7/site-packages/urllib3/connectionpool.py", line 756, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/opt/certbot/lib/python3.7/site-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1416, in certonly le_client = _init_le_client(config, auth, installer) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 770, in _init_le_client return client.Client(config, acc, authenticator, installer, acme=acme) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 267, in __init__ acme = acme_from_config_key(config, self.account.key, self.account.regr) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 48, in acme_from_config_key client = acme_client.BackwardsCompatibleClientV2(net, key, config.server) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 875, in __init__ directory = messages.Directory.from_json(net.get(server).json()) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1236, in get self._send_request('GET', url, **kwargs), content_type=content_type) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1174, in _send_request response = self.session.request(method, url, *args, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/opt/certbot/lib/python3.7/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/opt/certbot/lib/python3.7/site-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')) 2022-01-20 10:08:07,854:ERROR:certbot._internal.log:An unexpected error occurred: 2022-01-20 10:08:07,854:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7f32a6c630>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')) ```

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@ChrisParsons commented on GitHub (Jan 21, 2022):

Resolved my issue. I don't think it was related to the NPM container but rather my docker config. I don't know exactly what was wrong. Restarting the docker service didn't seem to help but restarting the server on which docker runs seemed to fix it.

<!-- gh-comment-id:1018549869 --> @ChrisParsons commented on GitHub (Jan 21, 2022): Resolved my issue. I don't think it was related to the NPM container but rather my docker config. I don't know exactly what was wrong. Restarting the docker service didn't seem to help but restarting the server on which docker runs seemed to fix it.

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Mar 9, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1986685650 --> @github-actions[bot] commented on GitHub (Mar 9, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 06:35:13 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 22, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2819877845 --> @github-actions[bot] commented on GitHub (Apr 22, 2025): Issue was closed due to inactivity.

kerem referenced this issue 2026-02-26 07:38:53 +03:00

[PR #958] [MERGED] docker-compose Instructions for streams support #3326

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#958

No description provided.