starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00

[GH-ISSUE #1185] Cannot use Google DNS Challenge for SSL #969

New issue

Closed

opened 2026-02-26 06:35:15 +03:00 by kerem · 3 comments

kerem commented

2026-02-26 06:35:15 +03:00

Owner

Originally created by @kpd328 on GitHub (Jun 17, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1185

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
The Google Cloud DNS plugin does not seem to be working for certbot. When attempting a DNS Challenge with Google as the provider, it throws the following error:

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-10" --agree-tos --email "<redacted>" --domains "<redacted>" --authenticator dns-google --dns-google-credentials "/etc/letsencrypt/credentials/credentials-10"
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-google-credentials /etc/letsencrypt/credentials/credentials-10

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Socket. (node:internal/child_process:453:11)
    at Socket.emit (node:events:369:20)
    at Pipe. (node:net:666:12)

It seems that certbot can't find the dns-google-credentials plugin where the --dns-google-credentials flag comes from, and I have made sure certbot is up to date (1.16.0) but when I try to upgrade dns-google-credentials to 1.16.0 (its currently at 1.8.0) it says it upgrades, but is still at version 1.8.0. I'm suspecting this is the problem, but I can't figure out how to make the update stick.

Nginx Proxy Manager Version
v2.9.3

To Reproduce
Steps to reproduce the behavior:

Attempt a DNS Challenge to obtain SSL Cert
Use Google as DNS provider
Attempt to obtain SSL Cert after pasting credentials file

Expected behavior
cerbot should attempt to acquire an SSL Cert for the supplied domains.

Operating System
OpenMediaVault 5 (Debian 10 Based)

Additional context
Using Portainer 2.1.1 and Docker 5:20.10.7

Originally created by @kpd328 on GitHub (Jun 17, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1185 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** The Google Cloud DNS plugin does not seem to be working for certbot. When attempting a DNS Challenge with Google as the provider, it throws the following error: ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-10" --agree-tos --email "<redacted>" --domains "<redacted>" --authenticator dns-google --dns-google-credentials "/etc/letsencrypt/credentials/credentials-10" usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-google-credentials /etc/letsencrypt/credentials/credentials-10 at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Socket. (node:internal/child_process:453:11) at Socket.emit (node:events:369:20) at Pipe. (node:net:666:12) ``` It seems that certbot can't find the dns-google-credentials plugin where the `--dns-google-credentials` flag comes from, and I have made sure certbot is up to date (1.16.0) but when I try to upgrade dns-google-credentials to 1.16.0 (its currently at 1.8.0) it says it upgrades, but is still at version 1.8.0. I'm suspecting this is the problem, but I can't figure out how to make the update stick. **Nginx Proxy Manager Version** v2.9.3 **To Reproduce** Steps to reproduce the behavior: 1. Attempt a DNS Challenge to obtain SSL Cert 2. Use Google as DNS provider 3. Attempt to obtain SSL Cert after pasting credentials file **Expected behavior** cerbot should attempt to acquire an SSL Cert for the supplied domains. **Operating System** OpenMediaVault 5 (Debian 10 Based) **Additional context** Using Portainer 2.1.1 and Docker 5:20.10.7

kerem

2026-02-26 06:35:15 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-26 06:35:15 +03:00

Author

Owner

@chaptergy commented on GitHub (Jun 17, 2021):

I am not able to reproduce your issue. To make the google plugin update, you can edit the file /app/global/certbot-dns-plugins.js inside your container, search for google: (which should be at around line 200) and change package_version: '1.8.0', to package_version: '1.16.0',.

However since I cannot produce this error on my installation with dns plugin version 1.8.0, I'm not sure this is the issue. But go ahead and change it, see if it fixes the issue.
You could execute certbot plugins to see if certbot recognizes the plugin.

@chaptergy commented on GitHub (Jun 17, 2021): I am not able to reproduce your issue. To make the google plugin update, you can edit the file `/app/global/certbot-dns-plugins.js` inside your container, search for `google:` (which should be at around line 200) and change `package_version: '1.8.0',` to `package_version: '1.16.0',`. However since I cannot produce this error on my installation with dns plugin version 1.8.0, I'm not sure this is the issue. But go ahead and change it, see if it fixes the issue. You could execute `certbot plugins` to see if certbot recognizes the plugin.

kerem commented

2026-02-26 06:35:15 +03:00

Author

Owner

@chaptergy commented on GitHub (Jun 17, 2021):

Maybe similar issue as https://github.com/jc21/nginx-proxy-manager/issues/1109?

@chaptergy commented on GitHub (Jun 17, 2021): Maybe similar issue as https://github.com/jc21/nginx-proxy-manager/issues/1109?

kerem commented

2026-02-26 06:35:15 +03:00

Author

Owner

@kpd328 commented on GitHub (Jun 18, 2021):

Thanks for the advice, I updated the package and the problem persisted.

Looking at the output of certbot plugins the dns-google plugin is listed, but when I tried to go through certbot just attached to the console with /opt/certbot/bin/certbot certonly --authenticator dns-google it gives the error:

The requested dns-google plugin does not appear to be installed

and the log file reflected the same.

As I was writing this, I though to check using /opt/certbot/bin/certbot plugins instead of using the command on path (as this is what the UI is reporting it's doing) and it doesn't see the dns-google plugin. This reflects your comment about #1109, as running certbot certonly --authenticator dns-google let me get past the error and move on to attempt to get a cert (as it is using the version of certbot at /usr/local/bin/certbot rather than the one npm is trying to use.

I was able to point npm's certificate.js to the correct version of certbot, and I was able to get the cert. If this change should be made universally (or changing the file to simply use whichever version of certbot is on path) I could make a PR for it, if not no worries, I was able to get myself fixed up. Thanks for pointing me in the right direction.

@kpd328 commented on GitHub (Jun 18, 2021): Thanks for the advice, I updated the package and the problem persisted. Looking at the output of `certbot plugins` the `dns-google` plugin is listed, but when I tried to go through certbot just attached to the console with `/opt/certbot/bin/certbot certonly --authenticator dns-google` it gives the error: ``` The requested dns-google plugin does not appear to be installed ``` and the log file reflected the same. As I was writing this, I though to check using `/opt/certbot/bin/certbot plugins` instead of using the command on path (as this is what the UI is reporting it's doing) and it doesn't see the `dns-google` plugin. This reflects your comment about #1109, as running `certbot certonly --authenticator dns-google` let me get past the error and move on to attempt to get a cert (as it is using the version of certbot at `/usr/local/bin/certbot` rather than the one npm is trying to use. I was able to point npm's `certificate.js` to the correct version of certbot, and I was able to get the cert. If this change should be made universally (or changing the file to simply use whichever version of certbot is on path) I could make a PR for it, if not no worries, I was able to get myself fixed up. Thanks for pointing me in the right direction.

kerem referenced this issue

2026-02-26 07:38:57 +03:00

[PR #1042] [MERGED] Add DuckDNS certbot plugin #3344

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#969

No description provided.

Rows
Columns