starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #109] Certificate renewal not working #97

New issue
Closed
opened 2026-02-26 05:34:30 +03:00 by kerem · 9 comments
kerem commented 2026-02-26 05:34:30 +03:00
Owner
Copy link

Originally created by @fidelix on GitHub (Mar 25, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/109

This is on the docker log:

[2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[2019-3-25] [14:34:20] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[2019-3-25] [14:34:20] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[2019-3-25] [14:34:20] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[2019-3-25] [14:34:20] [Global ] › ℹ info PID 1470 listening on port 8181 ...
[2019-3-25] [14:35:10] [Nginx ] › ℹ info Reloading Nginx

And yet some of my certificates have expired days ago.

screenshot

Would be nice to have the option to manually renew as well for these cases...

Originally created by @fidelix on GitHub (Mar 25, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/109 This is on the docker log: ``` [2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [2019-3-25] [14:34:19] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 [2019-3-25] [14:34:20] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 [2019-3-25] [14:34:20] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [2019-3-25] [14:34:20] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [2019-3-25] [14:34:20] [Global ] › ℹ info PID 1470 listening on port 8181 ... [2019-3-25] [14:35:10] [Nginx ] › ℹ info Reloading Nginx ``` And yet some of my certificates have expired days ago. ![screenshot](https://i.imgur.com/QFhkwqC.png) Would be nice to have the option to manually renew as well for these cases...
kerem 2026-02-26 05:34:30 +03:00
kerem commented 2026-02-26 05:34:31 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Mar 27, 2019):

Do you have logs from the last 2 days or so? the renewal timer should fire every 12 hours and there should be some information in the docker logs, starting with Renewing SSL certs close to expiry...

And yes I agree a manual renewal would be nice too

<!-- gh-comment-id:476970427 --> @jc21 commented on GitHub (Mar 27, 2019): Do you have logs from the last 2 days or so? the renewal timer should fire every 12 hours and there should be some information in the docker logs, starting with `Renewing SSL certs close to expiry...` And yes I agree a manual renewal would be nice too
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@albertquiroga commented on GitHub (Mar 27, 2019):

Experiencing a similar issue here... just to clarify when should the renewal timer trigger? By 'every 12 hours' you mean at 12:00 and 24:00 or 12 hours after startup?

<!-- gh-comment-id:477339134 --> @albertquiroga commented on GitHub (Mar 27, 2019): Experiencing a similar issue here... just to clarify when should the renewal timer trigger? By 'every 12 hours' you mean at 12:00 and 24:00 or 12 hours after startup?
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Mar 27, 2019):

12 hours after startup. If you wanted to manually do it once, try a command like this:

docker exec -ti name_of_docker_container /usr/bin/certbot renew
<!-- gh-comment-id:477379341 --> @jc21 commented on GitHub (Mar 27, 2019): 12 hours after startup. If you wanted to manually do it once, try a command like this: ```bash docker exec -ti name_of_docker_container /usr/bin/certbot renew ```
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@zaywalker commented on GitHub (Apr 12, 2019):

I have same problem. but just UI shows wrong expired date, SSL is actually renewed and working. This means npm UI shows red expired SSL but when I'm browsing SSLed site and check certificates, they shows renewed date. I'm not sure it's only my cases...

ssl01
ssl02

<!-- gh-comment-id:482408486 --> @zaywalker commented on GitHub (Apr 12, 2019): I have same problem. but just UI shows wrong expired date, SSL is actually renewed and working. This means npm UI shows red expired SSL but when I'm browsing SSLed site and check certificates, they shows renewed date. I'm not sure it's only my cases... ![ssl01](https://user-images.githubusercontent.com/33807772/56007652-63680000-5d14-11e9-935e-3201fea67bdf.jpg) ![ssl02](https://user-images.githubusercontent.com/33807772/56007657-66fb8700-5d14-11e9-8d25-26e0ccbf5493.jpg)
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Apr 12, 2019):

Ok yep sounds like a small bug there then.

<!-- gh-comment-id:482425201 --> @jc21 commented on GitHub (Apr 12, 2019): Ok yep sounds like a small bug there then.
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (May 9, 2019):

The UI for this should be fixed in 2.0.13, just released. However in saying that, things still might not work as it should for those who have deleted any LE certs from within this application. The deletion was previously only revoking the certificate, not also deleting it from disk, so the auto renewal process was returning a non-zero response as a failure despite being able to renew all the other valid certificates.

If you find that after 1 hour of using 2.0.13 that the certificates list expiry still doesn't match the actual certificate date in the browser bar, then do the following:

  • enter the docker container, ie: docker exec -ti nginx-proxy-manager_app_1 bash
  • try to renew all the certs manually: certbot renew
  • look for any messages about being unable to renew a certificate and then for each of them: cerbot delete --cert-name npm-123
  • if you need a list of the certs: certbot certificates
  • run certbot renew again until there are no errors, then wait up to an hour to see the new dates in the UI
<!-- gh-comment-id:490713879 --> @jc21 commented on GitHub (May 9, 2019): The UI for this should be fixed in 2.0.13, just released. However in saying that, things still might not work as it should for those who have deleted any LE certs from within this application. The deletion was previously only revoking the certificate, not also deleting it from disk, so the auto renewal process was returning a non-zero response as a failure despite being able to renew all the other valid certificates. If you find that after 1 hour of using 2.0.13 that the certificates list expiry still doesn't match the actual certificate date in the browser bar, then do the following: - enter the docker container, ie: `docker exec -ti nginx-proxy-manager_app_1 bash` - try to renew all the certs manually: `certbot renew` - look for any messages about being unable to renew a certificate and then for each of them: `cerbot delete --cert-name npm-123` - if you need a list of the certs: `certbot certificates` - run `certbot renew` again until there are no errors, then wait up to an hour to see the new dates in the UI
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@fidelix commented on GitHub (Sep 23, 2019):

For those reading, don't follow the steps above. You will break your installation.

Nginx will fail to start as soon as you run the delete command in any certs and you will be forced to manually find and fix any references to it.

Unfortunately the solution I had to take was to delete the entries from the UI and add them again. It was a lot of work as I had about 50 domains with wildly different configurations.

To @jc21, this is still broken, even after 2.0.13, just so you know. My certificates have not renewed at all even after doing what I said above.

<!-- gh-comment-id:534163570 --> @fidelix commented on GitHub (Sep 23, 2019): For those reading, don't follow the steps above. You will break your installation. Nginx will fail to start as soon as you run the delete command in any certs and you will be forced to manually find and fix any references to it. Unfortunately the solution I had to take was to delete the entries from the UI and add them again. It was a lot of work as I had about 50 domains with wildly different configurations. To @jc21, this is still broken, even after 2.0.13, just so you know. My certificates have not renewed at all even after doing what I said above.
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@nin9s commented on GitHub (Feb 15, 2021):

@fidelix I'm still experiencing this behavior. Did you ever find a solution?

<!-- gh-comment-id:779074544 --> @nin9s commented on GitHub (Feb 15, 2021): @fidelix I'm still experiencing this behavior. Did you ever find a solution?
kerem commented 2026-02-26 05:34:32 +03:00
Author
Owner
Copy link

@fidelix commented on GitHub (Feb 15, 2021):

@nin9s no. As I said I had to rebuild everything from scratch.
New versions seem to be behaving better, though, and I only encountered a similar issues once since I opened this issue.

<!-- gh-comment-id:779369491 --> @fidelix commented on GitHub (Feb 15, 2021): @nin9s no. As I said I had to rebuild everything from scratch. New versions seem to be behaving better, though, and I only encountered a similar issues once since I opened this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#97
No description provided.