starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1199] 2.9.4 Breaks Certbot Auto-Renewal and Certificate Verification #980

New issue
Closed
opened 2026-02-26 06:35:17 +03:00 by kerem · 7 comments
kerem commented 2026-02-26 06:35:17 +03:00
Owner
Copy link

Originally created by @eroc1990 on GitHub (Jun 22, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1199

Upon upgrading to 2.9.4, I discovered that anything I'm reverse proxying no longer loads and Cloudflare throws a 520 error. I'm not sure what directory 2.9.3 and older looked for, but NPM isn't finding ant certs in what it's expecting, which is /etc/letsencrypt/renewal. As a result none of my sites appear to be loading.

Here's a snip of my tailing the letsencrypt log after attempting to force a renewal of one of my existing certs:

File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1552, in main
return config.func(config, plugins)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1439, in renew
renewal.handle_renewal_request(config)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 415, in handle_renewal_request
conf_files = [storage.renewal_file_for_certname(config, config.certname)]
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 58, in renewal_file_for_certname
"{1}).".format(certname, path))
certbot.errors.CertStorageError: No certificate found with name npm-24 (expected /etc/letsencrypt/renewal/npm-24.conf).
2021-06-22 08:23:13,244:ERROR:certbot._internal.log:No certificate found with name npm-24 (expected /etc/letsencrypt/renewal/npm-24.conf).

Anything you can do to help resolve this would be greatly appreciated. It wouldn't be a ton of trouble to rebuild it if need be but I'm curious if I'm the only one running into this issue.

Originally created by @eroc1990 on GitHub (Jun 22, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1199 Upon upgrading to 2.9.4, I discovered that anything I'm reverse proxying no longer loads and Cloudflare throws a 520 error. I'm not sure what directory 2.9.3 and older looked for, but NPM isn't finding ant certs in what it's expecting, which is /etc/letsencrypt/renewal. As a result none of my sites appear to be loading. Here's a snip of my tailing the letsencrypt log after attempting to force a renewal of one of my existing certs: > File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1552, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1439, in renew renewal.handle_renewal_request(config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 415, in handle_renewal_request conf_files = [storage.renewal_file_for_certname(config, config.certname)] File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 58, in renewal_file_for_certname "{1}).".format(certname, path)) certbot.errors.CertStorageError: No certificate found with name npm-24 (expected /etc/letsencrypt/renewal/npm-24.conf). 2021-06-22 08:23:13,244:ERROR:certbot._internal.log:No certificate found with name npm-24 (expected /etc/letsencrypt/renewal/npm-24.conf). Anything you can do to help resolve this would be greatly appreciated. It wouldn't be a ton of trouble to rebuild it if need be but I'm curious if I'm the only one running into this issue.
kerem 2026-02-26 06:35:17 +03:00
  • closed this issue
  • added the
    stale
         label
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@eroc1990 commented on GitHub (Jun 22, 2021):

For the record this can be fixed by simply requesting a new cert through the GUI but as is, it did break my setup.

Should have included this earlier: Running Docker on Unraid ver. 6.9.2,

<!-- gh-comment-id:865951274 --> @eroc1990 commented on GitHub (Jun 22, 2021): For the record this can be fixed by simply requesting a new cert through the GUI but as is, it did break my setup. Should have included this earlier: Running Docker on Unraid ver. 6.9.2,
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@focher commented on GitHub (Aug 11, 2021):

Same issue here. Using Route 53 with DNS validation configured. The initial certificate is created fine.

Logs 
[~/docker/nginx] # docker exec nginx cat /var/log/letsencrypt/letsencrypt.log 
2021-08-11 17:30:45,464:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-08-11 17:30:45,466:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-08-11 17:30:45,467:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation']
2021-08-11 17:30:45,468:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-11 17:30:45,576:DEBUG:certbot._internal.log:Root logging level set at 40
2021-08-11 17:30:45,581:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-1.conf
2021-08-11 17:30:45,584:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-1.conf is broken.
2021-08-11 17:30:45,585:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:45,588:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink

2021-08-11 17:30:45,589:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-10.conf
2021-08-11 17:30:45,592:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-10.conf is broken.
2021-08-11 17:30:45,593:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-10/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:45,594:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-10/cert.pem to be a symlink

2021-08-11 17:30:45,595:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-11.conf
2021-08-11 17:30:45,608:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-11.conf is broken.
2021-08-11 17:30:45,614:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-11/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:45,626:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-11/cert.pem to be a symlink

2021-08-11 17:30:45,627:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-12.conf
2021-08-11 17:30:46,042:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f1ccdac1940> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f1ccdac1940>
2021-08-11 17:30:46,335:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-08-11 17:30:46,378:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-08-11 17:30:46,381:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-12/cert1.pem is signed by the certificate's issuer.
2021-08-11 17:30:46,394:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-12/cert1.pem is: OCSPCertStatus.GOOD
2021-08-11 17:30:46,406:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal
2021-08-11 17:30:46,409:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-route53 and installer None
2021-08-11 17:30:46,410:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-2.conf
2021-08-11 17:30:46,417:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-2.conf is broken.
2021-08-11 17:30:46,418:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:46,418:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink

2021-08-11 17:30:46,419:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-3.conf
2021-08-11 17:30:46,423:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf is broken.
2021-08-11 17:30:46,423:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:46,424:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink

2021-08-11 17:30:46,424:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2021-08-11 17:30:46,429:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-8.conf is broken.
2021-08-11 17:30:46,430:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-8/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:46,430:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-8/cert.pem to be a symlink

2021-08-11 17:30:46,431:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-9.conf
2021-08-11 17:30:46,474:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-9.conf is broken.
2021-08-11 17:30:46,474:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-9/cert.pem to be a symlink
Skipping.
2021-08-11 17:30:46,475:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__
    self._check_symlinks()
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-9/cert.pem to be a symlink

2021-08-11 17:30:46,475:DEBUG:certbot.display.util:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-08-11 17:30:46,475:DEBUG:certbot.display.util:Notifying user: The following certificates are not due for renewal yet:
2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user:   /etc/letsencrypt/live/npm-12/fullchain.pem expires on 2021-09-27 (skipped)
2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user: No renewals were attempted.
2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user: 
Additionally, the following renewal configurations were invalid: 
2021-08-11 17:30:46,482:DEBUG:certbot.display.util:Notifying user:   /etc/letsencrypt/renewal/npm-1.conf (parsefail)
  /etc/letsencrypt/renewal/npm-10.conf (parsefail)
  /etc/letsencrypt/renewal/npm-11.conf (parsefail)
  /etc/letsencrypt/renewal/npm-2.conf (parsefail)
  /etc/letsencrypt/renewal/npm-3.conf (parsefail)
  /etc/letsencrypt/renewal/npm-8.conf (parsefail)
  /etc/letsencrypt/renewal/npm-9.conf (parsefail)
2021-08-11 17:30:46,487:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-08-11 17:30:46,492:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1461, in renew
    renewal.handle_renewal_request(config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 500, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 0 renew failure(s), 7 parse failure(s)
2021-08-11 17:30:46,506:ERROR:certbot._internal.log:0 renew failure(s), 7 parse failure(s)
<!-- gh-comment-id:897022705 --> @focher commented on GitHub (Aug 11, 2021): Same issue here. Using Route 53 with DNS validation configured. The initial certificate is created fine. <details><summary>Logs</summary> ``` [~/docker/nginx] # docker exec nginx cat /var/log/letsencrypt/letsencrypt.log 2021-08-11 17:30:45,464:DEBUG:certbot._internal.main:certbot version: 1.17.0 2021-08-11 17:30:45,466:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-08-11 17:30:45,467:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation'] 2021-08-11 17:30:45,468:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-08-11 17:30:45,576:DEBUG:certbot._internal.log:Root logging level set at 40 2021-08-11 17:30:45,581:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-1.conf 2021-08-11 17:30:45,584:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-1.conf is broken. 2021-08-11 17:30:45,585:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink Skipping. 2021-08-11 17:30:45,588:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-1/cert.pem to be a symlink 2021-08-11 17:30:45,589:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-10.conf 2021-08-11 17:30:45,592:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-10.conf is broken. 2021-08-11 17:30:45,593:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-10/cert.pem to be a symlink Skipping. 2021-08-11 17:30:45,594:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-10/cert.pem to be a symlink 2021-08-11 17:30:45,595:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-11.conf 2021-08-11 17:30:45,608:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-11.conf is broken. 2021-08-11 17:30:45,614:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-11/cert.pem to be a symlink Skipping. 2021-08-11 17:30:45,626:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-11/cert.pem to be a symlink 2021-08-11 17:30:45,627:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-12.conf 2021-08-11 17:30:46,042:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f1ccdac1940> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f1ccdac1940> 2021-08-11 17:30:46,335:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80 2021-08-11 17:30:46,378:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503 2021-08-11 17:30:46,381:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-12/cert1.pem is signed by the certificate's issuer. 2021-08-11 17:30:46,394:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-12/cert1.pem is: OCSPCertStatus.GOOD 2021-08-11 17:30:46,406:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal 2021-08-11 17:30:46,409:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-route53 and installer None 2021-08-11 17:30:46,410:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-2.conf 2021-08-11 17:30:46,417:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-2.conf is broken. 2021-08-11 17:30:46,418:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink Skipping. 2021-08-11 17:30:46,418:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-2/cert.pem to be a symlink 2021-08-11 17:30:46,419:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-3.conf 2021-08-11 17:30:46,423:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-3.conf is broken. 2021-08-11 17:30:46,423:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink Skipping. 2021-08-11 17:30:46,424:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-3/cert.pem to be a symlink 2021-08-11 17:30:46,424:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf 2021-08-11 17:30:46,429:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-8.conf is broken. 2021-08-11 17:30:46,430:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-8/cert.pem to be a symlink Skipping. 2021-08-11 17:30:46,430:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-8/cert.pem to be a symlink 2021-08-11 17:30:46,431:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-9.conf 2021-08-11 17:30:46,474:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-9.conf is broken. 2021-08-11 17:30:46,474:ERROR:certbot._internal.renewal:The error was: expected /etc/letsencrypt/live/npm-9/cert.pem to be a symlink Skipping. 2021-08-11 17:30:46,475:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 69, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 473, in __init__ self._check_symlinks() File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/storage.py", line 544, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/npm-9/cert.pem to be a symlink 2021-08-11 17:30:46,475:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-08-11 17:30:46,475:DEBUG:certbot.display.util:Notifying user: The following certificates are not due for renewal yet: 2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/live/npm-12/fullchain.pem expires on 2021-09-27 (skipped) 2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user: No renewals were attempted. 2021-08-11 17:30:46,476:DEBUG:certbot.display.util:Notifying user: Additionally, the following renewal configurations were invalid: 2021-08-11 17:30:46,482:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/renewal/npm-1.conf (parsefail) /etc/letsencrypt/renewal/npm-10.conf (parsefail) /etc/letsencrypt/renewal/npm-11.conf (parsefail) /etc/letsencrypt/renewal/npm-2.conf (parsefail) /etc/letsencrypt/renewal/npm-3.conf (parsefail) /etc/letsencrypt/renewal/npm-8.conf (parsefail) /etc/letsencrypt/renewal/npm-9.conf (parsefail) 2021-08-11 17:30:46,487:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-08-11 17:30:46,492:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1461, in renew renewal.handle_renewal_request(config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 500, in handle_renewal_request len(renew_failures), len(parse_failures))) certbot.errors.Error: 0 renew failure(s), 7 parse failure(s) 2021-08-11 17:30:46,506:ERROR:certbot._internal.log:0 renew failure(s), 7 parse failure(s) ``` </details>
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Aug 11, 2021):

I found this article on the subject:

https://charles-stover.medium.com/fixing-certbots-parsefail-error-during-certificate-renewal-1e7718f8a492

Could it be that your letsencrypt folder is not happy? This could be no fault of your own. There was a certbot update very recently that may have impacted how it wants the folder to be structured. I haven't had this problem myself, yet.

<!-- gh-comment-id:897188331 --> @jc21 commented on GitHub (Aug 11, 2021): I found this article on the subject: https://charles-stover.medium.com/fixing-certbots-parsefail-error-during-certificate-renewal-1e7718f8a492 Could it be that your `letsencrypt` folder is not happy? This could be no fault of your own. There was a certbot update very recently that may have impacted how it wants the folder to be structured. I haven't had this problem myself, yet.
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@focher commented on GitHub (Aug 11, 2021):

I found this article on the subject:

https://charles-stover.medium.com/fixing-certbots-parsefail-error-during-certificate-renewal-1e7718f8a492

Could it be that your letsencrypt folder is not happy? This could be no fault of your own. There was a certbot update very recently that may have impacted how it wants the folder to be structured. I haven't had this problem myself, yet.

I suspect you are correct. When I checked the article and compared to my local certbot "live" folder, it was not using the symlinks to the archive folder per the article. I then deleted a cert and just recreated, and now the entries in the live folder were proper symlinks to archive.

For anyone encountering this issue, it appears you will either need to delete and recreate the certs or manually create the symlinks between the live folder and archive. I tried to manually recreate the symlinks per the article but it never completed cleanly, despite the logs showing it did create new cert files and link them properly. But the nginx web ui still shows the old dates.

<!-- gh-comment-id:897207384 --> @focher commented on GitHub (Aug 11, 2021): > I found this article on the subject: > > https://charles-stover.medium.com/fixing-certbots-parsefail-error-during-certificate-renewal-1e7718f8a492 > > Could it be that your `letsencrypt` folder is not happy? This could be no fault of your own. There was a certbot update very recently that may have impacted how it wants the folder to be structured. I haven't had this problem myself, yet. I suspect you are correct. When I checked the article and compared to my local certbot "live" folder, it was not using the symlinks to the archive folder per the article. I then deleted a cert and just recreated, and now the entries in the live folder were proper symlinks to archive. For anyone encountering this issue, it appears you will either need to delete and recreate the certs or manually create the symlinks between the live folder and archive. I tried to manually recreate the symlinks per the article but it never completed cleanly, despite the logs showing it did create new cert files and link them properly. But the nginx web ui still shows the old dates.
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Aug 11, 2021):

The dates thing is an inspection only, and only happens after a successful "renewal" command is run from within the app. Something to fix later, but minor.

<!-- gh-comment-id:897218833 --> @jc21 commented on GitHub (Aug 11, 2021): The dates thing is an inspection only, and only happens after a successful "renewal" command is run from within the app. Something to fix later, but minor.
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 9, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1986685554 --> @github-actions[bot] commented on GitHub (Mar 9, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:35:18 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 21, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2817492830 --> @github-actions[bot] commented on GitHub (Apr 21, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#980
No description provided.