[GH-ISSUE #1372] [BUG] Certificate Renewal Error in Nginx UI (JWS verification error) #2798

New issue

Closed

opened 2026-02-27 12:27:19 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 12:27:19 +03:00

Owner

Originally created by @zdv1g on GitHub (Oct 4, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1372

Describe the bug
When trying to renew an SSL certificate via Nginx UI, the renewal process fails with a JWS verification error.
The currently active certificate remains valid, but auto-renewal does not work.

To Reproduce
Steps to reproduce the behavior:

Go to Nginx UI → SSL
Click on Renew certificate
Wait for the process to start
See the error in logs

Expected behavior
The certificate should be successfully renewed through ACME (Let’s Encrypt) without JWS validation errors.

Screenshots
N/A

Info (please complete the following information):

Server OS: Debian 13 (bare metal, no Docker)
Server Arch: x86_64
Nginx UI Version: v2.1.17 (876213ad)
Your Browser: Chrome (latest)

Additional context
Error log:
[Error] renew cert error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: Unable to validate JWS :: JWS verification error

The ACME account is associated with more than 6 domains.
Current certificate is still valid, but renewal fails.
ACME challenge method in use: DNS Method 1.
Possible cause: invalid JWS signing, expired/corrupted ACME account registration, or time sync issues.

Originally created by @zdv1g on GitHub (Oct 4, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1372 **Describe the bug** When trying to renew an SSL certificate via Nginx UI, the renewal process fails with a JWS verification error. The currently active certificate remains valid, but auto-renewal does not work. **To Reproduce** Steps to reproduce the behavior: 1. Go to `Nginx UI → SSL` 2. Click on `Renew certificate` 3. Wait for the process to start 4. See the error in logs **Expected behavior** The certificate should be successfully renewed through ACME (Let’s Encrypt) without JWS validation errors. **Screenshots** N/A **Info (please complete the following information):** - Server OS: Debian 13 (bare metal, no Docker) - Server Arch: x86_64 - Nginx UI Version: v2.1.17 (876213ad) - Your Browser: Chrome (latest) **Additional context** Error log: [Error] renew cert error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: Unable to validate JWS :: JWS verification error - The ACME account is associated with **more than 6 domains**. - Current certificate is still valid, but renewal fails. - ACME challenge method in use: **DNS Method 1**. - Possible cause: invalid JWS signing, expired/corrupted ACME account registration, or time sync issues.