[GH-ISSUE #1270] Cannot create/renew Let's Encrypt certificates after fresh VM reinstallation - Create Certificate button disabled #3803

New issue

Closed

opened 2026-02-28 11:57:48 +03:00 by kerem · 3 comments

kerem commented

2026-02-28 11:57:48 +03:00

Owner

Originally created by @Rossigg on GitHub (Jul 28, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1270

Describe the bug
After a clean reinstallation of the VM and Nginx UI, the "Create Certificate" button in the Nginx UI web interface is disabled, preventing the creation of new Let's Encrypt SSL certificates. This issue follows a previous problem where automatic and manual certificate renewals for existing sites failed with a 404 Not Found error during the ACME HTTP-01 challenge.

To Reproduce
Note: The exact steps to reach the disabled button state are due to a full VM reinstallation after previous failures. The initial failure steps are provided for context.

Initial Failure Scenario (before reinstallation):

Navigate to the "SSL Certificates" section in Nginx UI.
Observe automatic renewal attempts for existing certificates failing (e.g., grafana.rossigg.duckdns.org).
Attempt to manually renew certificates from the web interface.
Attempt to delete existing sites and recreate them from scratch to obtain new certificates.
All attempts fail with an invalid authorization: acme: error: 403 ... 404 error (see logs below).

Current Bug (after VM reinstallation):

Perform a clean installation of the OS (Ubuntu 22.04 in my case) and Nginx UI.
Access the Nginx UI web interface.
Navigate to the "SSL Certificates" section.
Observe that the "Create Certificate" button is disabled/greyed out, preventing any new certificate generation.

Expected behavior

The Nginx UI should be able to successfully renew existing Let's Encrypt certificates using the HTTP-01 challenge.
The Nginx UI should allow the creation of new Let's Encrypt certificates, with the "Create Certificate" button enabled and functional after a clean installation.

Screenshots

Info (please complete the following information):

Server OS: Debian 12.7-1
Server Arch: x86_64
Nginx UI Version: 2.1.14 (455)
Your Browser: Edge, Firefox

Additional context
The issue initially started on Saturday morning (July 26, 2025) with automatic certificate renewals failing. Manual attempts to renew or create new certificates via the web interface also failed. The recurring error was:
[Nginx UI] Preparing lego configurations [Nginx UI] ACME User: System Initial User, Email: rossiggws@gmail.com, CA Dir: https://acme-v02.api.letsencrypt.org/directory [Nginx UI] Creating client facilitates communication with the CA server [Nginx UI] Setting HTTP01 challenge provider 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Trying renewal with 1980 hours remaining 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Obtaining bundled SAN certificate 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Could not find solver for: tls-alpn-01 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: use http-01 solver 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Trying to solve HTTP-01 2025/07/26 20:20:32 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 renew cert error: error: one or more domains had a problem: [grafana.rossigg.duckdns.org] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 77.83.113.151: Invalid response from http://grafana.rossigg.duckdns.org/.well-known/acme-challenge/inRbjGUGGpPmhIYhKUhq6xah_9kIfdO3mtmVcYN_2WWk: 404

Despite verifying public IP and DuckDNS resolution for the domains (e.g., grafana.rossigg.duckdns.org), the 404 error persisted. After reinstalling the entire VM to attempt a fresh start, the "Create Certificate" button is now disabled, preventing any certificate management. This suggests a deeper configuration or Nginx UI state issue after reinstallation, or a dependency problem.

Originally created by @Rossigg on GitHub (Jul 28, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1270 **Describe the bug** After a clean reinstallation of the VM and Nginx UI, the "Create Certificate" button in the Nginx UI web interface is disabled, preventing the creation of new Let's Encrypt SSL certificates. This issue follows a previous problem where automatic and manual certificate renewals for existing sites failed with a 404 Not Found error during the ACME HTTP-01 challenge. **To Reproduce** Note: The exact steps to reach the disabled button state are due to a full VM reinstallation after previous failures. The initial failure steps are provided for context. **Initial Failure Scenario (before reinstallation):** 1. Navigate to the "SSL Certificates" section in Nginx UI. 2. Observe automatic renewal attempts for existing certificates failing (e.g., grafana.rossigg.duckdns.org). 3. Attempt to manually renew certificates from the web interface. 4. Attempt to delete existing sites and recreate them from scratch to obtain new certificates. 5. All attempts fail with an invalid authorization: acme: error: 403 ... 404 error (see logs below). **Current Bug (after VM reinstallation):** 1. Perform a clean installation of the OS (Ubuntu 22.04 in my case) and Nginx UI. 2. Access the Nginx UI web interface. 3. Navigate to the "SSL Certificates" section. 4. Observe that the "Create Certificate" button is disabled/greyed out, preventing any new certificate generation. **Expected behavior** - The Nginx UI should be able to successfully renew existing Let's Encrypt certificates using the HTTP-01 challenge. - The Nginx UI should allow the creation of new Let's Encrypt certificates, with the "Create Certificate" button enabled and functional after a clean installation. **Screenshots** <img width="350" height="216" alt="Image" src="https://github.com/user-attachments/assets/b3352986-fb94-4633-b122-1a48190d1c1a" /> **Info (please complete the following information):** - Server OS: Debian 12.7-1 - Server Arch: x86_64 - Nginx UI Version: 2.1.14 (455) - Your Browser: Edge, Firefox **Additional context** The issue initially started on Saturday morning (July 26, 2025) with automatic certificate renewals failing. Manual attempts to renew or create new certificates via the web interface also failed. The recurring error was: `[Nginx UI] Preparing lego configurations [Nginx UI] ACME User: System Initial User, Email: rossiggws@gmail.com, CA Dir: https://acme-v02.api.letsencrypt.org/directory [Nginx UI] Creating client facilitates communication with the CA server [Nginx UI] Setting HTTP01 challenge provider 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Trying renewal with 1980 hours remaining 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Obtaining bundled SAN certificate 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Could not find solver for: tls-alpn-01 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: use http-01 solver 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Trying to solve HTTP-01 2025/07/26 20:20:32 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 renew cert error: error: one or more domains had a problem: [grafana.rossigg.duckdns.org] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 77.83.113.151: Invalid response from http://grafana.rossigg.duckdns.org/.well-known/acme-challenge/inRbjGUGGpPmhIYhKUhq6xah_9kIfdO3mtmVcYN_2WWk: 404` Despite verifying public IP and DuckDNS resolution for the domains (e.g., grafana.rossigg.duckdns.org), the 404 error persisted. After reinstalling the entire VM to attempt a fresh start, the "Create Certificate" button is now disabled, preventing any certificate management. This suggests a deeper configuration or Nginx UI state issue after reinstallation, or a dependency problem.

kerem

2026-02-28 11:57:48 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-28 11:57:48 +03:00

Author

Owner

@0xJacky commented on GitHub (Jul 28, 2025):

Please provide the content of the current site's configuration file.

@0xJacky commented on GitHub (Jul 28, 2025): Please provide the content of the current site's configuration file.

kerem commented

2026-02-28 11:57:48 +03:00

Author

Owner

@Rossigg commented on GitHub (Jul 28, 2025):

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name homeassistant.rossigg.duckdns.org;
location / {
proxy_pass http://homeassistant.home.lan/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 90;
}
location ~ /.well-known/acme-challenge {
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_pass http://127.0.0.1:9180;
}
}

@Rossigg commented on GitHub (Jul 28, 2025): server { listen 443 ssl; listen [::]:443 ssl; server_name homeassistant.rossigg.duckdns.org; location / { proxy_pass http://homeassistant.home.lan/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 90; } location ~ /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } }

kerem commented

2026-02-28 11:57:48 +03:00

Author

Owner

@0xJacky commented on GitHub (Jul 29, 2025):

It seems that http://grafana.rossigg.duckdns.org is not match the server_name of your config (homeassistant.rossigg.duckdns.org)

@0xJacky commented on GitHub (Jul 29, 2025): It seems that `http://grafana.rossigg.duckdns.org` is not match the server_name of your config (`homeassistant.rossigg.duckdns.org`)