Does not renew certificate and does not appear proxy when clicking

[talesam]

Version 2.9.6

1- After logging in, if I click on the 13 Proxy Hosts link, nothing happens. 2 - When I try to renew any certificate, I get an error. 3 - Ports 80 and 443 are open on my firewall 4 - When I run some function, delete an SSL, disable a proxy, it doesn't update, I have to press F5 to see the change. 5 - It's very buggy, after I delete an SSL, it doesn't update, if I update (F5), add everything and when I click on the SSL Certificates link, nothing opens, I have to log off and log in again to appear.

This version is well buggy.

Which versions are available? how do i use a previous version?

Logs

``` Attaching to nginxproxymanager_app_1, nginxproxymanager_db_1 db_1 | [i] pre-init.d - processing /scripts/pre-init.d/01_secret-init.sh db_1 | [i] mysqld not found, creating.... db_1 | [i] MySQL directory already present, skipping creation db_1 | 2021-07-28 16:06:22 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 1 ... db_1 | 2021-07-28 16:06:22 0 [Note] Plugin 'InnoDB' is disabled. db_1 | 2021-07-28 16:06:22 0 [Note] Plugin 'FEEDBACK' is disabled. db_1 | 2021-07-28 16:06:22 0 [Note] Server socket created on IP: '::'. db_1 | 2021-07-28 16:06:22 0 [Warning] 'user' entry '@5e0f82917f27' ignored in --skip-name-resolve mode. db_1 | 2021-07-28 16:06:22 0 [Warning] 'proxies_priv' entry '@% root@5e0f82917f27' ignored in --skip-name-resolve mode. db_1 | 2021-07-28 16:06:22 0 [Note] Reading of all Master_info entries succeeded db_1 | 2021-07-28 16:06:22 0 [Note] Added new Master_info '' to hash table db_1 | 2021-07-28 16:06:22 0 [Note] /usr/bin/mysqld: ready for connections. db_1 | Version: '10.4.15-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 MariaDB Server app_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0. app_1 | [s6-init] ensuring user provided files have correct perms...exited 0. app_1 | [fix-attrs.d] applying ownership & permissions fixes... app_1 | [fix-attrs.d] done. app_1 | [cont-init.d] executing container initialization scripts... app_1 | [cont-init.d] 01_perms.sh: executing... app_1 | Changing ownership of /data/logs to 0:0 app_1 | [cont-init.d] 01_perms.sh: exited 0. app_1 | [cont-init.d] 01_s6-secret-init.sh: executing... app_1 | [cont-init.d] 01_s6-secret-init.sh: exited 0. app_1 | [cont-init.d] done. app_1 | [services.d] starting services app_1 | [services.d] done. app_1 | ❯ Enabling IPV6 in hosts: /etc/nginx/conf.d app_1 | ❯ /etc/nginx/conf.d/include/block-exploits.conf app_1 | ❯ /etc/nginx/conf.d/include/ip_ranges.conf app_1 | ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf app_1 | ❯ /etc/nginx/conf.d/include/force-ssl.conf app_1 | ❯ /etc/nginx/conf.d/include/assets.conf app_1 | ❯ /etc/nginx/conf.d/include/proxy.conf app_1 | ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf app_1 | ❯ /etc/nginx/conf.d/include/resolvers.conf app_1 | ❯ /etc/nginx/conf.d/default.conf app_1 | ❯ /etc/nginx/conf.d/production.conf app_1 | ❯ Enabling IPV6 in hosts: /data/nginx app_1 | ❯ /data/nginx/proxy_host/14.conf app_1 | ❯ /data/nginx/proxy_host/27.conf app_1 | ❯ /data/nginx/proxy_host/26.conf app_1 | ❯ /data/nginx/proxy_host/19.conf app_1 | ❯ /data/nginx/proxy_host/17.conf app_1 | ❯ /data/nginx/proxy_host/25.conf app_1 | ❯ /data/nginx/proxy_host/15.conf app_1 | ❯ /data/nginx/proxy_host/20.conf app_1 | [7/28/2021] [4:06:23 PM] [Global ] › ℹ info Generating MySQL db configuration from environment variables app_1 | [7/28/2021] [4:06:23 PM] [Global ] › ℹ info Wrote db configuration to config file: ./config/production.json app_1 | [7/28/2021] [4:06:23 PM] [Migrate ] › ℹ info Current database version: 20210210154703 app_1 | [7/28/2021] [4:06:24 PM] [Setup ] › ℹ info Creating a new JWT key pair... app_1 | [7/28/2021] [4:06:26 PM] [Setup ] › ℹ info Wrote JWT key pair to config file: /app/config/production.json app_1 | [7/28/2021] [4:06:26 PM] [Setup ] › ℹ info Logrotate Timer initialized app_1 | [7/28/2021] [4:06:26 PM] [Setup ] › ℹ info Logrotate completed. app_1 | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... app_1 | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json app_1 | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 app_1 | [7/28/2021] [4:06:26 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 app_1 | [7/28/2021] [4:06:27 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized app_1 | [7/28/2021] [4:06:27 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... app_1 | [7/28/2021] [4:06:27 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized app_1 | [7/28/2021] [4:06:27 PM] [Global ] › ℹ info Backend PID 229 listening on port 3000 ... app_1 | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0 app_1 | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0 app_1 | QueryBuilder#omit is deprecated. This method will be removed in version 3.0 app_1 | [7/28/2021] [4:06:50 PM] [Express ] › ⚠ warning invalid signature app_1 | [7/28/2021] [4:07:03 PM] [Express ] › ⚠ warning invalid signature app_1 | Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0 app_1 | [7/28/2021] [4:07:46 PM] [Nginx ] › ℹ info Reloading Nginx app_1 | [7/28/2021] [4:08:05 PM] [Nginx ] › ℹ info Reloading Nginx app_1 | [7/28/2021] [4:09:25 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation app_1 | Failed to renew certificate npm-11 with error: Some challenges have failed. app_1 | Failed to renew certificate npm-18 with error: Some challenges have failed. app_1 | Failed to renew certificate npm-37 with error: Some challenges have failed. app_1 | Failed to renew certificate npm-38 with error: Some challenges have failed. app_1 | All renewals failed. The following certificates could not be renewed: app_1 | /etc/letsencrypt/live/npm-11/fullchain.pem (failure) app_1 | /etc/letsencrypt/live/npm-18/fullchain.pem (failure) app_1 | /etc/letsencrypt/live/npm-37/fullchain.pem (failure) app_1 | /etc/letsencrypt/live/npm-38/fullchain.pem (failure) app_1 | 4 renew failure(s), 0 parse failure(s) app_1 | app_1 | at ChildProcess.exithandler (node:child_process:326:12) app_1 | at ChildProcess.emit (node:events:369:20) app_1 | at maybeClose (node:internal/child_process:1067:16) app_1 | at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) app_1 | [7/28/2021] [4:10:49 PM] [Nginx ] › ℹ info Reloading Nginx app_1 | [7/28/2021] [4:10:49 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #45: domain-redacted.com app_1 | [7/28/2021] [4:10:49 PM] [SSL ] › ℹ info Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-45" --agree-tos --email "email-redacted@email.com" --preferred-challenges "dns,http" --domains "domain-redacted.com" app_1 | [7/28/2021] [4:10:53 PM] [SSL ] › ✔ success Requesting a certificate for domain-redacted.com app_1 | app_1 | Successfully received certificate. app_1 | Certificate is saved at: /etc/letsencrypt/live/npm-45/fullchain.pem app_1 | Key is saved at: /etc/letsencrypt/live/npm-45/privkey.pem app_1 | This certificate expires on 2021-10-26. app_1 | These files will be updated when the certificate renews. app_1 | app_1 | NEXT STEPS: app_1 | - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. app_1 | app_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - app_1 | If you like Certbot, please consider supporting our work by: app_1 | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate app_1 | * Donating to EFF: https://eff.org/donate-le app_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - app_1 | [7/28/2021] [4:10:53 PM] [Nginx ] › ℹ info Reloading Nginx app_1 | [7/28/2021] [4:10:53 PM] [Nginx ] › ℹ info Reloading Nginx app_1 | [7/28/2021] [4:11:02 PM] [Nginx ] › ℹ info Reloading Nginx ```

[chaptergy]

Please try what is in section NPM admin page is staying blank or behaving weirdly in issue https://github.com/jc21/nginx-proxy-manager/issues/1271 and see if anything changes. It would also be useful to see if any error show up in the logs of npm. How to get them is also described in the previously mentioned issue.

If you would just like to go back to an older verison of NPM this is possible by utilizing the docker image tags. Just change jc21/nginx-proxy-manager:latest to jc21/nginx-proxy-manager:2.9.5 or any other previous version you would like to use. The availabe releases are listed on GitHub and on DockerHub, though the latter also contains lots of versions for a specific pull request, which should not be used for production.

Edit: I have transferred your logs from the other issue to here. Could you tell me if you use the DNS challenge for any of your certificates? Or are they all just http challenge?

[talesam]

I noticed something. If I use IP:81 NPM works fine, but I can't renew the certificate, but if I was using it as I was using it, an npm.mydomin domain doesn't work correctly.

I didn't quite understand what you meant by that... "Edit: I have transferred your logs from the other issue to here. Could you tell me if you use the DNS challenge for any of your certificates? Or are they all just http challenge?"

app_1  | [7/28/2021] [5:50:55 PM] [Global   ] › ℹ  info      Generating MySQL db configuration from environment variables
app_1  | [7/28/2021] [5:50:55 PM] [Global   ] › ℹ  info      Wrote db configuration to config file: ./config/production.json
app_1  | [7/28/2021] [5:50:56 PM] [Migrate  ] › ℹ  info      Current database version: 20210210154703
app_1  | [7/28/2021] [5:50:56 PM] [Setup    ] › ℹ  info      Creating a new JWT key pair...
app_1  | [7/28/2021] [5:51:02 PM] [Setup    ] › ℹ  info      Wrote JWT key pair to config file: /app/config/production.json
app_1  | [7/28/2021] [5:51:02 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
app_1  | [7/28/2021] [5:51:02 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
app_1  | [7/28/2021] [5:51:02 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
app_1  | [7/28/2021] [5:51:02 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
app_1  | [7/28/2021] [5:51:02 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
app_1  | [7/28/2021] [5:51:02 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
app_1  | [7/28/2021] [5:51:02 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
app_1  | [7/28/2021] [5:51:02 PM] [Global   ] › ℹ  info      Backend PID 224 listening on port 3000 ...
app_1  | [7/28/2021] [5:51:03 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | [7/28/2021] [5:51:08 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | [7/28/2021] [5:51:10 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | [7/28/2021] [5:51:40 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
app_1  | `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
app_1  | QueryBuilder#omit is deprecated. This method will be removed in version 3.0
app_1  | [7/28/2021] [5:52:11 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #18: mautic.t4l35.site
app_1  | [7/28/2021] [5:52:11 PM] [Express  ] › ⚠  warning   Command failed: /opt/certbot/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-18" --preferred-challenges "dns,http" --disable-hook-validation 
app_1  | Another instance of Certbot is already running.
app_1  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpmsoqf9ob/log or re-run Certbot with -v for more details.
app_1  | 
app_1  | [7/28/2021] [5:53:39 PM] [SSL      ] › ✖  error     Error: Command failed: /opt/certbot/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
app_1  | Failed to renew certificate npm-11 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-18 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-37 with error: Some challenges have failed.
app_1  | Failed to renew certificate npm-38 with error: Some challenges have failed.
app_1  | All renewals failed. The following certificates could not be renewed:
app_1  |   /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-18/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-37/fullchain.pem (failure)
app_1  |   /etc/letsencrypt/live/npm-38/fullchain.pem (failure)
app_1  | 4 renew failure(s), 0 parse failure(s)
app_1  | 
app_1  |     at ChildProcess.exithandler (node:child_process:326:12)
app_1  |     at ChildProcess.emit (node:events:369:20)
app_1  |     at maybeClose (node:internal/child_process:1067:16)
app_1  |     at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
app_1  | [7/28/2021] [5:54:34 PM] [Express  ] › ⚠  warning   invalid signature
app_1  | [7/28/2021] [6:05:17 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #38: smith.t4l35.pp.ua
app_1  | [7/28/2021] [6:10:35 PM] [Express  ] › ⚠  warning   Command failed: /opt/certbot/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-38" --preferred-challenges "dns,http" --disable-hook-validation 
app_1  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
app_1  | Failed to renew certificate npm-38 with error: Some challenges have failed.
app_1  | All renewals failed. The following certificates could not be renewed:
app_1  |   /etc/letsencrypt/live/npm-38/fullchain.pem (failure)
app_1  | 1 renew failure(s), 0 parse failure(s)
app_1  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
app_1  | 
db_1   | [i] pre-init.d - processing /scripts/pre-init.d/01_secret-init.sh
db_1   | [i] mysqld not found, creating....
db_1   | [i] MySQL directory already present, skipping creation
db_1   | 2021-07-28 17:50:55 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 1 ...
db_1   | 2021-07-28 17:50:55 0 [Note] Plugin 'InnoDB' is disabled.
db_1   | 2021-07-28 17:50:55 0 [Note] Plugin 'FEEDBACK' is disabled.
db_1   | 2021-07-28 17:50:55 0 [Note] Server socket created on IP: '::'.
db_1   | 2021-07-28 17:50:55 0 [Warning] 'user' entry '@5e0f82917f27' ignored in --skip-name-resolve mode.
db_1   | 2021-07-28 17:50:55 0 [Warning] 'proxies_priv' entry '@% root@5e0f82917f27' ignored in --skip-name-resolve mode.
db_1   | 2021-07-28 17:50:55 0 [Note] Reading of all Master_info entries succeeded
db_1   | 2021-07-28 17:50:55 0 [Note] Added new Master_info '' to hash table
db_1   | 2021-07-28 17:50:55 0 [Note] /usr/bin/mysqld: ready for connections.
db_1   | Version: '10.4.15-MariaDB'  socket: '/run/mysqld/mysqld.sock'  port: 3306  MariaDB Server

I ordered it renewed and it won't. Get stuck on this screen. I can press closed and it doesn't close, freezes the screen.

[chaptergy]

When creating an SSL certificate there is a toggle enabling the dns challenge. Was this enabled for the certificate you have or not?

[talesam]

I never used this option.

[chaptergy]

Hm, the letsencrypt logs would be useful. Please execute docker exec <container-name> cat /var/log/letsencrypt/letsencrypt.log and post your results.

[talesam]

2021-07-28 18:21:49,027:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-07-28 18:21:49,028:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-07-28 18:21:49,028:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-38', '--preferred-challenges', 'dns,http', '--disable-hook-validation']
2021-07-28 18:21:49,028:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-28 18:21:49,042:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-28 18:21:49,044:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-38.conf
2021-07-28 18:21:49,062:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7fc5aae255c0>
2021-07-28 18:21:49,062:DEBUG:certbot._internal.cli:Var pref_challs=dns,http (set by user).
2021-07-28 18:21:49,062:DEBUG:certbot._internal.cli:Var authenticator=webroot (set by user).
2021-07-28 18:21:49,062:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2021-07-28 18:21:49,062:DEBUG:certbot._internal.cli:Var webroot_map={'webroot_path'} (set by user).
2021-07-28 18:21:49,062:DEBUG:certbot._internal.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2021-07-28 18:21:49,160:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-07-28 18:21:49,189:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-07-28 18:21:49,190:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-38/cert1.pem is signed by the certificate's issuer.
2021-07-28 18:21:49,193:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-38/cert1.pem is: OCSPCertStatus.GOOD
2021-07-28 18:21:49,196:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-08-02 00:37:50 UTC.
2021-07-28 18:21:49,196:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-07-28 18:21:49,196:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 72.01332313559588 seconds

[apainter2]

Renewing wildcard certificate also fail here, issued via the Cloudflare API DNS Challenge fails with a mixture of errors:

Internal Error or timeout.

The docker logs are:

[7/29/2021] [10:31:15 AM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates via Cloudflare for Cert #5: *.sanjiyan.co.uk, sanjiyan.co.uk
[7/29/2021] [10:31:15 AM] [SSL      ] › ℹ  info      Command: certbot renew --non-interactive --cert-name "npm-5" --disable-hook-validation

The letsencrypt logs are:

[root@docker-db38fb7fc84e:/app]# cat /var/log/letsencrypt/letsencrypt.log
2021-07-29 10:31:16,335:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-29 10:31:16,335:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-07-29 10:31:16,335:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--cert-name', 'npm-5', '--disable-hook-validation']
2021-07-29 10:31:16,335:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-29 10:31:16,347:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-29 10:31:16,347:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-5.conf
2021-07-29 10:31:16,362:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f4f55d37748> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f4f55d37748>
2021-07-29 10:31:16,379:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-07-29 10:31:16,396:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-07-29 10:31:16,398:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/npm-5/cert1.pem is signed by the certificate's issuer.
2021-07-29 10:31:16,400:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/npm-5/cert1.pem is: OCSPCertStatus.GOOD
2021-07-29 10:31:16,402:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-08-13 19:55:46 UTC.
2021-07-29 10:31:16,402:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-07-29 10:31:16,403:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 432.36879853767095 seconds

I have also tried using a normal LE certificate, but when issuring it errors out with the same types of errors, but now includes DNS Challenge errors (error logs below)

[7/29/2021] [10:29:26 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/29/2021] [10:29:26 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #7: npm.sanjiyan.com
[7/29/2021] [10:29:26 AM] [SSL      ] › ℹ  info      Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --email "xxx@yyy.com" --preferred-challenges "dns,http" --domains "npm.sanjiyan.com" 
[7/29/2021] [10:29:29 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/29/2021] [10:29:29 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --email "xxx@yyy.com" --preferred-challenges "dns,http" --domains "npm.sanjiyan.com" 

Saving debug log to /var/log/letsencrypt/letsencrypt.log

I also have to log into the container and kill the certbot process after each attempt to renew, as it never terminates itself.

I am running NPM version 2.9.6

Never had these problems previously, only with 2.9.x

[chaptergy]

Hm, both of your logs seem to not really show anything unusual, so I'm really not sure what the problem could be. Are there more logs which actually show some error? Maybe the file /var/log/letsencrypt/letsencrypt.log.1 or higher numbers?

[JakeAi]

I went to add a new proxy to my NPM earlier today and found that both of my NPM instances haven't renewed certs in over a month.

[chaptergy]

Certbot only renews the certificate if it expires within 30 days. LetsEncrypt certificates are valid for 90 days, so a certificate should only be renewed every two months. So a certificate having been renewed over a month ago is totally normal. Additionally the email you entered when issuing the certificate will receive an email if your certificate expires in 2 weeks (I think) and hasn't been renewed yet.

There is also a bug where the displayed renewal date is not updated in the admin panel when one of the certificate renewals failed, while all other certificates are actually renewed correctly. But as v3 is currently the priority and it switches to acme.sh, this will most likely not be fixed in v2.

[bbrendon]

For me when I click on "renew" on a certificate, it says "Please wait..." and after a few minutes the GUI says "timeout" .

The app log says

app_1  | [8/22/2021] [9:09:37 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #9: x.x.net
app_1  | [8/22/2021] [9:09:37 PM] [SSL      ] › ℹ  info      Command: certbot renew --force-renewal --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-9" --preferred-challenges "dns,http" --disable-hook-validation

Also, the GUI was broken except for being able to log in but I fixed that by clearing the browser cache.

[centralhardware]

any updates? from the docker image would expect the main functionality to work

[chaptergy]

No, no updates since there is not enough information on what the problem could be.

[bbrendon]

The problem magically vanished from my installation. It seems the error provided is too vague to effectively troubleshoot.

[centralhardware]

As it turned out, my problems were related to the closed 80 port, but I noticed that the certificate update process does not exit after the update failed, I think this is due to the fact that the users above received an error cert bot instance already running.

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: