Open OnlyTL opened 11 months ago
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
@OnlyTL please try using the PR I created at https://github.com/NginxProxyManager/nginx-proxy-manager/pull/3121 and see if that does the trick - has been working for me for a few months now.
Issue is now considered stale. If you want to keep it open, please comment :+1:
I'm frequently seeing this error. I can work around this by requesting new certificates for the domains,, but not renew existing ones.
nginx_proxy | [9/1/2024] [10:54:42 AM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #22: redacted.com
nginx_proxy | [9/1/2024] [10:54:42 AM] [SSL ] › ℹ info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tm
p/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-22" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-val
idation
nginx_proxy | [9/1/2024] [10:54:42 AM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --work-dir "/tmp/le
tsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-22" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validat
ion
nginx_proxy | [9/1/2024] [10:55:11 AM] [Express ] › ⚠ warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
nginx_proxy | Failed to renew certificate npm-22 with error: Some challenges have failed.
nginx_proxy | All renewals failed. The following certificates could not be renewed:
nginx_proxy | /etc/letsencrypt/live/npm-22/fullchain.pem (failure)
nginx_proxy | 1 renew failure(s), 0 parse failure(s)
It looks as if the renewal is failing a dns challenge, even though none of my domains were configured to use dns challenges.
2024-08-18 15:47:01,124:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/391914281086 HTTP/1.1" 200 799
2024-08-18 15:47:01,126:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Aug 2024 15:47:01 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1620809487
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: lpv3ejQgYHyvdn2G3APMYmqUH-90rRu1xqkgR_HYvIhiHuSNJ_Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "redacted.com"
},
"status": "pending",
"expires": "2024-08-25T15:46:53Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/391914281086/pYGgMg",
"status": "pending",
"token": "s1CjSqAPS2okfoiLwa2ktX8zKnqQkj4HtoKZMo9BE6A"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/391914281086/_HPhyQ",
"status": "pending",
"token": "s1CjSqAPS2okfoiLwa2ktX8zKnqQkj4HtoKZMo9BE6A"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/391914281086/9xpjsA",
"status": "pending",
"token": "s1CjSqAPS2okfoiLwa2ktX8zKnqQkj4HtoKZMo9BE6A"
}
]
}
Checklist
jc21/nginx-proxy-manager:latest
docker image?Describe the bug
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log nginx-proxy-manage-app-1 | Some challenges have failed.
Nginx Proxy Manager Version
2.10.4