Certbot zope error in NGINX Proxy manager on Proxmox LXC

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.tprk.casa

I ran this command: Any certbot command is interrupted by the error pasted below. But for sake of demonstration let's try this one:

sudo certbot certonly --manual   -d *.tprk.casa   -d tprk.casa \ 
--email <email@domain.com>   --agree-tos \ 
--preferred-challenges dns-01 \ 
--server https://acme-v02.api.letsencrypt.org/directory

It produced this output:

An unexpected error occurred:
pkg_resources.DistributionNotFound: The 'zope.interface' distribution was not found and is required by the application
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-fsk_yloe/log or re-run Certbot with -v for more details.
-bash: --email: command not found
-bash: --preferred-challenges: command not found
-bash: --server: command not found

My web server is (include version): NGINX Proxy Manager installed as an LXC in Proxmox with the /app/scripts/install-certbot-plugins script run after setup

The operating system my web server runs on is (include version): Debian 13 (?)

My hosting provider, if applicable, is: (self-hosted on my home network)

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Proxmox and the Web UI for NGINX Proxy Manager installed as an LXC in Proxmox with the /app/scripts/install-certbot-plugins script run after setup

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

root@nginxproxymanager:~# certbot --version
An unexpected error occurred:
pkg_resources.DistributionNotFound: The 'zope.interface' distribution was not found and is required by the application
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-apck748c/log or re-run Certbot with -v for more details.

Here is the error message received in the NGINX Proxy Manager Web UI:

CommandError: An unexpected error occurred:
pkg_resources.DistributionNotFound: The 'zope.interface' distribution was not found and is required by the application
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-pzclkv2o/log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:410:5)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Here is the contents of /tmp/certbot-log-pzclkv2o/log on the Proxmox LXC:

2025-11-04 11:27:14,690:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1707, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 192, in find_all
    cls._load_entry_point(entry_point, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 199, in _load_entry_point
    plugin_ep = PluginEntryPoint(entry_point)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 40, in __init__
    self.plugin_cls: Type[interfaces.Plugin] = entry_point.load()
                                               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2467, in load
    self.require(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2490, in require
    items = working_set.resolve(reqs, env, installer, extras=self.extras)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 815, in resolve
    dist = self._resolve_dist(
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 856, in _resolve_dist
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'zope.interface' distribution was not found and is required by the application
2025-11-04 11:27:14,690:ERROR:certbot._internal.log:An unexpected error occurred:
2025-11-04 11:27:14,690:ERROR:certbot._internal.log:pkg_resources.DistributionNotFound: The 'zope.interface' distribution was not found and is required by the application
2

Apparently I cannot edit my post, so here's a follow-up to say what I'm trying to accomplish:

I am trying to generate a wildcard cert for a domain I own (tprk.casa, which will probablynever have a public-facing web server and was only purchased for the explicit purpose of establishing an SSL certificate for internal network resources). All of my internal network resources are run via Proxmox LXCs or VMs, including HomeAssistant, PiHole, Plex, NGINX Proxy Manager, and a fileserver.

I would just go the self-signed route but then I have to install the cert on any device which might access one of these resources, and since that would include my kids phones, my wife's phone, my phone, and several other devices...just no. Leveraging Let'sEncrypt is supposed to be easier than that. Unfortunately so far using Certbot via NGINX Proxy Manager just...hasn't worked.

3

In general, Nginx Proxy Manager problems are tough to debug, with the real problems buried in log files and hard to find and understand. The usual advice around here is to use something else instead. If you're looking for something that can take requests, reverse-proxy them to where you want them, and automatically handles certificates, then you may want to investigate using Caddy instead, though I have no idea how easy it is to integrate into the rest of your ecosystem there.

2 Likes
4

Too bad. I would love a friendly web interface, so I can make changes from my phone or whatever device I happen to have on-hand. But a console-based solution is better than a broken web-based solution, so I will try Caddy.

Thanks for the suggestion!

5

That looks like a Certbot install package problem. How did you install it? My understanding is that Certbot has not used zope for years. See: The 'zope.interface' distribution was not found and is required by the application · Issue #10240 · certbot/certbot · GitHub

I am not familiar with Proxmox but if Certbot install is a problem there are many other ACME Clients to use. However, I think NPM may only interact with Certbot. Perhaps it supports other ACME Clients you'd have to ask NPM people.

3 Likes
6

Doesn't NPM come with its "own" Certbot? In like some kind of Docker container or something? :man_shrugging: I don't know NPM, so just guessing here..

3 Likes
7

I don't know one way or the other. Probably does but we've never seen that zope error with NPM so maybe Proxmox has an effect. Or, perhaps OP installed Certbot independently.

NPM certainly overrides a large number of Certbot default configuration options to suit its, um, peculiarities. But that shouldn't result in the zope error. It just means NPM needs to interact closely with Certbot.

I read somewhere that NPM can use acme.sh instead of Certbot. I am not sure that's an improvement though, even if true :slight_smile:

4 Likes
8

This might or might not be useful

1 Like
9

I wish I had installed certbot myself; if I had, then I would likely be able to figure out why it wasn't working or revert to an older known-working version. This is the version inside the LXC container for NGINX Proxy Manager, installed without modification by running this script in my Proxmox host shell: Proxmox VE Helper-Scripts

The script comes from https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/nginxproxymanager.sh

and here's the only place in the setup script where it seems to explicitly mention certbot:

/opt/certbot/bin/pip install --upgrade pip setuptools wheel
/opt/certbot/bin/pip install --upgrade certbot certbot-dns-cloudflare

FYI I managed to get a fully-functional setup going with Caddy, as suggested by @petercooperjr. It took a lot of googling and docs-reading, but I got it working for me. Caddy seems like overkill to just run NGINX and grab certs, but so is an entire web frontend like NGINX Proxy Manager...so whatever. Plus I can use Caddy for other things like hosting custom web apps, which I have no plans to do yet, but who knows?

Thanks y'all!

3 Likes
10

I mean, if you don't want a front-end managing things at all, you can just configure nginx directly, without Proxy Manager, Certbot, or Caddy. It has native support for requesting certificates via ACME servers like Let's Encrypt's.

4 Likes
11

Unfortunately running raw NGINX as standalone is not an option, because I need ACME certificate verification via DNS rather than HTTP, as every single server I am pointing to with subdomains via my registered wildcard certificate is internal-only on my home network and I have no plans to ever expose any of them to the public internet.

To get Caddy working for my use case I had to run xcaddy --with "github.com/caddy-dns/namecheap" v2.9.1 (taken from this issue comment on the caddy-dns/namecheap repo), and it all worked for like two days, but it started malfunctioning yesterday, and it turns out that somehow the service didn't get updated and was failing to start. As a result none of my reverse proxies could be reached. I am currently stuck with Caddy failing to start as a service. I even tried spinning up an entirely new LXC on my Proxmox instance and reinstalling Caddy from scratch, and it worked fine until I had to build it with the namecheap dns extension, at which point it started failing to run as a service again (with no useful log output, and more frustratingly, it runs perfectly fine when executed directly from the CLI as caddy run).

2 Likes
12

Hi @AdrianTP,

There is a community forum for Caddy, that could be helpful too.

3 Likes
13

Thanks, I'll check over there. Much appreciated for y'all's help so far!

4 Likes