Internal Error on Nginx and LetsEncrypt Error

My domain is:

I ran this command: I tried to create SSL for my DDNS domain but got an internal error

It produced this output: NGINX "Internal Error"

My web server is (include version): raspberry pi4

The operating system my web server runs on is (include version): raspbian

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello, I have a problem with the SSL-Certificate in NGINX. I doesn't work. I get the error "Internal Error". What can I do now? Need help.

I can reach the app on the raspberry pi from the internal IP an i can reach it the app from extern over the dns, but only http://.

Here the logs from letsencrypt:

GNU nano 5.4 /var/log/letsencrypt/letsencrypt.log *

#2023-01-04 08:44:00,071:DEBUG:certbot._internal.main:certbot version: 1.12.0

2023-01-04 08:44:00,072:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot

2023-01-04 08:44:00,072:DEBUG:certbot._internal.main:Arguments:

2023-01-04 08:44:00,072:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoi>

2023-01-04 08:44:00,093:DEBUG:certbot._internal.log:Root logging level set at 20

2023-01-04 08:44:00,094:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log

2023-01-04 08:44:00,096:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None

2023-01-04 08:44:00,096:DEBUG:certbot._internal.plugins.selection:No candidate plugin

2023-01-04 08:44:00,097:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None

2023-01-04 08:44:41,700:DEBUG:certbot._internal.main:certbot version: 1.12.0

2023-01-04 08:44:41,701:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot

2023-01-04 08:44:41,701:DEBUG:certbot._internal.main:Arguments:

2023-01-04 08:44:41,701:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoi>

2023-01-04 08:44:41,722:DEBUG:certbot._internal.log:Root logging level set at 20

2023-01-04 08:44:41,723:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log

2023-01-04 08:44:41,724:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None

2023-01-04 08:44:41,725:DEBUG:certbot._internal.plugins.selection:Multiple candidate plugins: * standalone

Description: Spin up a temporary webserver

Interfaces: IAuthenticator, IPlugin

Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0xb3349ef8>

Prep: True

  • webroot

Description: Place files in webroot directory

Interfaces: IAuthenticator, IPlugin

Entry point: webroot = certbot._internal.plugins.webroot:Authenticator

Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xb3349d48>

Prep: True

2023-01-04 08:44:58,131:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None

Log from Portainer:

Portainer Log:

[1/4/2023] [10:53:52 AM] [Nginx ] › ( info Reloading Nginx
[1/4/2023] [10:53:57 AM] [SSL ] › ! info Requesting Let'sEncrypt certificates for Cert #35:
[1/4/2023] [10:53:57 AM] [SSL ] › ! info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-35" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains ""
[1/4/2023] [10:54:11 AM] [Nginx ] › ( info Reloading Nginx
[1/4/2023] [10:54:11 AM] [Express ] › ( warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-35" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains ""
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error from NGINX:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-40" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains ""
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Welcome to the community @juergi882

I can't reach your domain using HTTP from the public internet. Port 80 looks likely to be blocked by a firewall (or wrong/missing port forwarding). A good test site when you are starting is Let's Debug (link here).

I think the other errors in the log are related to this. Having a working HTTP site accessible from the public internet is a necessary first step.


Sorry, I disabled the port forewarding. Now its activate. Please check again. You have to reach the domain.

No, I cannot reach it. Please try the Let's Debug site I previously described. It cannot see it either.

Could you have a firewall blocking many IP addresses or from certain geographic regions?


Sorry. Wrong port. Now it works.

Please use the Let's Debug test site. Once you get a successful test let us know


Note that this is NOT an error from nginx itself, but from the software "Nginx Proxy Manager", a terrible piece of software if you ask me.


The problem I am not an IT-Expert... I will only find a solution to this problem. Other oppertunites without NGINX PM?

Personally, I prefer to run everything "separate", so just use nginx as a separate piece of software on the server, Certbot as a separate piece of software on the server et cetera. Note that running nginx separately does require manual configuration (I assume NPM takes care of that) and that's beyond the scope of this Community.

That said, it might be possible to figure out what's wrong with your current setup with NPM as Mike's already suggesting. But note that we, as volunteers, need much more information from log files than "it doesn't work", "internal error" or the truncated log file you've currently posted: there should be a lot more in that log file.


Supplemental information:
Using this online tool TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid with the input being and selecting Scan all common ports show all Ports as Filtered.
Including Port 80 Best Practice - Keep Port 80 Open
nmap gives the same results from my IPv4 location

$ nmap -Pn
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( ) at 2023-01-07 09:24 PST
Nmap scan report for (
Host is up.
All 1000 scanned ports on ( are filtered

Nmap done: 1 IP address (1 host up) scanned in 203.76 seconds

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.