Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
gwinners.de
I ran this command:
I used the promox community scripts NGINX LXC. Here I used the NGINX admin interface to optain a certicate
It produced this output:
My web server is (include version):
NGINX v2.12.6
The operating system my web server runs on is (include version):
debian 13
My hosting provider, if applicable, is:
IONOS
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
nginx admin interface
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot version: 4.0.0
untin an update to the newested NGINX Version and a new needed IONOS API plugin it was working fine. Now I always get this error
2025-10-03 12:17:54,752:DEBUG:certbot._internal.main:certbot version: 4.0.0
2025-10-03 12:17:54,753:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-10-03 12:17:54,753:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-19', '--disable-hook-valid
2025-10-03 12:17:54,754:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-ionos,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalo
2025-10-03 12:17:54,774:DEBUG:certbot._internal.log:Root logging level set at 30
2025-10-03 12:17:54,777:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-19.conf
2025-10-03 12:17:54,779:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user).
2025-10-03 12:17:54,780:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user).
2025-10-03 12:17:54,780:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-10-03 12:17:54,780:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user).
2025-10-03 12:17:54,780:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user).
2025-10-03 12:17:54,780:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user).
2025-10-03 12:17:54,804:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-10-03 12:17:54,804:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-ionos and installer None
2025-10-03 12:17:54,804:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-ionos
Description: NotImplemented
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-ionos', value='certbot_dns_ionos.ionos:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_ionos.ionos.Authenticator object at 0x7d318791a3c0>
Prep: True
2025-10-03 12:17:54,805:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_ionos.ionos.Authenticator object at 0x7d318791a3c0> and installer None
2025-10-03 12:17:54,805:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-ionos, Installer None
2025-10-03 12:17:54,924:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_
2025-10-03 12:17:54,925:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-10-03 12:17:54,929:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-10-03 12:17:55,422:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1065
2025-10-03 12:17:55,422:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Oct 2025 10:17:55 GMT
Content-Type: application/json
Content-Length: 1065
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"stQuCA-b0VQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2025-10-03 12:17:55,423:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for *.gwinners.de
2025-10-03 12:17:55,428:DEBUG:acme.client:Requesting fresh nonce
2025-10-03 12:17:55,429:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-10-03 12:17:55,585:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-10-03 12:17:55,585:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Oct 2025 10:17:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ###MYSECRET###
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-10-03 12:17:55,586:DEBUG:acme.client:Storing nonce: ###MYSECRET###
2025-10-03 12:17:55,586:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "*.gwinners.de"\n }\n ]\n}'
2025-10-03 12:17:55,592:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "###MYKEY###
"signature": "###MYSIGNATURE###
"payload": "###MYPAYLOAD"
}
2025-10-03 12:17:55,768:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347
2025-10-03 12:17:55,769:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 03 Oct 2025 10:17:55 GMT
Content-Type: application/json
Content-Length: 347
Connection: keep-alive
Boulder-Requester: 1358711596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1358711596/434150316841
Replay-Nonce: ###MYSECRET###
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-10-09T21:20:08Z",
"identifiers": [
{
"type": "dns",
"value": "*.gwinners.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/1358711596/592172782701"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1358711596/434150316841"
}
2025-10-03 12:17:55,769:DEBUG:acme.client:Storing nonce: ###MYSECRET###
2025-10-03 12:17:55,769:DEBUG:acme.client:JWS payload:
b''
2025-10-03 12:17:55,772:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1358711596/592172782701:
{
"protected": "###MYKEY###
"signature": "###MYSIGNATURE###
"payload": ""
}
2025-10-03 12:17:55,929:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1358711596/592172782701 HTTP/1.1" 200 393
2025-10-03 12:17:55,930:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Oct 2025 10:17:55 GMT
Content-Type: application/json
Content-Length: 393
Connection: keep-alive
Boulder-Requester: 1358711596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ###MYSECRET###
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "gwinners.de"
},
"status": "pending",
"expires": "2025-10-09T21:20:08Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1358711596/592172782701/6X8Ktg",
"status": "pending",
"token": "###MYSECRET###"
}
],
"wildcard": true
}
2025-10-03 12:17:55,930:DEBUG:acme.client:Storing nonce: ###MYSECRET###
2025-10-03 12:17:55,931:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-10-03 12:17:55,931:INFO:certbot._internal.auth_handler:dns-01 challenge for gwinners.de
2025-10-03 12:17:55,932:DEBUG:certbot_dns_ionos.ionos:creating IONOS Client
2025-10-03 12:17:55,934:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.de-fra.ionos.com:443
2025-10-03 12:17:56,024:DEBUG:urllib3.connectionpool:https://dns.de-fra.ionos.com:443 "GET /zones?filter.zoneName=gwinners.de HTTP/1.1" 401 139
2025-10-03 12:17:56,029:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 80, in perform
self._perform(domain, validation_domain_name, validation)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 49, in _perform
_IONOSClient(self.credentials.conf("token")).add_txt_record(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
domain, validation_name, validation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 93, in add_txt_record
zone_id = self._find_zone_id(domain)
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 178, in _find_zone_id
zones_response = self._handle_response(
requests.get(
...<3 lines>...
)
)
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 70, in _handle_response
raise errors.PluginError(
"Received non OK status from IONOS API {0}".format(resp.status_code)
)
certbot.errors.PluginError: Received non OK status from IONOS API 401
2025-10-03 12:17:56,029:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-10-03 12:17:56,029:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-10-03 12:17:56,030:DEBUG:certbot_dns_ionos.ionos:creating IONOS Client
2025-10-03 12:17:56,032:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.de-fra.ionos.com:443
2025-10-03 12:17:56,101:DEBUG:urllib3.connectionpool:https://dns.de-fra.ionos.com:443 "GET /zones?filter.zoneName=gwinners.de HTTP/1.1" 401 139
2025-10-03 12:17:56,102:ERROR:certbot._internal.error_handler:Encountered exception during recovery: certbot.errors.PluginError: Received non OK status from IONOS API 401
2025-10-03 12:17:56,102:ERROR:certbot._internal.renewal:Failed to renew certificate npm-19 with error: Received non OK status from IONOS API 401
2025-10-03 12:17:56,108:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1528, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 424, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 502, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 80, in perform
self._perform(domain, validation_domain_name, validation)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 49, in _perform
_IONOSClient(self.credentials.conf("token")).add_txt_record(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
domain, validation_name, validation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 93, in add_txt_record
zone_id = self._find_zone_id(domain)
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 178, in _find_zone_id
zones_response = self._handle_response(
requests.get(
...<3 lines>...
)
)
File "/usr/local/lib/python3.13/dist-packages/certbot_dns_ionos/ionos.py", line 70, in _handle_response
raise errors.PluginError(
"Received non OK status from IONOS API {0}".format(resp.status_code)
)
certbot.errors.PluginError: Received non OK status from IONOS API 401
2025-10-03 12:17:56,109:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-10-03 12:17:56,109:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-10-03 12:17:56,109:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-19/fullchain.pem (failure)
2025-10-03 12:17:56,109:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-10-03 12:17:56,109:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==4.0.0', 'console_scripts', 'certbot')())
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1872, in main
return config.func(config, plugins)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1620, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
f"{len(renew_failures)} renew failure(s), {len(parse_failures)} parse failure(s)")
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-10-03 12:17:56,112:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)