Let's Encrypt SSL Issuance fails with HTTP Challange in NPM (Internal error)

Help
1

I’m using Nginx Proxy Manager (NPM) on a self-hosted Ubuntu 24.04 server to manage subdomains. I’ve encountered issues when trying to issue Let’s Encrypt certificates using the HTTP challenge. The .well-known/acme-challenge directory is accessible, but the SSL issuance fails with an "Internal Error" in NPM. Logs suggest a backend connectivity problem (connect() failed (111: Connection refused) on port 3000). I’ve tested various configurations and even rebuilt the container without success. Looking for guidance on resolving this issue.
Here’s the filled-out draft for your Let’s Encrypt forum post based on the details you've shared:

Help Topic Submission

My domain is:

emby.servermoraru.xyz (and other subdomains such as radarr.servermoraru.xyz)

I ran this command:

From within my Nginx Proxy Manager setup:

  1. Attempted to issue a Let’s Encrypt certificate using the HTTP challenge in the NPM web UI.
  2. Also tried:
certbot certonly --webroot -w /data/letsencrypt-acme-challenge/ -d emby.servermoraru.xyz --dry-run

It produced this output:

When using the HTTP challenge in NPM:

  • NPM Error: "Internal Error."
  • Logs indicate:

Challenge failed for domain emby.servermoraru.xyz
Detail: my ip : Invalid response from http:/domain/.well-known/acme-challenge/XXXXX: 400

When I tested the .well-known/acme-challenge path directly by disabling the proxy host:

  • The test file was accessible (curl -I http://emby.servermoraru.xyz/.well-known/acme-challenge/test returned 200 OK).

However, SSL issuance still fails with an internal error in NPM.

My web server is (include version):

Nginx Proxy Manager (latest version as of Dec 2024)

The operating system my web server runs on is (include version):

Ubuntu 24.04 (on my personal server)

My hosting provider, if applicable, is:

Self-hosted

I can login to a root shell on my machine (yes or no, or I don't know):

Yes, I have root shell access.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Yes, I’m using Nginx Proxy Manager.

The version of my client is:

Using Certbot inside the NPM container (version not directly accessible due to NPM limitations).
Additional context: Dns configuration returns my ip, ports are open, The HTTP challenge directory (/data/letsencrypt-acme-challenge/.well-known/acme-challenge) is correctly mapped and serves files directly when the proxy host is disabled.

    • Restarted and rebuilt the NPM container, including pulling the latest version and removing old volumes.
  • No luck in resolving the SSL issuance issue.
  1. Manual Testing:
  • Running certbot manually outside the NPM UI produces similar results (400 Bad Request or Internal Error).
    To be fair i really don t have any other ideas what to do and i am in dire need of guidance :slight_smile:
2

This kind of communications configuration problem is best handled at the NPM support and/or community forums. The results from the Let's Debug site give helpful info.

  1. Your IPv6 address fails to respond
  2. HTTP requests to your domain are being handled by an openresty server that requires HTTPS. You might have port 80 mis-directed to port 443. Or something similar. The NPM forums should be able to help you correct this.
3 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.