Nginx PM error renewing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: base.tradonado.com

I ran this command: I am using the nginxPM web UI, but the logs show this:
certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --email "xxx@xxx.com" --domains "base.tradonado.com" --authenticator dns-namecheap --dns-namecheap-credentials "/etc/letsencrypt/credentials/credentials-8"

It produced this output:
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-8" --agree-tos --email "xxx@xxx.com" --domains "base.tradonado.com" --authenticator dns-namecheap --dns-namecheap-credentials "/etc/letsencrypt/credentials/credentials-8"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Unable to determine zone identifier for base.tradonado.com using zone names: ['base.tradonado.com', 'tradonado.com', 'com']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

My web server is (include version):
Nginx Proxy Manager 2.10.4 on Docker

The operating system my web server runs on is (include version):
It's a docker image. The terminal greets with:
Version 2.10.3 (824c837) 2023-05-10 04:56:28 UTC, OpenResty 1.21.4.1, debian 10 (buster), Certbot certbot 2.5.0

My hosting provider, if applicable, is: DNS provider: Namecheap

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0

I tried renewing a certificate expiring today, which had been renewed a couple of times before and am stuck with above situation. Googling and tinkering did not help. I tried both renewal and after the cert was expired removed it to try and get a fresh one - with the same result.

Thanks!

This may not be too helpful but this is the key info:

The namecheap plugin you are using is issuing that error message. Where did you get that plugin from? If there is a support forum for it you could ask about it there. It is not able to access your DNS zone to update the TXT record (I am guessing).

The first place I'd look is any config changes, like security settings at namecheap, that were made after Oct5 which was when your last cert was issued. The domain name itself looks okay to me so credentials and security settings look most likely at fault. Do you restrict access to the API for you domain by IP or something that may have changed?

Hi @threeeye, and welcome to the LE community forum

I think I see the problem [with my simple two eyes]:

Why are you using that?

Thanks for the response. The 'plugin' is built into Nginx PM.

Sorry, I am a little late to respond, since I got it to work by NOT using the fancy built in API token authentication. Your suggestions all sound good however and I didn't notice any problems when checking my domain settings. Probably some error in the client code.

Thanks!

Good question. I used to use plain old Nginx, but since I have many plates spinning, such as coding, actually trying to focus on the stuff I am doing with the web app (rather than the web app itself), a terrible memory and had to figure out configuration and terminal commands every few months from scratch it seemed like a nice convenience at some point

NPM is very difficult to debug when it goes wrong. It hides the actual error messages and the logs are often difficult to locate. It uses a heavy wrapper of customization around Certbot making it hard to tie the pieces together.

If you just setup Certbot right the first time it renews your certs automatically. There would be little need to remember commands.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.