Nginx Proxy Manager - Lets encrypt certificate not working

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-2" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains ""
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:399:12)
at ChildProcess.emit (node:events:526:28)
at maybeClose (node:internal/child_process:1092:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

I am using an Ubuntu Machine with docker.
I don't know how to fix this problem.

Hi @Nomajo, and welcome to the LE community forum :slight_smile:

In order to use HTTP authentication, you must have a working HTTP site.
In order to have a working HTTP site, you must use an IP that can be reached via the Internet:


In order to use:

You will have to provide the correct document root being used by your site.


The domain is used to point to the nextcloud I installed on my server. I made an A dns entry that points to And linked it to the right port with Nginx Proxy manager. The only problem is that i can't create a SSL Certificate with Nginx Proxy Manager for this domain.

That IPv4 Address is within a Private IPv4 Address range and thus not directly accessable from the Internet; now if you have a valid non-private IPv4 Address that is NATed to that Private a IPv4 Address. Then the said valid non-private IPv4 Address is the IPv4 Address the LE can access.

16-bit block – 65536 ( 16 bits 16 bits 256 contiguous class C networks

Here is a nice description Public vs. Private IP Addresses: What’s the Difference?


I do know exactly what you did.
I tried explaining where you went off the expected path and what you might also encounter along the way.


Is it possible that i port forward my specific ports and it will work?

If you haven't port forwarded port 80, then it will remain unable to validate (until you do).