Problems by creating a new certificate

Hi Together,

i have some trouble and i am searching for a solution but i have no more ideas where to search.
I am using a new DynDNS since a few days. I will use this with my Nextcloud System and my bitwarden server at home.

The old DynDNS Provider had troubles since months, that is why i am leaving.

The Provider of my DynDNS is "GoIP".

The Server is a NAS System and on it is a Docker environment installed. There is one bitwarden and one nextcloud docker system. Also, there is a nginx proxy manager. The Ports 80/443 are open for the nginx proxy manager.

The domain has been entered there, and it looks to the correct internal IP adrress.
If i am trying to create a new certificate via the nginx proxy manager, i always get an error message.

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-29" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains "" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

Can someone help me what i am doing wrong? There must be something that is wrong, but i cannot find the error.

Is there something that i have to provide also?

Thank you and best regards

can you access this file?


Your DNS includes a non-routable IP address. See Let's Debug result:


Here is a link DNS providers who easily integrate with Let's Encrypt DNS validation via the DNS-01 Challenge


Thank you.

Does that mean, that there is no chance to solve this with the existing domain?


The IP you have in the A record in your DNS will not work for people on the public internet.

So, even if you have a working cert and site no one can reach it using that IP. I'm not sure how you are updating that IP but as long as you can get it to be the public IP of your server it should be fine.

Note if you use an HTTP Challenge to get a cert there must be a valid public IP address. You could use a DNS Challenge instead, but, the IP you have now still won't allow anyone else to access it.


Yes, i can. :slight_smile:

But it seems to be a larger file (284 lines).

Seem like DNS-01 Challenge is a choice.

that sounds about right.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.