Hello, I'm using nginx to get ssl certificates on my lan network. It worked fine until some days ago. The certificates are not getting renewed, and certbot is failing.
This is what nginx says + the cerbot command ran:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-30" --agree-tos --email "mail" --domains "domain" --authenticator dns-godaddy --dns-godaddy-credentials "/etc/letsencrypt/credentials/credentials-30"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

A part of the log can be found here: During handling of the above exception, another exception occurred:Traceback - Pastebin.com

Hello @IVCrossway, welcome to the Let's Encrypt community.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Correction:

You're using "Nginx Proxy Manager" (NPM), some kind of terrible shell around multiple applications, including the nginx webserver. Saying you're using "nginx" is way too little information.

That said, NPM is often VERY hard to debug for the volunteers on this Community. Your question might very well be more suited on support channels specifically for NPM.

From the log it looks like your GoDaddy credentials are incorrect.

It is using certbot 1.32.0, don't know which version I should use since updating to the latest version results in:

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
certbot-dns-godaddy 0.2.4 requires certbot<2.0.0,>=0.31.0, but you have certbot 2.7.2 which is incompatible.

You're right, should have wrote a more detailed post. Anyway I've already posted on NPM reddit but I've got no help there (and the log suggests asking this community).

That is what I thought, but the developer keys are correct. I tried recreating them many times.

I would find some other way of doing things - NPM is a huge waste of time [when it doesn't "just work"].

Hi, your log shows a standard looking http 401 credentials problem.

Assuming you have access to curl you can test out your API credentials using it:

curl -X 'GET' \
  'https://api.godaddy.com/v1/domains' \
  -H 'accept: application/json' \
  -H 'Authorization: sso-key yourapikey:yourapisecret'

For me this returns something like

[{"createdAt":"2020-10-23T02:37:33.000Z","domain":"example.com.au","domainId":129883700,"expirationProtected":false,"expires":"2024-10-23T02:37:33.000Z","exposeWhois":false,"holdRegistrar":false,"locked":true,"nameServers":null,"privacy":false,"registrarCreatedAt":"2020-10-22T19:37:19.953Z","renewAuto":true,"renewDeadline":"2024-10-24T02:37:33.000Z","renewable":true,"status":"ACTIVE","transferProtected":false}]

Hi, I tried to test the API credentials as you mentioned and it works just fine.
It reports:
[{"createdAt":"2023-06-14T21:53:10.000Z","domain":"xxx.it","domainId":3xxxx9,"expirationProtected":false,"expires":"2024-06-14T21:59:59.000Z","exposeWhois":false etc...

So, we are agreed then: NPM is the problem!
LOL

Actually it's certbot-dns-godaddy's fault, since it's the one managing the authentication. Thankfully I was able to manage my dns from Cloudflare, so now I'm using that with NPM to get the certificates and it seems to be working fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.