Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: super.org.za
I ran this command: I have not run any commands
It produced this output:
Docker logs for NGINX Proxy Manager:
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
[2/18/2025] [3:50:28 AM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-23' --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
My web server is (include version): NGINX Proxy Manager v2.12.3
The operating system my web server runs on is (include version): Docker on Ubuntu 24
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):3.0.1
I woke up this morning with all of my services down. I quickly before work tried to troubleshoot, but all I could find was the my NGINX Proxy Manager Docker container is giving an error, advising me to seek help here.
I have lots of services running, but do not know a whole lot about certificates and DNS, just what I've been told in tutorials, etc, so I am still learning. I know I have a wildcard certificate at *.super.org.za
I am not sure how to even search this error, but here is the logs:
[2/18/2025] [10:00:37 AM] [SSL ] › info Renewing Let'sEncrypt certificates for Cert #89: links.super.org.za
[2/18/2025] [10:00:37 AM] [SSL ] › info Command: certbot renew --force-renewal --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-89' --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[2/18/2025] [10:00:37 AM] [Global ] › ⬤ debug CMD: certbot renew --force-renewal --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-89' --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[2/18/2025] [10:00:51 AM] [SSL ] › error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Failed to renew certificate npm-89 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-89/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Here is the logs at the /tmp/letsencrypt.log: (Don't know how much of it I must paste here?)
Server: nginx
Date: Tue, 18 Feb 2025 10:00:51 GMT
Content-Type: application/json
Content-Length: 1075
Connection: keep-alive
Boulder-Requester: 1178563627
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: KDHPPURR-gT_qeEUSlRzkGeJ7P7sqV_c82PFW5ygaOUV5WSebqw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "links.super.org.za"
},
"status": "invalid",
"expires": "2025-02-25T10:00:39Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1178563627/477785210065/ZqHCDg",
"status": "invalid",
"validated": "2025-02-18T10:00:40Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "45.220.25.30: Fetching http://links.super.org.za/.well-known/acme-challenge/dDfHgsVYMd4KBbrtwQJ6XZzcC3c-cjRfimvfOgtmDxU: Timeout during connect (likely firewall problem)",
"status": 400
},
"token": "dDfHgsVYMd4KBbrtwQJ6XZzcC3c-cjRfimvfOgtmDxU",
"validationRecord": [
{
"url": "http://links.super.org.za/.well-known/acme-challenge/dDfHgsVYMd4KBbrtwQJ6XZzcC3c-cjRfimvfOgtmDxU",
"hostname": "links.super.org.za",
"port": "80",
"addressesResolved": [
"45.220.25.30"
],
"addressUsed": "45.220.25.30"
}
]
}
]
}
2025-02-18 10:00:51,338:DEBUG:acme.client:Storing nonce: KDHPPURR-gT_qeEUSlRzkGeJ7P7sqV_c82PFW5ygaOUV5WSebqw
2025-02-18 10:00:51,338:INFO:certbot._internal.auth_handler:Challenge failed for domain links.super.org.za
2025-02-18 10:00:51,339:INFO:certbot._internal.auth_handler:http-01 challenge for links.super.org.za
2025-02-18 10:00:51,339:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: links.super.org.za
Type: connection
Detail: 45.220.25.30: Fetching http://links.super.org.za/.well-known/acme-challenge/dDfHgsVYMd4KBbrtwQJ6XZzcC3c-cjRfimvfOgtmDxU: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-02-18 10:00:51,339:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-02-18 10:00:51,339:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-02-18 10:00:51,340:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-02-18 10:00:51,340:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/dDfHgsVYMd4KBbrtwQJ6XZzcC3c-cjRfimvfOgtmDxU
2025-02-18 10:00:51,340:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-02-18 10:00:51,340:ERROR:certbot._internal.renewal:Failed to renew certificate npm-89 with error: Some challenges have failed.
2025-02-18 10:00:51,342:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1528, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-02-18 10:00:51,344:DEBUG:certbot._internal.display.obj:Notifying user:
2025-02-18 10:00:51,344:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-02-18 10:00:51,344:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-89/fullchain.pem (failure)
2025-02-18 10:00:51,344:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-02-18 10:00:51,344:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1876, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1620, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-02-18 10:00:51,345:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)