Unable to get a certificate "Internal error"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nextcloud.ashwekar.com

I ran this command: No command. Just trying to get a certificate using Nginx Proxy Manager

It produced this output: "Internal Error". Which is not at all helpful. But the following is what I see in the logs of portainer

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.,
Some challenges have failed.,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
[2/25/2022] [2:24:28 PM] [Express ] › :warning: warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-27" --agree-tos --authenticator webroot --email "pratikashwekar@gmail.com" --preferred-challenges "dns,http" --domains "nextcloud.ashwekar.com" ,
[2/25/2022] [2:24:28 PM] [Nginx ] › :information_source: info Reloading Nginx,
[2/25/2022] [2:24:14 PM] [SSL ] › :information_source: info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-27" --agree-tos --authenticator webroot --email "pratikashwekar@gmail.com" --preferred-challenges "dns,http" --domains "nextcloud.ashwekar.com" ,
[2/25/2022] [2:24:14 PM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates for Cert #27: nextcloud.ashwekar.com,
[2/25/2022] [2:24:14 PM] [Nginx ] › :information_source: info Reloading Nginx

My web server is (include version): Just trying to expose my install of nextcloud to the internet.

The operating system my web server runs on is (include version): Truenas Core -> Ubuntu Server VM ->Nginx Proxy Manager(managed using portainer)
Nextcloud is a Truenas Core plugin

My hosting provider, if applicable, is: Selfhosted but domain name bought through namecheap

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Not sure of the answer to this

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

I have been able to complete the loop in order to get OpenVPN set up on my machine. So I am quite sure I am doing things like portforwarding, dynamic dns etc. correctly. I just don't know where I am going wrong here. I am a total novice and usually get by using tutorials so would appreciate details. Thanks!

These don't go togheter, and webroot usually comes with --webroot-path:

  --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
                        public_html / webroot path. This can be specified
                        multiple times to handle different domains; each
                        domain will have the webroot path that preceded it.
                        For instance: `-w /var/www/example -d example.com -d
                        www.example.com -w /var/www/thing -d thing.net -d
                        m.thing.net` (default: Ask) 

Who wrote that command?


What's in that file?

1 Like

What's producing that error? Because I don't see it anywhere in the logs.


I actually don't know how to go in and read letsencrypt.log in that path. How can I do that?

Your Ubuntu server VM should have an SSH service. It's probably not configured, though.

Or maybe a console. I don't know how your management interface works.

I don't understand if nextcloud/proxy manager runs on the Ubuntu VM or on truenas, and that's important to understand where to get the logs.

1 Like

Ah. The reply format threw me off. I apologize. I am trying to set up a proxy host to expose my instance of nextcloud to the internet. I am trying to achieve that using Nginx Proxy Manager. When I try "Request an SSL certificate", it fails and on the Nginx Proxy Manager UI, it just says "Internal Error". When I go into Portainer, I get the log that I have posted with my initial post. Does that help?

Truenas Core -> Ubuntu Server VM ->Nginx Proxy Manager(managed using portainer)

This is the hierarchy

Ok, you need to access the shell for that Ubuntu VM.

Before you do that, check if you forwarded ports 80 and 443 to that VM.

1 Like

Yes, those ports are forwarded to the VM

Ok, see if SSH works (I don't know what users passwords or keys it uses, if it uses the default 22 port or not)

And please note that I cannot see anything on port 80, it's either a firewall or port forwarding is broken (are you also forwarding on your router?)

~ $ curl -IL http://nextcloud.ashwekar.com/
curl: (28) Failed to connect to nextcloud.ashwekar.com port 80 after 31837 ms: Connection timed out
1 Like

No, unfortunately not. We'd really need more info, such as the log file mentioned by @9peppe.


You can use the "serial" button to open the console for the VM. From there, enable SSH (no password, use keys) and login via SSH.


So, SSH is installed. I just don't know the path to get to the log file. I can get to it from the portainer's console for the container. I saw 999 files in there. I tried to install nano but it just said "Unable to locate package nano".

You don't need nano to view files.

You can also copy them to your local PC using scp.

1 Like

Or, if they're short enough, you can view them using cat, which is definitely present on every Unix-like system!


Hi Everyone. Thanks for all your responses. I just moved DNS for my domain from my registrar Namecheap to Cloudflare and I am able to fetch certificates. Don't know why it doesn't work on Namecheap but I remember reading on Reddit and elsewhere that it is better to move DNS responsibility to Cloudflare when using Namecheap, so I gave it a go. Again, appreciate all your responses.


This is unexpected but ok.

It makes sense if that's an unrelated issue.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.