Skip to content

Test server reachability for certificate renewal is ok but LetsEncrypt times out #4439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
leolivier opened this issue Mar 16, 2025 · 1 comment
Open

Test server reachability for certificate renewal is ok but LetsEncrypt times out #4439

leolivier opened this issue Mar 16, 2025 · 1 comment
Labels
bug

Comments

@leolivier
Copy link

leolivier commented Mar 16, 2025
edited
Loading

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes (but it's hard and I might have missed it)

Describe the bug
I have a certificate for several subdomains of my domain and it's due for renewal in less than one month but it's not renewed. When I look in the docker logs, I see the renewal fails. When I look in the letsencrypt logs, I see there is a timeout

  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2145812125/490610212766/LMXH2A",
      "status": "invalid",
      "validated": "2025-03-16T10:21:55Z",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "2001:861:281f:1db0:319a:c9fb:a28d:700f: Fetching https://mydomain.tld/.well-known/acme-challenge/pNedRN7tllaGBrfOAC9pJ31UsELMTmXxLkVXtQTX--E: Timeout during connect (likely firewall problem)",
        "status": 400
      },

But when I run the Test Server Reachability, everything works fine:

Image

Other checks I did:

  • To check there were no issue on the permission, on the network, on the firewall..., I created a brand new certificate for another subdomain and it worked!
  • My existing subdomains are still reachable with the current version of the certificate, so NPM is running properly and forwards to the proxied containers
  • I spied on the challenges directory and saw the challenge file appear during the process and disappear when it failed.
  • The certificate is linked to 7 subdomains but I see only 3 of them failing with the timeout error (and again these 3 are working properly when you access them). The 4 other ones are validated by LetsEncrypt.

Nginx Proxy Manager Version
v2.12.3

Operating System
Docker on RPI5 (RPI OS up to date)

Additional context
I compared the xx.conf between some working and non working subdomains and found no difference except server name, port and log files
@leolivier leolivier added the bug label Mar 16, 2025
@leolivier leolivier mentioned this issue Mar 16, 2025
Closed
@leolivier
Copy link
Author

The issue remains but I discovered that NPM could manage wildcards though APIs with my DNS provider so I created a wildcard cert and removed this one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leolivier