DNS Challenge (Gandi) renewal throws an error

[matthewdavis]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug

DNS challenge certificates do not renew anymore either manually or automatically.

Nginx Proxy Manager Version

v2.9.19

To Reproduce Steps to reproduce the behavior:

1. Navigate to SSL Certs
2. Select one of the existing wildcard (for my case) certs issued from Gandi
3. Click 'Renew Now'
4. Error "Internal Error"

Expected behavior

Cert gets renewed.

Operating System

Fedora 37 Server running container docker.io/jc21/nginx-proxy-manager latest 60a6ddeeaa79 6 weeks ago 969 MB

Additional context Relevant logs, from a restart -> issuing the cert, which hopefully shows the problem. I have 3 wildcard certs, all from Gandi, which all have been working

Last successful renew was 11-Oct-2022.

[12/20/2022] [4:46:41 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[12/20/2022] [4:46:41 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[12/20/2022] [4:46:41 PM] [Global   ] › ℹ  info      Backend PID 239 listening on port 3000 ...
[12/20/2022] [4:46:42 PM] [SSL      ] › ✖  error     Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  
Renewal configuration file /etc/letsencrypt/renewal/npm-13.conf (cert: npm-13) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/npm-14.conf (cert: npm-14) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/npm-15.conf (cert: npm-15) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.
0 renew failure(s), 3 parse failure(s)

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Socket.<anonymous> (node:internal/child_process:458:11)
    at Socket.emit (node:events:513:28)
    at Pipe.<anonymous> (node:net:301:12)
[12/20/2022] [4:46:59 PM] [Express  ] › ⚠  warning   invalid signature
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Model#$omit is deprected and will be removed in 3.0.
[12/20/2022] [4:47:48 PM] [Express  ] › ⚠  warning   invalid signature
[12/20/2022] [4:48:36 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates via Gandi Live DNS for Cert #13: *.gamerdog.club
[12/20/2022] [4:48:36 PM] [SSL      ] › ℹ  info      Command: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-13" --disable-hook-validation --no-random-sleep-on-renew 
[12/20/2022] [4:48:36 PM] [Express  ] › ⚠  warning   Command failed: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-13" --disable-hook-validation --no-random-sleep-on-renew 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/npm-13.conf (cert: npm-13) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.
0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[Positivelight775]

I could use some insite...

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image? No...

Are you sure you're not using someone else's docker image? No...

Have you searched for similar issues (both open and closed)? No...

Thanks, Douglas

On Tue, Dec 20, 2022, 8:53 AM Matthew Davis @.***> wrote:

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes / No
• Are you sure you're not using someone else's docker image?
  • Yes / No
• Have you searched for similar issues (both open and closed)?
  • Yes / No

Describe the bug

DNS challenge certificates do not renew anymore either manually or automatically.

Nginx Proxy Manager Version

v2.9.19

To Reproduce Steps to reproduce the behavior:

1. Navigate to SSL Certs
2. Select one of the existing wildcard (for my case) certs issued from Gandi
3. Click 'Renew Now'
4. Error "Internal Error"

Expected behavior

Cert gets renewed.

Operating System

Fedora 37 Server running container docker.io/jc21/nginx-proxy-manager latest 60a6ddeeaa79 6 weeks ago 969 MB

Additional context Relevant logs, from a restart -> issuing the cert, which hopefully shows the problem. I have 3 wildcard certs, all from Gandi, which all have been working

Last successful renew was 11-Oct-2022.

[12/20/2022] [4:46:41 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...

[12/20/2022] [4:46:41 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized

[12/20/2022] [4:46:41 PM] [Global ] › ℹ info Backend PID 239 listening on port 3000 ...

[12/20/2022] [4:46:42 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Renewal configuration file /etc/letsencrypt/renewal/npm-13.conf (cert: npm-13) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.

Renewal configuration file /etc/letsencrypt/renewal/npm-14.conf (cert: npm-14) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.

Renewal configuration file /etc/letsencrypt/renewal/npm-15.conf (cert: npm-15) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.

0 renew failure(s), 3 parse failure(s)

at ChildProcess.exithandler (node:child_process:402:12)

at ChildProcess.emit (node:events:513:28)

at maybeClose (node:internal/child_process:1100:16)

at Socket.<anonymous> (node:internal/child_process:458:11)

at Socket.emit (node:events:513:28)

at Pipe.<anonymous> (node:net:301:12)

[12/20/2022] [4:46:59 PM] [Express ] › ⚠ warning invalid signature

QueryBuilder#allowEager method is deprecated. You should use allowGraph instead. allowEager method will be removed in 3.0

QueryBuilder#eager method is deprecated. You should use the withGraphFetched method instead. eager method will be removed in 3.0

QueryBuilder#omit is deprecated. This method will be removed in version 3.0

Model#$omit is deprected and will be removed in 3.0.

[12/20/2022] [4:47:48 PM] [Express ] › ⚠ warning invalid signature

[12/20/2022] [4:48:36 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates via Gandi Live DNS for Cert #13: *.gamerdog.club

[12/20/2022] [4:48:36 PM] [SSL ] › ℹ info Command: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-13" --disable-hook-validation --no-random-sleep-on-renew

[12/20/2022] [4:48:36 PM] [Express ] › ⚠ warning Command failed: certbot renew --config "/etc/letsencrypt.ini" --cert-name "npm-13" --disable-hook-validation --no-random-sleep-on-renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Renewal configuration file /etc/letsencrypt/renewal/npm-13.conf (cert: npm-13) produced an unexpected error: 'Namespace' object has no attribute 'certbot_plugin_gandi:dns_credentials'. Skipping.

0 renew failure(s), 1 parse failure(s)

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

— Reply to this email directly, view it on GitHub https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2492, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVMDK3V5AROWTAVQRAAIJCDWOHP7RANCNFSM6AAAAAATEWXALY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[matthewdavis]

I could use some insite...

Sorry. I used bold to answer the questions. Should have been more clear. Editing the original comment to remove the No's to make it clear. They are "yes" to all. Def using the expected image and didn't see anything referencing this problem. My cursory searching leans it could be related to an update to certbot that may have broken gandi's plugin configuration. But I'm not 100% sure.

[root@server ~]# podman ps -a|grep nginx-proxy
5cb581371737  docker.io/jc21/nginx-proxy-manager:latest                                2 hours ago   Up 2 hours ago             0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp                              nginx-proxy-manager

[dormancygrace]

https://github.com/NginxProxyManager/docker-nginx-full/pull/10

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: