Problem/Motivation

I just installed the addon and added the myhost.duckdns.org host, shown online in web ui.

When I try to add ssl certificate, the Internal error is shown and no SSL cert is created.

Steps to reproduce

1. Installed and configured duckdns
2. Install and configure MariaDB password (all else default)
3. Install and start addon
4. Create host
5. Try to add ssl certificate

Here the addon log and if any more info needed would be glad to share

 Add-on version: 0.12.0
 You are running the latest version of this add-on.
 System: Home Assistant OS 8.2  (amd64 / generic-x86-64)
 Home Assistant Core: 2022.6.7
 Home Assistant Supervisor: 2022.05.3
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
cont-init: info: running /etc/cont-init.d/mysql.sh
cont-init: info: /etc/cont-init.d/mysql.sh exited 0
cont-init: info: running /etc/cont-init.d/nginx.sh
cont-init: info: /etc/cont-init.d/nginx.sh exited 0
cont-init: info: running /etc/cont-init.d/npm.sh
cont-init: info: /etc/cont-init.d/npm.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun manager (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
s6-rc: info: service legacy-services successfully started
[02:51:44] INFO: Starting NGinx...
[02:51:44] INFO: Starting the Manager...
[7/5/2022] [2:51:44 AM] [Global   ] › ℹ  info      Manual db configuration already exists, skipping config creation from environment variables
[7/5/2022] [2:51:46 AM] [Migrate  ] › ℹ  info      Current database version: 20211108145214
[7/5/2022] [2:51:46 AM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[7/5/2022] [2:51:46 AM] [Setup    ] › ℹ  info      Logrotate completed.
[7/5/2022] [2:51:46 AM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[7/5/2022] [2:51:46 AM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[7/5/2022] [2:51:46 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[7/5/2022] [2:51:46 AM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[7/5/2022] [2:51:46 AM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[7/5/2022] [2:51:47 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[7/5/2022] [2:51:47 AM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[7/5/2022] [2:51:47 AM] [Global   ] › ℹ  info      Backend PID 265 listening on port 3000 ...
[7/5/2022] [2:51:49 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [2:51:49 AM] [SSL      ] › ℹ  info      Renew Complete
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Model#$omit is deprected and will be removed in 3.0.
Duplicate relation "access_list" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0
[7/5/2022] [2:57:35 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [2:59:01 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [2:59:06 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #1: homef51.duckdns.org
[7/5/2022] [2:59:06 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [2:59:17 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [2:59:18 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[7/5/2022] [3:00:57 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:01:02 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #2: homef51.duckdns.org
[7/5/2022] [3:01:02 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-2" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [3:01:14 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:01:14 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-2" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[7/5/2022] [3:05:46 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:05:51 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #3: homef51.duckdns.org
[7/5/2022] [3:05:51 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [3:06:03 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:06:03 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[7/5/2022] [3:07:44 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:07:49 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #4: homef51.duckdns.org
[7/5/2022] [3:07:49 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [3:08:00 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:08:00 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[7/5/2022] [3:09:49 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:09:54 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #5: homef51.duckdns.org
[7/5/2022] [3:09:54 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-5" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [3:10:08 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:10:08 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-5" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[7/5/2022] [3:10:12 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:10:17 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #6: homef51.duckdns.org
[7/5/2022] [3:10:17 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
[7/5/2022] [3:10:20 AM] [Nginx    ] › ℹ  info      Reloading Nginx
[7/5/2022] [3:10:20 AM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "homef51.duckdns.org" 
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Same problem here. I can't update the ssl certificates

As a point, I found that this occurs when the DNS doesn't properly point to the NGINX instance. If you are generating an SSL certificate for the first time, it's best to double check that port 80 traffic works first from the domain name. If it does, usually the SSL generation will work. Keep in mind, if you are using dynamic dns, those can sometimes take a bit to refresh.

If you are regenerating the certificate and hitting this error, try disabling SSL and setting the cert to none, test port 80 with the registered domain names, and make sure traffic works.

If you still get the internal error after verifying all port 80 traffic, this may be a different issue, but every time I have run into it, it's that Let's Encrypt can't hit the Nginx proxy through DNS.

Can confirm that a recent update of NPM broke a previously working setup with a DNS challenge through acme-dns. The cert now fails to renew with the same red bubble of "Internal error" — only learned about it after receiving an email from Let's Encrypt saying that one of my certificates only has 19 days left to live.

There seems to be at least one similar (but not quite the same) issue with the latest NPM 2.9.18 that is fixed by rolling back to 2.9.15 or updating certbot: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2048

Cannot yet confirm either fix as I'm currently throttled by LE due to recent validation failures; so for now it's just another "I have the same issue".

Restoring the older addon version from a backup unfortunately broke it entirely due to new database migrations that have already been applied to MariaDB — something I really can't roll back the same way 🙁

~~Probably the same cause as #258~~ Or not. The issue found there seems to be specific to DNS challenge, the cases I see here seem to be using the default (HTTP).

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues. Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!