nginx-proxy-manager: SSL certificate error

The wall of “same here” messages doesn’t speed up the process of resolving this issue and it creates an unnecessary spam for those who follow issues via email.

If you want to help, please provide additional information such as logs, your settings, info about your setup or anything else that you think might be helpful.

If you want to show that you also are interested in solving this issue, consider just up-voting initial issue message, so that the counter will go up.

But please, stop spamming “same here”

EDIT: Want to make it clear, that I do not think bad of people who posted “same here” and just wanted to point out that it is not the most helpful approach for participating in issues, with peace and love

I’m seeing the same “Communication with the API failed, is NPM running correctly?” on NPM 2.9.19 on a Raspberry Pi using Docker. The error occurs when I test connectivity, but ultimately succeeded in requesting the certificate from Let’s Encrypt.

The only way I was able to get SSL is to Add host and request the SSL through the Host setup process.

Been almost a year and nothing on this issue. To be such a popular application that does see updates, it would be nice to see this fixed.

Same Problem here. Can`t renew the or create SSL via Letsencrypt

Same problem here

Turning ‘Force SSL’ off was the quick fix for me.

Have you tried this? #2011 (comment)

No, I like Lets Encrypt and I do not have a CloudFlare account nor do I manage my Domains through CloudFlare. I add about a Host a Year to NPM and everytime I try to do this NPM is broken. Very anoying. NPM never got certificate renewal automatically working, every 3 Months I have to go into it and update the certificates by hand.

I guess it is time to switch to another proxy.

Hello, in my case I solved the problem. First I also got this “internal error” or “Communication with the API failed, is NPM running correctly?”. Then I removed the certificat and tried to recertify it and got the same, but got the message in the red box “Another instance of Certbot is already running”. My solution I found: https://community.letsencrypt.org/t/solved-another-instance-of-certbot-is-already-running/44690

After doing that I registered the certificat by the “edit proxy host” menu! PS: I updated my version to 2.9.19

Well… u can request a certificate but only the check does currently not work. Requesting and renewing does work just fine 😉

same here

guessing im not the only one here today xD

I found this that seems to help a lot: https://www.reddit.com/r/nginxproxymanager/comments/166fbka/certbot_renew_internal_error/

Looks like we need a different certbot version packaged into this docker container

I’ve done this now: Part 2 - turn off Force SSL and then renew

Then it created a new ssl certificate… I’m using this through a HA plugin, not sure on how I would need to do the shell commands, but for now it seemed to be ok again for a couple months.

It seems like this topic/issue has not been resolved, as I came here with the same problem. The author needs to check and see about duplicating and resolving the issue.

@kitoming Yes, but that still doesn’t solve the problem with getting new certificated under ‘SSL Cert’ tab. A fresh cert without host pointing at a service.

By way of update, I have installed a new droplet on DO, with a fresh IP, with fresh Docker, with fresh install of NGINX Proxy Manager, and tried to ‘Test reachability’, still gives me the same error. Not sure if it is even worth typing here, as no contributors or maintainers of this project have replied.

Same here

can you do *.example.com or just example.com?

Anyways i have same error with just example.com after clicking on test, but not when domain is unavailable, maybe this happens if domain points to different location. I’m using cloud flare dns without proxy do i need to use dns challenge?

With token I get Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.9.12) (yes i’m sure, i’m used same one in traefik, but i wanted to switch to something with web ui management)

Without dns challenge i get

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

UPDATE: weirdly after 3 attempts (no change in token) it did succeeded even with wildcard, i dunno what it does say about trying same thing expecting different result

Update, it appears that my ISP has changed my IP, which has been the cause of all my troubles. Updating my domain provider’s dns with my new IP did just the trick. I guess I can’t put off setting up dyndns any longer 🤷

The error message provided by NPM is… vague at best… misguiding at worst.

Despite this small victory, the following are still true:

1. nginxproxymanager/nginx-proxy-manager:latest still exits immediately.
2. jc21/nginx-proxy-manager:latest is the image I got working (however, I’ll be pinning to 2.9.18, and manually updating image versions)
3. The DEPRECATED sentiment on the jc21 image is … wrong? It’s supposed successor crashes on startup and isn’t being regularly built

For those having trouble with NPM’s SSL certification feature, please make certain that the IP of your server is still valid!

Hello everyone

I had the same issue, and it turns out it has something to do with my firewall setting. I have a pfsense firewall, and when I checked my settings, I found that I allowed only TCP/UDP connection to the web, which I think wasn’t enough for nginx to verify the API token.

I am using ubuntunu+portainer+npm+uptime kuma. I want to get a certificate for uptime kuma. When I click: “Test Server Reachability” I get an error: “Communication with the API failed, is NPM running correctly?”. Any help?

80 and 443 ports are available

@EDIflyer , @etymotic My problem was due to an installed Portainer that would not allow npm to “see” uptime kuma. My friend wrote instructions on how to properly install it and configure Portainer to detect the container. I got everything working. Thanks to all of you for your help.

✅ Instructions: https://gist.github.com/Vladkarok/12ed9c11282d1659ecf369028c3202e6

https://old.reddit.com/r/nginxproxymanager/comments/166fbka/certbot_renew_internal_error/k1b9fra/ Yeah this work.

@baxenko I’m pretty certain, at least for me, that it’s network related. Probably NAT Loopback. I think NPM sends out a DNS request for your domain, gets pointed at your home network, and your router never lets anything leave. The solution for me was connecting the machine that runs NPM to a VPN. That forced stuff to leave my home network so the certificate stuff could succeed.

I would like to weigh in here and suggest making sure that “Block common exploits” is disabled in the proxyhost settings for the particular domain you’re trying to renew (re-enable it afterwards), also wait a while before doing it if you’ve been spamming the renew button before trying that, it might be rate limited

Theres many forks to this repo, I would recommend tracking one of them and seeing if someone has picked up maintaining the app.

Any you would recommend? Because honestly I don’t know what to look for when choosing a forked repo

I deleted the SSL certificate, yet I can’t request a complete new ssl certificate…

It’s now even getting more weird. I just tried a refresh on my other domain, this wasn’t working at first. Now it has refreshed it. I now requested a new ssl for the 2nd (sub) domain, it’s not working again.

it might be worth trying the steps I put in #2881 and see if they work for you at all for renewing. For the removals did you do it via UI or command line? As @KoenVanduffel mentions the UI version doesn’t seem to properly remove. In that situation I copied a known ‘good’ certificate from another site on that domain then refreshed it using the steps mentioned in that linked issue.

I did do a first regustration indeed, not a renewal, maybe my luck runs out in 60 days 🙄

Renewing an existing SSL cert is not an issue from the SSL tab. Generating new SSL cert for a domain that is correctly pointed to the NGINX Proxy Manager fails. Can you try to generate a new SSL cert for a domain that is pointing to your host, but doesn’t have the cert yet?

Hi I just created a new cert for my domain and it works fine. No issues

It works only for a while when you first pull the images and make a completely new and fresh container of npm without any volumes saved. Then after I add like 4 hosts, each with it’s own cert, it breaks and refuses to even make a new certificate. No matter if I try to add it when adding a new proxy host or directly through the SSL cert tab.

Not to discount your experience, but my NPM is already running close to ten hosts on different domains. As I mentioned in my comment, that is the state where I added a new cert to a new sub domain and it worked fine.

That is even more confusing to me then. What version of npm are you using? I’m on v2.9.19 - which should be the latest from docker hub. It did it the first time I set up my server (that was like 2.9.18) and then repulled the images and rebuilt the container and it broke again.

I’m on 2.9.18 just checked

After spending the night on it I found what was my issue.

I’m using NPM as a docker in unRAID, and for whatever reason the port settings of the template (where you specify the port forwarding at docker network level) changed.

Instead of forwarding port 180 to the internal port 80 and port 1443 to the internal port 443, the template was forwarding port 180 to port 180 and port 1443 to port 1443.

I changed it back to forwarding to 80 and 443 and now it’s working.

Same here. PM works fine on my Oracle Cloud hosts, but I’m facing this issue on my home server.

Same issue here

+1