SSL certificate error

[ahmedelemamn]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
i have a fresh NPM image running and tried to generate SSL certificate for my ___domain
i tried both http/dns challenges
for http challenge i get this error:

Communication with the API failed, is NPM running correctly?

or this one:

example.example.com: There is no server available at this ___domain. Please make sure your ___domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.

for the second error i made sure my DNS record is configured as DNS only and not proxied on cloudflare and i have both port 80 and 443 forwarded on my WAN router

if i opted for DNS challenge i get this error

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-3" --agree-tos --email "xxxx@gmail.com" --domains "example.com" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-3" --dns-cloudflare-propagation-seconds 240
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Encountered CloudFlareAPIError adding TXT record: 10000 Authentication error
Error communicating with the Cloudflare API: Authentication error
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) 

although the API key is working fine

curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer xxxx" \
     -H "Content-Type:application/json"
{"result":{"id":"96ec8dc212843213fb16d363732e6b34","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}

Nginx Proxy Manager Version
v2.9.14
i tried the latest as well but i had the same issue and i saw a post here recommending downgrading helped but unfortunately it didn't help me ref. #1862

To Reproduce
Steps to reproduce the behavior:

• Go to the tab "SSL Certificates"
• Click on "Add SSL Certificate"
• Enter the domains "*.example.com, example.com"
• Select "Use DNS Challenge", Cloudflare, and set API Key
• Set Propagation Seconds (450 Seconds) (Optional)

Expected behavior
wildcard SSL certificate to be created

Operating System
ubuntu server 21.10

[Lzyct]

Any update about this issue?

[evlo]

can you do *.example.com or just example.com?

Anyways i have same error with just example.com after clicking on test, but not when ___domain is unavailable, maybe this happens if ___domain points to different ___location. I'm using cloud flare dns without proxy do i need to use dns challenge?

With token I get
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.9.12)
(yes i'm sure, i'm used same one in traefik, but i wanted to switch to something with web ui management)

Without dns challenge i get

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

UPDATE: weirdly after 3 attempts (no change in token) it did succeeded even with wildcard, i dunno what it does say about trying same thing expecting different result

[vm75]

I am facing the same issue. Have enabled port forwarding for both 80 & 443. keep getting the same errors outlined in the original post

[Evilernie2001]

Same Problem here. Can`t renew the or create SSL via Letsencrypt

[BL3CKM00N]

guessing im not the only one here today xD

[Yannic-reust]

same here

[g4xx]

Same here

[CameronMacG]

+1

[msawyer91]

I'm seeing the same "Communication with the API failed, is NPM running correctly?" on NPM 2.9.19 on a Raspberry Pi using Docker. The error occurs when I test connectivity, but ultimately succeeded in requesting the certificate from Let's Encrypt.

[HostLabs-LLC]

I'm also getting Communication with the API failed, is NPM running correctly?" after pulling :latest this morning. I'm glad its not just me, hopefully we get this fixed. Thanks!!!

[BL3CKM00N]

Well... u can request a certificate but only the check does currently not work. Requesting and renewing does work just fine ;)

[Barzoo7]

+1 hope solve it

[roo12312]

same here

[DomBrownInOz]

Yep. same here?