starred/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-02-05 00:29:55 +03:00
Code Issues 13 Packages Projects Releases 10 Wiki Activity

Nginx/DuckDNS Cert #833

New Issue
Closed
opened 2026-02-04 21:48:16 +03:00 by OVERLORD · 9 comments
OVERLORD commented 2026-02-04 21:48:16 +03:00
Owner
Copy Link

Originally created by @laleeroy on GitHub (Apr 19, 2025).

Have you read and understood the above guidelines?

Yes

📜 What is the name of the script you are using?

Nginx Proxy Manager

📂 What was the exact command used to execute the script?

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/nginxproxymanager.sh)"

⚙️ What settings are you using?

  • Default Settings
  • Advanced Settings

🖥️ Which Linux distribution are you using?

Debian 12

📝 Provide a clear and concise description of the issue.

I ran this after the LXC has been installed /app/scripts/install-certbot-plugins as per guide says,.
Only one error whwn running that commabd and it is regarding ovh certbot I believe.

Ok so my Issue is, when I request let's encrypt ssl with duckdns domain, I got this internal error from nginx webui

Internal Error
CommandError: usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-duckdns-credentials /etc/letsencrypt/credentials/credentials-9 --dns-duckdns-no-txt-restore

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:410:5)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

🔄 Steps to reproduce the issue.

Add ssl from webui

Paste the full error output (if available).

Add Let's Encrypt Certificate

Internal Error
CommandError: usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-duckdns-credentials /etc/letsencrypt/credentials/credentials-9 --dns-duckdns-no-txt-restore

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:410:5)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

🖼️ Additional context (optional).

No response

Originally created by @laleeroy on GitHub (Apr 19, 2025). ### ✅ Have you read and understood the above guidelines? Yes ### 📜 What is the name of the script you are using? Nginx Proxy Manager ### 📂 What was the exact command used to execute the script? bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/nginxproxymanager.sh)" ### ⚙️ What settings are you using? - [x] Default Settings - [ ] Advanced Settings ### 🖥️ Which Linux distribution are you using? Debian 12 ### 📝 Provide a clear and concise description of the issue. I ran this after the LXC has been installed /app/scripts/install-certbot-plugins as per guide says,. Only one error whwn running that commabd and it is regarding ovh certbot I believe. Ok so my Issue is, when I request let's encrypt ssl with duckdns domain, I got this internal error from nginx webui Internal Error CommandError: usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-duckdns-credentials /etc/letsencrypt/credentials/credentials-9 --dns-duckdns-no-txt-restore at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ### 🔄 Steps to reproduce the issue. Add ssl from webui ### ❌ Paste the full error output (if available). Add Let's Encrypt Certificate Internal Error CommandError: usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-duckdns-credentials /etc/letsencrypt/credentials/credentials-9 --dns-duckdns-no-txt-restore at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:410:5) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5) ### 🖼️ Additional context (optional). _No response_
OVERLORD added the not a script issue label 2026-02-04 21:48:16 +03:00
OVERLORD commented 2026-02-04 21:48:29 +03:00
Author
Owner
Copy Link

@MickLesk commented on GitHub (Apr 19, 2025):

You should Report this to the NPM Repo, thats not Script related

@MickLesk commented on GitHub (Apr 19, 2025): You should Report this to the NPM Repo, thats not Script related
OVERLORD commented 2026-02-04 21:48:46 +03:00
Author
Owner
Copy Link

@astamminger commented on GitHub (May 12, 2025):

Hello @tremor021 @MickLesk @laleeroy

Actually, I have the same problem with another DNS Provider and I think this is not a NPM issue, but it is indeed a script issue! The error raised by NPM during the DNS-Challenge (as shown by @laleeroy above) is a bit misleading here, because the root cause of the error is actually due to the plugin not being found at all (rather than due to an unknown argument)

This happens because the install script does symlink the system's certbot and python binaries into the /opt/certbot venv but does not symlink the system's pip binary into it (I think this wild symlinking of system-binaries into the venv instead of simply using the venv and setting the correct PATH is a bad idea in general, for obvious reasons, but that's just my two cents.) Due to this missing pip symlink, nginxproxymanager will use pip from the actual venv (see here for source) and therefore installs all plugins into the venv's site-packages, instead of the system's dist-packages. Thus, when Nginxproxymanager calls the system's certbot during the DNS Challenge it of course cannot find the installed plugins and will raise the above error.

So, please re-open this issue as this is clearly an issue with the script (I cannot do it).

Thanks!

@laleeroy
as a quick fix you could try to manually symlink system pip into the existing venv (i.e. ln -sf /usr/bin/pip /opt/certbot/bin/pip) and then run NPMs script for installing the plugins again.

//Edit: Fix Typo. Good catch, thanks a lot @filipmachalowski :)

@astamminger commented on GitHub (May 12, 2025): Hello @tremor021 @MickLesk @laleeroy Actually, I have the same problem with another DNS Provider and I think this is not a NPM issue, but it is indeed a script issue! The error raised by NPM during the DNS-Challenge (as shown by @laleeroy above) is a bit misleading here, because the root cause of the error is actually due to the plugin not being found at all (rather than due to an unknown argument) This happens because the install script does symlink the system's `certbot` and `python` binaries into the `/opt/certbot` venv but does not symlink the system's `pip` binary into it (I think this wild symlinking of system-binaries into the venv instead of simply using the venv and setting the correct PATH is a bad idea in general, for obvious reasons, but that's just my two cents.) Due to this missing `pip` symlink, nginxproxymanager will use `pip` from the actual venv (see [here](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/5e66d677f1402b0414ae07124ad810fbc12c36ec/backend/lib/certbot.js#L66C78-L66C84) for source) and therefore installs all plugins into the venv's `site-packages`, instead of the system's `dist-packages`. Thus, when Nginxproxymanager calls the system's `certbot` during the DNS Challenge it of course cannot find the installed plugins and will raise the above error. So, please re-open this issue as this is clearly an issue with the script (I cannot do it). Thanks! @laleeroy as a quick fix you could try to manually symlink system `pip` into the existing venv (i.e. ``ln -sf /usr/bin/pip /opt/certbot/bin/pip``) and then run NPMs script for installing the plugins again. //Edit: Fix Typo. Good catch, thanks a lot @filipmachalowski :)
OVERLORD commented 2026-02-04 21:48:51 +03:00
Author
Owner
Copy Link

@filipmachalowski commented on GitHub (Jun 2, 2025):

I encountered exactly this issue, and the solution provided by @astamminger works perfectly.

Just a small note:
There’s a typo — it should be certbot (not cerbot) in the path.

Here’s the corrected line:

ln -sf /usr/bin/pip /opt/certbot/bin/pip
@filipmachalowski commented on GitHub (Jun 2, 2025): I encountered **exactly** this issue, and the solution provided by @astamminger works perfectly. Just a small note: There’s a typo — it should be **`certbot`** (not **`cerbot`**) in the path. Here’s the corrected line: ```bash ln -sf /usr/bin/pip /opt/certbot/bin/pip ```
OVERLORD commented 2026-02-04 21:48:57 +03:00
Author
Owner
Copy Link

@philj0st commented on GitHub (Jul 25, 2025):

I encountered this very issue with multiple plugins.
Can it be that certbot is never updated? At least the one within my venv was an old one the NPM wasn't developed against. NPM states the version of certbot at it's releases tab.

@philj0st commented on GitHub (Jul 25, 2025): I encountered this very issue with multiple plugins. Can it be that `certbot` is never updated? At least the one within my venv was an old one the NPM wasn't developed against. NPM states the version of `certbot` at it's releases tab.
OVERLORD commented 2026-02-04 21:49:09 +03:00
Author
Owner
Copy Link

@philj0st commented on GitHub (Jul 25, 2025):

the script app/scripts/install-certbot-plugins
seems to use the venv pip to install the plugins:
const cmd = . /opt/certbot/bin/activate && pip install --no-cache-dir ${plugin.dependencies} ${plugin.package_name}${plugin.version} && deactivate;

@philj0st commented on GitHub (Jul 25, 2025): the script `app/scripts/install-certbot-plugins` seems to use the venv pip to install the plugins: `const cmd = . /opt/certbot/bin/activate && pip install --no-cache-dir ${plugin.dependencies} ${plugin.package_name}${plugin.version} && deactivate;`
OVERLORD commented 2026-02-04 21:49:11 +03:00
Author
Owner
Copy Link

@astamminger commented on GitHub (Jul 25, 2025):

@philj0st
yes, it is due to a missing symlink, see my comment above. AFAIK all plugins are affected by this, except for the Cloudflare DNS plugin, as this is installed system wide as a python dependency during installation (470a2593a2/install/nginxproxymanager-install.sh (L34C1-L34C33))

I do not know why there's no reaction on this very obvious skript issue, looking at you @MickLesk (also pinging @tremor021 again, who closed this issue)

@astamminger commented on GitHub (Jul 25, 2025): @philj0st yes, it is due to a missing symlink, see my comment above. AFAIK all plugins are affected by this, except for the Cloudflare DNS plugin, as this is installed system wide as a python dependency during installation (https://github.com/community-scripts/ProxmoxVE/blob/470a2593a29726bc40df56fc4fb4db1d516af4ba/install/nginxproxymanager-install.sh#L34C1-L34C33) I do not know why there's no reaction on this very obvious **skript issue**, looking at you @MickLesk (also pinging @tremor021 again, who closed this issue)
OVERLORD commented 2026-02-04 21:49:17 +03:00
Author
Owner
Copy Link

@MickLesk commented on GitHub (Jul 25, 2025):

Maybe do an PR? Its faster then comment and pingig us 😄 i dont See every comment in old Issues/PR.
Thats an oneliner, so feel free to do it :-) I'll just forget about it until Monday

@MickLesk commented on GitHub (Jul 25, 2025): Maybe do an PR? Its faster then comment and pingig us :smile: i dont See every comment in old Issues/PR. Thats an oneliner, so feel free to do it :-) I'll just forget about it until Monday
OVERLORD commented 2026-02-04 21:49:24 +03:00
Author
Owner
Copy Link

@philj0st commented on GitHub (Jul 26, 2025):

Maybe do an PR? Its faster then comment and pingig us 😄 i dont See every comment in old Issues/PR. Thats an oneliner, so feel free to do it :-) I'll just forget about it until Monday

I can open a PR if you guys want, would you just create the symlink at the right position in the install script?
Thanks @astamminger i got it working thanks to your fix!

@philj0st commented on GitHub (Jul 26, 2025): > Maybe do an PR? Its faster then comment and pingig us 😄 i dont See every comment in old Issues/PR. Thats an oneliner, so feel free to do it :-) I'll just forget about it until Monday I can open a PR if you guys want, would you just create the symlink at the right position in the install script? Thanks @astamminger i got it working thanks to your fix!
OVERLORD commented 2026-02-04 21:49:30 +03:00
Author
Owner
Copy Link

@MickLesk commented on GitHub (Jul 26, 2025):

Symlink should be enough yes

@MickLesk commented on GitHub (Jul 26, 2025): Symlink should be enough yes
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Implemented in VED waiting push to Main
breaking change
bug
bug
bugfix
deferred
delete script
dependencies
enhancement
external
feature
github
help wanted
in project pipeline
invalid
investigation
json
maintenance
needs triage
new script
new script
nice to have
not a script issue
not planned
organization
pull-request
Mirrored from GitHub Pull Request
 question
refactor
rename script
security
update script
website
wontdo
🛑 Failure to comply with the guidelines
No Label not a script issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ProxmoxVE#833
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?