Cannot create/renew Let's Encrypt certificates after fresh VM reinstallation - Create Certificate button disabled #1270
Description
Describe the bug
After a clean reinstallation of the VM and Nginx UI, the "Create Certificate" button in the Nginx UI web interface is disabled, preventing the creation of new Let's Encrypt SSL certificates. This issue follows a previous problem where automatic and manual certificate renewals for existing sites failed with a 404 Not Found error during the ACME HTTP-01 challenge.
To Reproduce
Note: The exact steps to reach the disabled button state are due to a full VM reinstallation after previous failures. The initial failure steps are provided for context.
Initial Failure Scenario (before reinstallation):
- Navigate to the "SSL Certificates" section in Nginx UI.
- Observe automatic renewal attempts for existing certificates failing (e.g., grafana.rossigg.duckdns.org).
- Attempt to manually renew certificates from the web interface.
- Attempt to delete existing sites and recreate them from scratch to obtain new certificates.
- All attempts fail with an invalid authorization: acme: error: 403 ... 404 error (see logs below).
Current Bug (after VM reinstallation):
- Perform a clean installation of the OS (Ubuntu 22.04 in my case) and Nginx UI.
- Access the Nginx UI web interface.
- Navigate to the "SSL Certificates" section.
- Observe that the "Create Certificate" button is disabled/greyed out, preventing any new certificate generation.
Expected behavior
- The Nginx UI should be able to successfully renew existing Let's Encrypt certificates using the HTTP-01 challenge.
- The Nginx UI should allow the creation of new Let's Encrypt certificates, with the "Create Certificate" button enabled and functional after a clean installation.
Screenshots
Info (please complete the following information):
- Server OS: Debian 12.7-1
- Server Arch: x86_64
- Nginx UI Version: 2.1.14 (455)
- Your Browser: Edge, Firefox
Additional context
The issue initially started on Saturday morning (July 26, 2025) with automatic certificate renewals failing. Manual attempts to renew or create new certificates via the web interface also failed. The recurring error was:
[Nginx UI] Preparing lego configurations [Nginx UI] ACME User: System Initial User, Email: rossiggws@gmail.com, CA Dir: https://acme-v02.api.letsencrypt.org/directory [Nginx UI] Creating client facilitates communication with the CA server [Nginx UI] Setting HTTP01 challenge provider 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Trying renewal with 1980 hours remaining 2025/07/26 20:20:26 [INFO] [grafana.rossigg.duckdns.org] acme: Obtaining bundled SAN certificate 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Could not find solver for: tls-alpn-01 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: use http-01 solver 2025/07/26 20:20:27 [INFO] [grafana.rossigg.duckdns.org] acme: Trying to solve HTTP-01 2025/07/26 20:20:32 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2479542571/559358738651 renew cert error: error: one or more domains had a problem: [grafana.rossigg.duckdns.org] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 77.83.113.151: Invalid response from http://grafana.rossigg.duckdns.org/.well-known/acme-challenge/inRbjGUGGpPmhIYhKUhq6xah_9kIfdO3mtmVcYN_2WWk: 404
Despite verifying public IP and DuckDNS resolution for the domains (e.g., grafana.rossigg.duckdns.org), the 404 error persisted. After reinstalling the entire VM to attempt a fresh start, the "Create Certificate" button is now disabled, preventing any certificate management. This suggests a deeper configuration or Nginx UI state issue after reinstallation, or a dependency problem.