Certbot failed to delete some certs after revoke #2103
Description
Describe the bug
I recently updated all my locally hosted services to be internet inaccessible and require a VPN to use. As a result, I updated my NPM configuration to use HTTP only and deleted all my HTTPS certs, and removed all applicable DNS entries.
For some (not all) certs, the certbot revoke --delete-after-revoke command did not seem to take fully, as the certs remained active. Since the DNS entries were removed, this caused the hourly certbot renew command to fail. Failing enough times (for some reason) caused my NPM instance to lock up and my local services to time out.
I was able to resolve this by going into the container and manually calling certbot delete on the remaining active certificates.
Nginx Proxy Manager Version
v2.9.18
To Reproduce
Steps to reproduce the behavior:
- Remove certificates from Proxy Host entries
- Delete the certificate from the SSL Certificates page
Expected behavior
The certificates should be removed after being revoked.
Operating System
$ uname -a
Linux raspberrypi 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux
$ docker -v
Docker version 20.10.16, build aa7e414
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
------------ jc21/nginx-proxy-manager:latest "/init" 12 minutes ago Up 12 minutes 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx-proxy-manager-app-1Additional Context
[6/9/2022] [1:46:56 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[6/9/2022] [1:46:56 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[6/9/2022] [1:46:56 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[6/9/2022] [1:46:56 PM] [Global ] › ℹ info Backend PID 244 listening on port 3000 ...
[6/9/2022] [1:49:38 PM] [SSL ] › ✖ error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-12 with error: Some challenges have failed.
Failed to renew certificate npm-13 with error: Some challenges have failed.
Failed to renew certificate npm-14 with error: Some challenges have failed.
Failed to renew certificate npm-15 with error: Some challenges have failed.
Failed to renew certificate npm-16 with error: Some challenges have failed.
Failed to renew certificate npm-6 with error: Some challenges have failed.
Failed to renew certificate npm-7 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-12/fullchain.pem (failure)
/etc/letsencrypt/live/npm-13/fullchain.pem (failure)
/etc/letsencrypt/live/npm-14/fullchain.pem (failure)
/etc/letsencrypt/live/npm-15/fullchain.pem (failure)
/etc/letsencrypt/live/npm-16/fullchain.pem (failure)
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
/etc/letsencrypt/live/npm-7/fullchain.pem (failure)
7 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:399:12)
at ChildProcess.emit (node:events:526:28)
at maybeClose (node:internal/child_process:1092:16)
at Socket.<anonymous> (node:internal/child_process:451:11)
at Socket.emit (node:events:526:28)
at Pipe.<anonymous> (node:net:687:12)