Unable to renew Let's Encrypt SSL certificate in Nginx Proxy Manager

I've set up a few sites in Docker, on Linode.

I started by following these instructions:

Connect Your Docker Containers to Domain Names For Easy Access using Portainer on Linode

The steps I followed are:

1. Created a Linode
2. Installed NGINX Proxy Manager in a Docker container
3. Add my domain in https://cloud.linode.com/domains, point it to my Linode
4. Redirect my domain's domain server to Linode on my domain's registrar
5. Add Portainer in a Docker container

Then I installed VaultWarden in a Docker container, following these instructions:

Take Control of AND Secure Your Passwords Using Vaultwarden on Portainer

Steps here as follows:

1. Setup A Sub-Domain
2. Installed VaultWarden in Docker
3. Enabled HTTPS In NGINX
4. Created a Proxy Host in NGINX Proxy Manager that pointed to my VaultWarden container

In this process, I created an SSL Certificate using Let's Encrypt, through the NGINX Proxy Manager UI. (starting at 11:00 in the second video).

And all of that seemed to work, mostly.

Or, rather, in NGINX Proxy Manager's "Add Let's Encrypt Certificate" there;'s a "Test Server Reachability" button, and that always returned a "Communication with the API failed, is NPM running correctly?" error.

But, regardless of this, I was able to configure the redirect to the VaultWarden container, using the generated SSL key.

And then was able to access VaultWarden using the subdomain, and see that the browser can see the valid certificate.

My problem, now, is that I'm getting certificate is going to expire soon emails.

When I go back into NGINX Proxy Manager and look at SSL Certficates, I see a "Renew Now" option, and when I try it I get "Please Wait" for a while, then an "Internal Error" message.

What may or may not be relevant, the "Test Server Reachability" option still returns a "Communication with the API failed, is NPM running correctly?" error.

My problem is that these pretty GUIs aren't returning any sort of information as to what is going on, or why exactly it is failing.

There has to be some sort of logging, somewhere, that could give me a hint as to what the problem is.

Can someone help me find it?

I've done some further research on this issue. I believe the problem is relative to two bugs within NPM.

1. One that seems to have been partially fixed for SSL renew in version v2.9.21 After multiple renewal attempts the SSL certificate does renew; If it does not work the first time I would wait about 15 seconds and try again. Make sure you're running the latest version: v2.9.21.

2. The "Test Server Reachability" button does not seem to work at all for multiple people. You'll find there are multiple issues on Github that indicate the same behavior; Either for SSL renewal or the error shown when testing server reachability: "Communication with the API failed, is NPM running correctly?"

• https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2439 (This one has the most info on the Test Server Reachability Error)
• https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2713 (This one has the most info about SSL Renewal)
• https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2593
• https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2442

After further review of my logs I was also noticing a lot of the following error:

could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size

I found improvements with including the following two lines in my ~/npm/data/nginx/custom/http.conf

proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;