Unable to auto renew certificate using Cloudflare DNS validation

Are you in the right place?

• If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit.
• If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask.
• If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the right place.

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image? yes.

REPOSITORY                                 TAG        IMAGE ID       CREATED         SIZE
jc21/nginx-proxy-manager                   latest     5d9d277f28f1   4 days ago      810MB

• Are you sure you’re not using someone else’s docker image? yes.
• If having problems with Lets Encrypt, have you made absolutely sure your site is accessible from outside of your network? yes.

Describe the bug

• I am running NPM in 2 different Ubuntu 18.04 LTS server. I am using Cloudflare DNS validation.

• Both NPM docker failed to renew Let’s Encrypt wildcard certificate with auto renewal. But able to renew it when run it manually in SSL Certificate tab.

• What version of Nginx Proxy Manager is reported on the login page? 2.8.1

Expected behavior Expect auto certificate renewal when close to expiry.

Screenshots If applicable, add screenshots to help explain your problem.

Operating System

• Ubuntu 18.04 LTS Server.

Additional context

Auto renewal

[3/22/2021] [7:57:36 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...,
[3/22/2021] [8:01:05 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation  ,
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.,
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping.,
All renewal attempts failed. The following certs could not be renewed:,
  /etc/letsencrypt/live/npm-1/fullchain.pem (failure),
1 renew failure(s), 0 parse failure(s),
,
    at ChildProcess.exithandler (child_process.js:308:12),
    at ChildProcess.emit (events.js:314:20),
    at maybeClose (internal/child_process.js:1051:16),
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5),
Connection Error: Error: read ECONNRESET,
Connection Error: Error: read ECONNRESET,

Renew manually

[3/22/2021] [8:48:21 AM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates via Cloudflare for Cert #1: *.example.com,
[3/22/2021] [8:54:49 AM] [SSL      ] › ℹ  info      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
Processing /etc/letsencrypt/renewal/npm-1.conf,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
new certificate deployed without reload, fullchain is,
/etc/letsencrypt/live/npm-1/fullchain.pem,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
,
Congratulations, all renewals succeeded. The following certs have been renewed:,
  /etc/letsencrypt/live/npm-1/fullchain.pem (success),
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -,
[3/22/2021] [8:57:36 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...,
[3/22/2021] [8:57:37 AM] [Nginx    ] › ℹ  info      Reloading Nginx,
[3/22/2021] [8:57:37 AM] [SSL      ] › ℹ  info      Renew Complete,