ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.

[littlegraycells]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
With the jc21/nginx-proxy-manager:latest image, I'm getting the following error in the logs:

❯ Configuring npm user ...
useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
❯ Configuring npm group ...
❯ Checking paths ...
--------------------------------------
ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.
--------------------------------------
s6-rc: warning: unable to start service prepare: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

I'm not using Let's Encrypt and so do not have /etc/letsencrypt mounted in my compose file.

I went back to jc21/nginx-proxy-manager:2.10.4 and everything works as expected.

Nginx Proxy Manager Version
latest from docker hub

To Reproduce
Steps to reproduce the behavior:

1. Pull the jc21/nginx-proxy-manager:latest image and run the container without providing a host mount for /etc/letsencrypt.
2. The NPM container crashes with the above mentioned error.

Expected behavior
The container should operate normally without this mount.

Operating System
Linux **** 5.15.0-1051-oracle 57-Ubuntu SMP Wed Jan 24 18:31:24 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

[Dialgatrainer02]

can you not mount the volume and just not use sll certs?

[littlegraycells]

@Dialgatrainer02 Yes, I could do that (and it does work). Is that the recommended approach? It seems like previous version did not have this as a necessity if not using Let's Encrypt. But if that's the proper way to do it, then please feel free to resolve this ticket.

[Sjonnie2018]

I am experiencing the same issue as of January 21st 2024. I only use Nginx to access Vaultwarden so it took some time to figure out what was wrong. Is there a solution for this?

EDIT: Went back to 2.10.4 and all is now working as expected. Told WatchTower not to auto-update this container ;-) Hope this thread will get a reply when a fix is available. All contributors: thanks for the hard work :)

[jmthompson]

Similar issue here, except I do use SSL and I have a directory bound to /etc/letsencrypt. I get this error with latest as of 2/26/24; going back to 2.10.4 makes everything work again.

[ingeniumdesign]

same Problem here after "default" install: ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.

yes, the 2.10.4 works fine...

[gybrid]

Same as above

[Marrrrrrrrry]

Same as above

[akorb90]

same here!

[txfab]

Same here , the 2.10.4 works fine

[ZoezTV]

This issue still persists. I have yet to find a solution. Is there any quick fix other than using the older version?

[danielj23]

Still persists

[samuelsson]

Here is the breaking changes: Issue #3170 with PR #3258

If you are not using SSL certificates at all (i.e. only hosting locally) you could probably just mount an empty directory for letsencrypt. Something like this in your compose file:

---
# ...

services:
  nginx-proxy-manager:
    # ...
    volumes:
      # ...
      - nginx-proxy-manager_letsencrypt:/etc/letsencrypt

volumes:
  # ...
  nginx-proxy-manager_letsencrypt:
    name: 'nginx-proxy-manager_letsencrypt'

[kmanwar89]

+1 to the above comments - issue still persists, June 2024. This is just a brand-new setup using the compose file from the README (with my added custom networks, but I'm not certain that is contributing to the issues here):

[+] Running 1/1
 ✔ Container proxy  Started                                                       0.6s
❯ logs
proxy  | 2024-06-02T18:27:07.060331113Z ❯ Configuring npm user ...
proxy  | 2024-06-02T18:27:07.069667494Z useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
proxy  | 2024-06-02T18:27:07.080992354Z ❯ Configuring npm group ...
proxy  | 2024-06-02T18:27:07.106562277Z ❯ Checking paths ...
proxy  | 2024-06-02T18:27:07.110513182Z ❯ Setting ownership ...
proxy  | 2024-06-02T18:27:07.126143922Z ❯ Dynamic resolvers ...
proxy  | 2024-06-02T18:27:07.130586149Z s6-rc: warning: unable to start service prepare: command exited 127
proxy  | 2024-06-02T18:27:07.131479456Z /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

This is after using the workaround suggested above - this is my compose file:

services:
  app:
    image: 'jc21/nginx-proxy-manager:v3'
    container_name: proxy
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./nginx-proxy-manager_letsencrypt:/etc/letsencrypt
    networks:
      - cf
      - services

networks:
  cf:
    name: cf
    external: true
  services:
    name: services
    external: true

What's difficult is I can't confirm that it's related to LE, since I can't even get it to load long enough to try to configure esomething - LE or otherwise.

[Nibb31]

6 months later and still getting "ERROR: /etc/letsencrypt is not mounted! Check your docker configuration."

This prevents renewing certs. This is my compose file (using Portainer):

version: "3.8"

services:
  nginx_proxy_manager:

    image: jc21/nginx-proxy-manager:latest
    restart: unless-stopped
    container_name: nginx-proxy-manager
    #network_mode: host
    environment: # Uncomment this if IPv6 is not enabled on your host
      - DISABLE_IPV6=true # Uncomment this if IPv6 is not enabled on your host
    volumes:
      - /config/nginx:/data
      - /config/letsencrypt:/etc/letsencrypt   
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port

How come this is still an issue? Is nobody using LE with NPM? Is there a workaround?

[kylekrajnyak]

Just wanted to add that v2.10.4 works fine for me as well. (Installed as "custom app" in TrueNAS SCALE)

[pythoninthegrass]

Took some trial and error, but this is my working docker-compose.yml. The image is technically 2.11.3 as of writing.

services:
  nginx-proxy-manager:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
    ports:
      - 80:80/tcp
      - 81:81/tcp
      - 443:443/tcp
      - 3001:3000/tcp
    networks:
      - nginx-proxy-manager
    environment:
      - TZ=America/Chicago
      - PUID=1000
      - PGID=1000
      - X_FRAME_OPTIONS=sameorigin
      - DB_SQLITE_FILE=/data/database.sqlite
      - DISABLE_IPV6=true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /docker/containers/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
      - /docker/containers/nginx-proxy-manager/config:/data
    healthcheck:
      test: ["CMD", "/bin/check-health"]
      interval: 10s
      timeout: 3s
    restart: no

networks:
  nginx-proxy-manager:
    external: true

I didn't try to save any certs and in fact deleted some from a prior image tag. This fixed both a certbot python import error from 2.10.4 and the 2.11.0 complaint about /etc/letsencrypt not being mounted.

Hope that helps!

[myf2uclub]

still same issue useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
2024-10-15 08:27:34 ❯ Configuring npm user ...
2024-10-15 08:27:34 ❯ Configuring npm group ...
2024-10-15 08:27:35 ❯ Checking paths ...
2024-10-15 08:27:35 --------------------------------------
2024-10-15 08:27:35 ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.
2024-10-15 08:27:35 --------------------------------------
2024-10-15 08:27:35 s6-rc: warning: unable to start service prepare: command exited 1
2024-10-15 08:27:35 /run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.

[playya]

If no volume is mounte /etc/letsencrypt is not created:

# docker run -it --rm jc21/nginx-proxy-manager:latest ls -l /etc/letsencrypt
❯ Configuring npm user ...
useradd warning: npm's uid 0 outside of the UID_MIN 1000 and UID_MAX 60000 range.
❯ Configuring npm group ...
❯ Checking paths ...
--------------------------------------
ERROR: /etc/letsencrypt is not mounted! Check your docker configuration.
--------------------------------------
s6-rc: warning: unable to start service prepare: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
ls: cannot access '/etc/letsencrypt': No such file or directory

[bradison1]

For any of you folks running Portainer and need a solution, this worked for me.

1. Create a Volume for Let's Encrypt. Poratainer - Volumes - Add Volume - give it a descriptive name (i.e. NPM-LetsEncrypt). Keep the rest of the default settings.
2. Go to your NPM container and edit it.
3. Go to Volumes tab at the bottom of the container screen
4. Map Additional Volume
5. Container should be: /etc/letsencrypt
6. The volume created in Step 1 above should be in the Volume dropdown list.
7. Launch the container. It should work.