starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00

[GH-ISSUE #1478] Do not 'sort' domain names #1140

New issue

Closed

opened 2026-02-26 06:35:55 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 06:35:55 +03:00

Owner

Originally created by @meks007 on GitHub (Oct 12, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1478

Hi,

there is an issue with requesting LE wildcard certificates in combination with sorting the domain names before the LE request is built.

Suppose you request a certificate for the following domains: example.com, *.example.com. Sorting this list would result in *.example.com, example.com. Now certbot uses the first domain name as it's CN. Having a CN that starts with an asterisk leads to various issues. Some devices/apps work completely normal, some devices/apps stop working. E.g. Chrome works normally, Samsung Mail app stops working, Nextcloud on android issues a security warning.

github.com/jc21/nginx-proxy-manager@725ba83606/backend/internal/certificate.js (L117)

Sorting isn't needed and NPM should honor the order as entered.

Originally created by @meks007 on GitHub (Oct 12, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1478 Hi, there is an issue with requesting LE wildcard certificates in combination with sorting the domain names before the LE request is built. Suppose you request a certificate for the following domains: example.com, *.example.com. Sorting this list would result in *.example.com, example.com. Now certbot uses the first domain name as it's CN. Having a CN that starts with an asterisk leads to various issues. Some devices/apps work completely normal, some devices/apps stop working. E.g. Chrome works normally, Samsung Mail app stops working, Nextcloud on android issues a security warning. https://github.com/jc21/nginx-proxy-manager/blob/725ba83606174274702329ac3e59229e2f22dd39/backend/internal/certificate.js#L117 Sorting isn't needed and NPM should honor the order as entered.

kerem closed this issue

2026-02-26 06:35:55 +03:00

kerem commented

2026-02-26 06:35:56 +03:00

Author

Owner

@chaptergy commented on GitHub (Oct 12, 2021):

I presume the sorting was done to show the domains in alphabetical order, since the entries in e.g. proxy hosts are also sorted alphabetically by the domain. But I agree, even if the specific issue you mention does not appear, maybe the user has entered the "main" certificate first and would like to have that as the first entry.

@chaptergy commented on GitHub (Oct 12, 2021): I presume the sorting was done to show the domains in alphabetical order, since the entries in e.g. proxy hosts are also sorted alphabetically by the domain. But I agree, even if the specific issue you mention does not appear, maybe the user has entered the "main" certificate first and would like to have that as the first entry.

kerem commented

2026-02-26 06:35:56 +03:00

Author

Owner

@meks007 commented on GitHub (Oct 14, 2021):

The issue goes far beyond simple cosmetics - Sorting an asterisk domain to the top leads to the certificate being invalid, or at least not conforming to certificate issuance standards and such certificates potentially leads to denials of service.

@meks007 commented on GitHub (Oct 14, 2021): The issue goes far beyond simple cosmetics - Sorting an asterisk domain to the top leads to the certificate being invalid, or at least not conforming to certificate issuance standards and such certificates potentially leads to denials of service.

kerem referenced this issue

2026-02-26 08:30:26 +03:00

[PR #1140] [MERGED] Adds logrotation #3379

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1140

No description provided.

Rows
Columns