starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 09:55:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1618] Feature: Allow update custom existing SSL Certificate #1217

New issue
Open
opened 2026-02-26 06:36:15 +03:00 by kerem · 28 comments
kerem commented 2026-02-26 06:36:15 +03:00
Owner
Copy link

Originally created by @rmartcas on GitHub (Nov 30, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1618

Is your feature request related to a problem? Please describe.
Every 3 months i need to manually update all my letsencript certificates for all my domains/subdomains. After certbot renew i need to manually create a new SSL Certificate entry with the new certificates for the next 3 months and update one by one all of my proxy hosts with the new certificate entry previosly created.
This is a tedious task because i have a lot of proxy hosts entries.

Describe the solution you'd like
It would be very nice to have an option to re-upload the private key and certificate for an existing SSL Certificate like this:

image

Describe alternatives you've considered

Additional context

I hope this will be a good feature :)

Regards.

Originally created by @rmartcas on GitHub (Nov 30, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1618 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Is your feature request related to a problem? Please describe.** Every 3 months i need to manually update all my letsencript certificates for all my domains/subdomains. After certbot renew i need to manually create a new SSL Certificate entry with the new certificates for the next 3 months and update one by one all of my proxy hosts with the new certificate entry previosly created. This is a tedious task because i have a lot of proxy hosts entries. **Describe the solution you'd like** It would be very nice to have an option to re-upload the private key and certificate for an existing SSL Certificate like this: ![image](https://user-images.githubusercontent.com/1176404/144053551-fdccfbd3-9e16-473a-9d90-de5eee3242b8.png) **Describe alternatives you've considered** <!-- A clear and concise description of any alternative solutions or features you've considered. --> **Additional context** <!-- Add any other context or screenshots about the feature request here. --> I hope this will be a good feature :) Regards.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@BobWs commented on GitHub (Dec 21, 2021):

+1 This would be a great enhancement!
At the moment I have to change every 60+ days the Certs of 30 containers manually when my LE Cert is renewed.
I use docker Linuxserver/swag to renew my wildcard LE Cert and that has to be imported every-time on a renewal for every container.

<!-- gh-comment-id:998524769 --> @BobWs commented on GitHub (Dec 21, 2021): +1 This would be a great enhancement! At the moment I have to change every 60+ days the Certs of 30 containers manually when my LE Cert is renewed. I use docker Linuxserver/swag to renew my wildcard LE Cert and that has to be imported every-time on a renewal for every container.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@spcqike commented on GitHub (May 3, 2022):

+1

as a "workaround" i managed to update the cert files within the container itself and restarted nginx. this works for my sites. only disadvantage: NPM doesn't (and can't) know the new expiration date and shows it as overdue. but: you don't have to update all your reverse proxys and services.

<!-- gh-comment-id:1115757916 --> @spcqike commented on GitHub (May 3, 2022): +1 as a "workaround" i managed to update the cert files within the container itself and restarted nginx. this works for my sites. only disadvantage: NPM doesn't (and can't) know the new expiration date and shows it as overdue. but: you don't have to update all your reverse proxys and services.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@Tuphal commented on GitHub (Aug 1, 2022):

I have the same issue, when my wildcard cert is expiring.
I don't want to manually edit all my domain entries.

A "Renew Custom Cert" would be a pretty nice feature

<!-- gh-comment-id:1200955123 --> @Tuphal commented on GitHub (Aug 1, 2022): I have the same issue, when my wildcard cert is expiring. I don't want to manually edit all my domain entries. A "Renew Custom Cert" would be a pretty nice feature
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@BobWs commented on GitHub (Aug 3, 2022):

+1

as a "workaround" i managed to update the cert files within the container itself and restarted nginx. this works for my sites. only disadvantage: NPM doesn't (and can't) know the new expiration date and shows it as overdue. but: you don't have to update all your reverse proxys and services.

Would you like to share your workaround?

<!-- gh-comment-id:1203506804 --> @BobWs commented on GitHub (Aug 3, 2022): > +1 > > as a "workaround" i managed to update the cert files within the container itself and restarted nginx. this works for my sites. only disadvantage: NPM doesn't (and can't) know the new expiration date and shows it as overdue. but: you don't have to update all your reverse proxys and services. Would you like to share your workaround?
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@spcqike commented on GitHub (Aug 3, 2022):

@BobWs as i wrote, i updated the cert files within the container. as the filesystem is a mounted volume (folder?) to keep everything persistent, this was quite easy.
grafik

i restarted the container and it started again, now using the new certificate.
grafik

as i mentioned: only the disadvantage is, that it still shows the old expiration date in the UI
grafik

i think this has to do with the fact that the data is stored in a database and it is only updated when going through the UI.

<!-- gh-comment-id:1203641077 --> @spcqike commented on GitHub (Aug 3, 2022): @BobWs as i wrote, i updated the cert files within the container. as the filesystem is a mounted volume (folder?) to keep everything persistent, this was quite easy. ![grafik](https://user-images.githubusercontent.com/50098985/182559775-e076d953-6263-4168-becf-dbf2f750a26d.png) i restarted the container and it started again, now using the new certificate. ![grafik](https://user-images.githubusercontent.com/50098985/182560600-77af1cf9-ad48-41e7-b4e1-7558c07f3ec1.png) as i mentioned: only the disadvantage is, that it still shows the old expiration date in the UI ![grafik](https://user-images.githubusercontent.com/50098985/182560153-40a16457-62ed-4eac-baab-c5ccc0f177d3.png) i think this has to do with the fact that the data is stored in a database and it is only updated when going through the UI.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@SSpt1978 commented on GitHub (Apr 1, 2023):

+1 This would be a great enhancement!
I have more than 100 Hosts.
For now the solution of spcqike works.

<!-- gh-comment-id:1492941114 --> @SSpt1978 commented on GitHub (Apr 1, 2023): +1 This would be a great enhancement! I have more than 100 Hosts. For now the solution of [spcqike](https://github.com/spcqike) works.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@BenjaminBini commented on GitHub (Apr 18, 2023):

I confirm that this would be of great help. I have a wildcard certificate (on a private network with no public DNS, so no Let's Encrypt possible) and I have 100+ hosts to update, it is a slow process! Thank you :)

<!-- gh-comment-id:1513199058 --> @BenjaminBini commented on GitHub (Apr 18, 2023): I confirm that this would be of great help. I have a wildcard certificate (on a private network with no public DNS, so no Let's Encrypt possible) and I have 100+ hosts to update, it is a slow process! Thank you :)
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@editor37 commented on GitHub (Aug 13, 2023):

Same routine every 3 months. Nothing new ?

<!-- gh-comment-id:1676364681 --> @editor37 commented on GitHub (Aug 13, 2023): Same routine every 3 months. Nothing new ?
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@karpana commented on GitHub (Sep 4, 2023):

i know this is a thread necro, but I'm curious if any progress has been made on this front.
I use a wildcard letsencrypt certificate, using a domain registrar that doesn't support automation, in order to obfuscate my subdomains. It is quite frustrating having to "rebuild" all the certificate configurations for all my subdomains byu hand.

I am going to explore the solution that @spcqike has provided. but in the meantime, I'd like to give my +1 to this enhancement request.

<!-- gh-comment-id:1705585789 --> @karpana commented on GitHub (Sep 4, 2023): i know this is a thread necro, but I'm curious if any progress has been made on this front. I use a wildcard letsencrypt certificate, using a domain registrar that doesn't support automation, in order to obfuscate my subdomains. It is quite frustrating having to "rebuild" all the certificate configurations for all my subdomains byu hand. I am going to explore the solution that @spcqike has provided. but in the meantime, I'd like to give my +1 to this enhancement request.
kerem commented 2026-02-26 06:36:15 +03:00
Author
Owner
Copy link

@BobWs commented on GitHub (Sep 4, 2023):

The @spcqike approach works for me, so I say give it try.

<!-- gh-comment-id:1705701079 --> @BobWs commented on GitHub (Sep 4, 2023): The @spcqike approach works for me, so I say give it try.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@MarlBurroW commented on GitHub (Sep 13, 2023):

The current mounting workaround is OK... but it would be beneficial to have a feature in the UI that allows for updating an existing certificate by re-uploading new certificate files without removing the existing one (associations with hosts are conserved). This enhancement would empower the less technical members of my team to update certificates independently, especially considering we have 50 hosts using the same wildcard to update individually.

Big +1

<!-- gh-comment-id:1716916593 --> @MarlBurroW commented on GitHub (Sep 13, 2023): The current mounting workaround is OK... but it would be beneficial to have a feature in the UI that allows for updating an existing certificate by re-uploading new certificate files without removing the existing one (associations with hosts are conserved). This enhancement would empower the less technical members of my team to update certificates independently, especially considering we have 50 hosts using the same wildcard to update individually. Big +1
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@BobWs commented on GitHub (Sep 13, 2023):

This feature request was posted 2 years ago, so don't get your hopes up for it to change within a reasonable period!
I guess it's is a very low priority feature to implement for the developers.

<!-- gh-comment-id:1716967449 --> @BobWs commented on GitHub (Sep 13, 2023): This feature request was posted 2 years ago, so don't get your hopes up for it to change within a reasonable period! I guess it's is a very low priority feature to implement for the developers.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@spcqike commented on GitHub (Sep 13, 2023):

as its open source, everyone who can code can do so and open a pull request.

especially considering we have 50 hosts using the same wildcard to update individually.

in this case i would think about a central storage location, where all hosts read the same file. or at least a script that keeps the certificate updated on every host automatically. updating 50 hosts in a webUI manually is .... not practical.

<!-- gh-comment-id:1717692470 --> @spcqike commented on GitHub (Sep 13, 2023): as its open source, everyone who can code can do so and open a pull request. > especially considering we have 50 hosts using the same wildcard to update individually. in this case i would think about a central storage location, where all hosts read the same file. or at least a script that keeps the certificate updated on every host automatically. updating 50 hosts in a webUI manually is .... not practical.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@Rdiger-36 commented on GitHub (Feb 22, 2024):

I've got the same Problem. I solved it with the workaround from @spcqike.
I have also found a workaround for the problem with the expiration date. To do this, simply change the expires_on entry from your certificate in the table certificates in the NPM database. I use MariaDB and have set the expiration date to that of the new certificate. You can also set it to any other date you want.
You can do this either via the console or via phpMyAdmin, which is much easier.

<!-- gh-comment-id:1958961434 --> @Rdiger-36 commented on GitHub (Feb 22, 2024): I've got the same Problem. I solved it with the workaround from @spcqike. I have also found a workaround for the problem with the expiration date. To do this, simply change the expires_on entry from your certificate in the table certificates in the NPM database. I use MariaDB and have set the expiration date to that of the new certificate. You can also set it to any other date you want. You can do this either via the console or via phpMyAdmin, which is much easier.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@naziris commented on GitHub (Mar 2, 2024):

Based on @spcqike answer:

After you update the CRT file. Add a dummy domain with the new CRT.
Then download locally the database.sqlite file from your docker container.
Open it on your machine with a sqlite editor
Go to certificate table and view the rows
Edit the dummy row you added before and note down the content of modified_on, expires_on and meta.
Now edit the actual row of the domain you would like to modify, and copy paste the data we extracted on previous step
Delete the dummy row and save the changes
Copy the new/modified database.sqlite file back to the container and restart it

Here's your edit "button" :)

<!-- gh-comment-id:1974756505 --> @naziris commented on GitHub (Mar 2, 2024): Based on @spcqike answer: After you update the CRT file. Add a dummy domain with the new CRT. Then download locally the database.sqlite file from your docker container. Open it on your machine with a sqlite editor Go to certificate table and view the rows Edit the dummy row you added before and note down the content of modified_on, expires_on and meta. Now edit the actual row of the domain you would like to modify, and copy paste the data we extracted on previous step Delete the dummy row and save the changes Copy the new/modified database.sqlite file back to the container and restart it Here's your edit "button" :)
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@Commifreak commented on GitHub (May 22, 2024):

+1 for a replace feature to select either all new or only the new cert (while keeping the key). Would make custom cert updates easier.

An upload/edit via textarea (input base64) would be nice as well.

<!-- gh-comment-id:2123864721 --> @Commifreak commented on GitHub (May 22, 2024): +1 for a replace feature to select either all new or only the new cert (while keeping the key). Would make custom cert updates easier. An upload/edit via textarea (input base64) would be nice as well.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@itguy327 commented on GitHub (Jun 12, 2024):

+1

<!-- gh-comment-id:2163526731 --> @itguy327 commented on GitHub (Jun 12, 2024): +1
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@marvin78 commented on GitHub (Jul 18, 2024):

+1

<!-- gh-comment-id:2235894160 --> @marvin78 commented on GitHub (Jul 18, 2024): +1
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@adrian-moll commented on GitHub (Aug 9, 2024):

+1

<!-- gh-comment-id:2277843122 --> @adrian-moll commented on GitHub (Aug 9, 2024): +1
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@krilzov commented on GitHub (Aug 22, 2024):

+1

<!-- gh-comment-id:2303809663 --> @krilzov commented on GitHub (Aug 22, 2024): +1
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@alexbiaolol commented on GitHub (Aug 24, 2024):

A workround works form me:
nginx_manager_1 is your container name of nginx-proxy-manager.
docker volumes: /root/data:/data

Using the acme.sh script to automatically install the certs file:
acme.sh xxxxxxxxxx --key-file /root/data/custom_ssl/npm-2/privkey.pem --fullchain-file /root/data/custom_ssl/npm-2/fullchain.pem --reloadcmd "docker exec nginx_manager_1 nginx -s reload"

or you can manually do it with command everything 3 month:
docker exec nginx_manager_1 nginx -s reload;

<!-- gh-comment-id:2308477794 --> @alexbiaolol commented on GitHub (Aug 24, 2024): A workround works form me: nginx_manager_1 is your container name of nginx-proxy-manager. docker volumes: /root/data:/data Using the acme.sh script to automatically install the certs file: acme.sh xxxxxxxxxx --key-file /root/data/custom_ssl/npm-2/privkey.pem --fullchain-file /root/data/custom_ssl/npm-2/fullchain.pem --reloadcmd "docker exec nginx_manager_1 nginx -s reload" or you can manually do it with command everything 3 month: docker exec nginx_manager_1 nginx -s reload;
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@rumansaleem commented on GitHub (Mar 9, 2025):

I have also faced the same issue, and I managed to come up with a solution PR #4425.

<!-- gh-comment-id:2708982619 --> @rumansaleem commented on GitHub (Mar 9, 2025): I have also faced the same issue, and I managed to come up with a solution PR #4425.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@ducnt102 commented on GitHub (Mar 11, 2025):

This is my solution,
Connect to SQLite3 and update proxy_host to use the new host.
Find the ID of the new certificate.

`sqlite3 data/database.sqlite
SQLite version 3.22.0 2018-01-22 18:45:57
Enter ".help" for usage hints.
sqlite> SELECT id,nice_name,domain_names FROM certificate;

9 is the new certificate ID.
2 is the old certificate ID.

UPDATE proxy_host SET certificate_id = 9 WHERE certificate_id = 2;
restart service
`

<!-- gh-comment-id:2712959593 --> @ducnt102 commented on GitHub (Mar 11, 2025): This is my solution, Connect to SQLite3 and update proxy_host to use the new host. Find the ID of the new certificate. `sqlite3 data/database.sqlite SQLite version 3.22.0 2018-01-22 18:45:57 Enter ".help" for usage hints. sqlite> SELECT id,nice_name,domain_names FROM certificate; 9 is the new certificate ID. 2 is the old certificate ID. UPDATE proxy_host SET certificate_id = 9 WHERE certificate_id = 2; restart service `
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@Buronn commented on GitHub (Apr 22, 2025):

Same issue here, i need a solution, i have a custom container that renovates my custom certificates but i cant put them into npm automatically

<!-- gh-comment-id:2819935308 --> @Buronn commented on GitHub (Apr 22, 2025): Same issue here, i need a solution, i have a custom container that renovates my custom certificates but i cant put them into npm automatically
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@derRichter commented on GitHub (Sep 23, 2025):

+1 here
but ok, i set a custom-Cert with the expire-Date to 2999 and done...
Then i can upload every new certifiacte with "certify certificate Manager" to the real Webserver and to the NPM and restart both

<!-- gh-comment-id:3323469008 --> @derRichter commented on GitHub (Sep 23, 2025): +1 here but ok, i set a custom-Cert with the expire-Date to 2999 and done... Then i can upload every new certifiacte with "certify certificate Manager" to the real Webserver and to the NPM and restart both
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@Legendary4226 commented on GitHub (Sep 25, 2025):

+1

I have miss configured something in the domains list and now I need to recreate a token from Cloudflare for the DNS challenge

<!-- gh-comment-id:3335951260 --> @Legendary4226 commented on GitHub (Sep 25, 2025): +1 I have miss configured something in the domains list and now I need to recreate a token from Cloudflare for the DNS challenge
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@Riffer commented on GitHub (Jan 6, 2026):

+1 - it should be possible for NPM to retrieve the expire date directly from the cert.

<!-- gh-comment-id:3713774980 --> @Riffer commented on GitHub (Jan 6, 2026): +1 - it should be possible for NPM to retrieve the expire date directly from the cert.
kerem commented 2026-02-26 06:36:16 +03:00
Author
Owner
Copy link

@ts2580 commented on GitHub (Feb 11, 2026):

+1

<!-- gh-comment-id:3882065191 --> @ts2580 commented on GitHub (Feb 11, 2026): +1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#1217
No description provided.