starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #2191] Custom Certificate Import not working- Upload Failed:0 #1568

New issue
Closed
opened 2026-02-26 07:31:35 +03:00 by kerem · 4 comments
kerem commented 2026-02-26 07:31:35 +03:00
Owner
Copy link

Originally created by @ghostersk on GitHub (Aug 7, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2191

EDIT:
The issue was not in docker, but it could not read the certificates, as it was created with sudo... I do not understand why it could not read those files when I could read them without sudo as normal user

I just installed NPM and try to add my self signed certs. I tried multiple generating methods but none of them works. It is latest Docker installation.
Screenshot_20220807_134641

version: '3'
networks:
  main:
    external: true
services:
  npm:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    hostname: npm
    environment:
      DISABLE_IPV6: 'true'
    networks:
      main:
        ipv4_address: 10.100.111.253
    ports:
      - '127.0.0.1:80:80'
      - '127.0.0.1:81:81'
      - '127.0.0.1:443:443'
    volumes:
      - /opt/configdockers/npm/data:/data
      - /opt/configdockers/npm/letsencrypt:/etc/letsencrypt

I tried to generate Certificates with CA and import cert-key.pem as key and cert.pem as certificate:

sslpath=$(pwd)
mycn="localserver"
dnsname="*.local.com"

echo "Generating CA key and cert"
openssl genrsa -aes256 -out $sslpath/cakey.pem 4096
openssl req -new -x509 -sha256 -days 3650 -key $sslpath/cakey.pem \
-out $sslpath/ca.pem 
mkdir -p /usr/local/share/ca-certificates
cp $sslpath/ca.pem /usr/local/share/ca-certificates/ca.crt
sudo update-ca-certificates

echo "Generating RSA Key cert-key.pem"
openssl genrsa -out $sslpath/cert-key.pem 4096
mkdir -p $sslpath/$mycn
echo "Creating CSR: $sslpath/$mycn/cert.csr"
openssl req -new -sha256 -subj "/CN=$mycn" -key $sslpath/cert-key.pem \
-out $sslpath/$mycn/cert.csr
echo "subjectAltName=DNS:$dnsname" > $sslpath/$mycn/extfile.cnf
echo "Creating Certificate $sslpath/$mycn/cert.pem"
openssl x509 -req -sha256 -days 3650 -in $sslpath/$mycn/cert.csr \
-CA $sslpath/ca.pem -CAkey $sslpath/cakey.pem \
-out $sslpath/$mycn/cert.pem -extfile $sslpath/$mycn/extfile.cnf \
-CAcreateserial

Also I just tried to generate simple certificate but still same issue:

openssl req -x509 -nodes -days 3650 -subj "/C=GB/ST=QC/O=Company, Inc./CN=test.com" -addext "subjectAltName=DNS:*.test.com;test.com" -newkey rsa:2048 -keyout key.key -out cert.crt;

No posts here given me any solution. I believe it was said that this is already solved in all of them.
I have suspicion that it cannot upload those certificates, but i cannot find any reason why as there is no error in NPM logs
I tried to run it from localhost:81, 127.0.0.1:81 and from the docker image ip too

Originally created by @ghostersk on GitHub (Aug 7, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2191 EDIT: The issue was not in docker, but it could not read the certificates, as it was created with sudo... I do not understand why it could not read those files when I could read them without sudo as normal user ----------- I just installed NPM and try to add my self signed certs. I tried multiple generating methods but none of them works. It is latest Docker installation. ![Screenshot_20220807_134641](https://user-images.githubusercontent.com/68815071/183291217-cd0fbecb-d87f-4c16-8996-a7ad699aa4be.png) ``` version: '3' networks: main: external: true services: npm: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped hostname: npm environment: DISABLE_IPV6: 'true' networks: main: ipv4_address: 10.100.111.253 ports: - '127.0.0.1:80:80' - '127.0.0.1:81:81' - '127.0.0.1:443:443' volumes: - /opt/configdockers/npm/data:/data - /opt/configdockers/npm/letsencrypt:/etc/letsencrypt ``` I tried to generate Certificates with CA and import cert-key.pem as key and cert.pem as certificate: ``` sslpath=$(pwd) mycn="localserver" dnsname="*.local.com" echo "Generating CA key and cert" openssl genrsa -aes256 -out $sslpath/cakey.pem 4096 openssl req -new -x509 -sha256 -days 3650 -key $sslpath/cakey.pem \ -out $sslpath/ca.pem mkdir -p /usr/local/share/ca-certificates cp $sslpath/ca.pem /usr/local/share/ca-certificates/ca.crt sudo update-ca-certificates echo "Generating RSA Key cert-key.pem" openssl genrsa -out $sslpath/cert-key.pem 4096 mkdir -p $sslpath/$mycn echo "Creating CSR: $sslpath/$mycn/cert.csr" openssl req -new -sha256 -subj "/CN=$mycn" -key $sslpath/cert-key.pem \ -out $sslpath/$mycn/cert.csr echo "subjectAltName=DNS:$dnsname" > $sslpath/$mycn/extfile.cnf echo "Creating Certificate $sslpath/$mycn/cert.pem" openssl x509 -req -sha256 -days 3650 -in $sslpath/$mycn/cert.csr \ -CA $sslpath/ca.pem -CAkey $sslpath/cakey.pem \ -out $sslpath/$mycn/cert.pem -extfile $sslpath/$mycn/extfile.cnf \ -CAcreateserial ``` Also I just tried to generate simple certificate but still same issue: ``` openssl req -x509 -nodes -days 3650 -subj "/C=GB/ST=QC/O=Company, Inc./CN=test.com" -addext "subjectAltName=DNS:*.test.com;test.com" -newkey rsa:2048 -keyout key.key -out cert.crt; ``` No posts here given me any solution. I believe it was said that this is already solved in all of them. I have suspicion that it cannot upload those certificates, but i cannot find any reason why as there is no error in NPM logs I tried to run it from localhost:81, 127.0.0.1:81 and from the docker image ip too
kerem 2026-02-26 07:31:35 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 07:31:36 +03:00
Author
Owner
Copy link

@rezzorix commented on GitHub (Aug 8, 2022):

Looks like the container has no permissions to upload/write into the folders...

With what user have you started the container? sudo by any chance?

<!-- gh-comment-id:1207846975 --> @rezzorix commented on GitHub (Aug 8, 2022): Looks like the container has no permissions to upload/write into the folders... With what user have you started the container? sudo by any chance?
kerem commented 2026-02-26 07:31:36 +03:00
Author
Owner
Copy link

@ghostersk commented on GitHub (Aug 8, 2022):

I do not remember. when i look for the permissions in the docker all belongs to root.
I run docker without sudo as it is set up to run without. I store folders in /opt and those folders require sudo for me.
But I can write inside of the container to those volumes.
Can you let me know what folder, path should I check if is writable or what user it shoul have?
This is list of users in the container:

root:*:19079:0:99999:7:::
daemon:*:19079:0:99999:7:::
bin:*:19079:0:99999:7:::
sys:*:19079:0:99999:7:::
sync:*:19079:0:99999:7:::
games:*:19079:0:99999:7:::
man:*:19079:0:99999:7:::
lp:*:19079:0:99999:7:::
mail:*:19079:0:99999:7:::
news:*:19079:0:99999:7:::
uucp:*:19079:0:99999:7:::
proxy:*:19079:0:99999:7:::
www-data:*:19079:0:99999:7:::
backup:*:19079:0:99999:7:::
list:*:19079:0:99999:7:::
irc:*:19079:0:99999:7:::
gnats:*:19079:0:99999:7:::
nobody:*:19079:0:99999:7:::
_apt:*:19079:0:99999:7:::
<!-- gh-comment-id:1208317797 --> @ghostersk commented on GitHub (Aug 8, 2022): > I do not remember. when i look for the permissions in the docker all belongs to root. I run docker without sudo as it is set up to run without. I store folders in /opt and those folders require sudo for me. But I can write inside of the container to those volumes. Can you let me know what folder, path should I check if is writable or what user it shoul have? This is list of users in the container: ``` root:*:19079:0:99999:7::: daemon:*:19079:0:99999:7::: bin:*:19079:0:99999:7::: sys:*:19079:0:99999:7::: sync:*:19079:0:99999:7::: games:*:19079:0:99999:7::: man:*:19079:0:99999:7::: lp:*:19079:0:99999:7::: mail:*:19079:0:99999:7::: news:*:19079:0:99999:7::: uucp:*:19079:0:99999:7::: proxy:*:19079:0:99999:7::: www-data:*:19079:0:99999:7::: backup:*:19079:0:99999:7::: list:*:19079:0:99999:7::: irc:*:19079:0:99999:7::: gnats:*:19079:0:99999:7::: nobody:*:19079:0:99999:7::: _apt:*:19079:0:99999:7::: ```
kerem commented 2026-02-26 07:31:36 +03:00
Author
Owner
Copy link

@rezzorix commented on GitHub (Aug 9, 2022):

Hmm I also see that you set
ports: - '127.0.0.1:80:80' - '127.0.0.1:81:81' - '127.0.0.1:443:443'
Which I believe is not correct... set it to
ports: - '80:80' - '81:81' - '443:443'
Then try again.

<!-- gh-comment-id:1208873158 --> @rezzorix commented on GitHub (Aug 9, 2022): Hmm I also see that you set ` ports: - '127.0.0.1:80:80' - '127.0.0.1:81:81' - '127.0.0.1:443:443'` Which I believe is not correct... set it to ` ports: - '80:80' - '81:81' - '443:443'` Then try again.
kerem commented 2026-02-26 07:31:36 +03:00
Author
Owner
Copy link

@ghostersk commented on GitHub (Aug 10, 2022):

I just installed it on VM with Debian 11 and same error...

<!-- gh-comment-id:1211204010 --> @ghostersk commented on GitHub (Aug 10, 2022): I just installed it on VM with Debian 11 and same error...
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#1568
No description provided.