starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #2418] Internal error on renewing SSL certificate when all requests of proxy host are redirected #1697

New issue
Closed
opened 2026-02-26 07:32:05 +03:00 by kerem · 8 comments
kerem commented 2026-02-26 07:32:05 +03:00
Owner
Copy link

Originally created by @davhae on GitHub (Nov 22, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2418

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • No
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug
When using the Advanced NGINX Configuration of a proxy host to redirect all requests, renewal of certificates returns an internal error.

The configuration may look like this:

rewrite ^(/.*)$ https://another-domain.com/ permanent;

Nginx Proxy Manager Version
v2.9.18

Expected behavior
I don't really know if it is expected, but requests to .well-known should be handled by the reverse proxy.

Operating System
Ubuntu Jammy

Originally created by @davhae on GitHub (Nov 22, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2418 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - No - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** When using the Advanced NGINX Configuration of a proxy host to redirect all requests, renewal of certificates returns an internal error. The configuration may look like this: ``` rewrite ^(/.*)$ https://another-domain.com/ permanent; ``` **Nginx Proxy Manager Version** v2.9.18 **Expected behavior** I don't really know if it is expected, but requests to .well-known should be handled by the reverse proxy. **Operating System** Ubuntu Jammy
kerem 2026-02-26 07:32:05 +03:00
  • closed this issue
  • added the
    stale
    bug
         labels
kerem commented 2026-02-26 07:32:05 +03:00
Author
Owner
Copy link

@the1ts commented on GitHub (Nov 23, 2022):

Just asking, but does the problem domain have force-ssl enabled? There is a bug with this config, remove the force-ssl, manually renew and turn back on until the fixed is merged and released. The bug is because the current config forces the redirect to https before letsencrypt exception is processed so letsencrypt fails since it doesn't work over https. So check if its this bug or your rewrite that is causing the letsencrypt breakage.

<!-- gh-comment-id:1325457323 --> @the1ts commented on GitHub (Nov 23, 2022): Just asking, but does the problem domain have force-ssl enabled? There is a bug with this config, remove the force-ssl, manually renew and turn back on until the fixed is merged and released. The bug is because the current config forces the redirect to https before letsencrypt exception is processed so letsencrypt fails since it doesn't work over https. So check if its this bug or your rewrite that is causing the letsencrypt breakage.
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@gnilebein commented on GitHub (Dec 12, 2022):

Just asking, but does the problem domain have force-ssl enabled? There is a bug with this config, remove the force-ssl, manually renew and turn back on until the fixed is merged and released. The bug is because the current config forces the redirect to https before letsencrypt exception is processed so letsencrypt fails since it doesn't work over https. So check if its this bug or your rewrite that is causing the letsencrypt breakage.

Is there an issue about the bug that I can subscribe to in order to get an info when it is fixed? I could not find one with the search.

<!-- gh-comment-id:1346245264 --> @gnilebein commented on GitHub (Dec 12, 2022): > Just asking, but does the problem domain have force-ssl enabled? There is a bug with this config, remove the force-ssl, manually renew and turn back on until the fixed is merged and released. The bug is because the current config forces the redirect to https before letsencrypt exception is processed so letsencrypt fails since it doesn't work over https. So check if its this bug or your rewrite that is causing the letsencrypt breakage. Is there an issue about the bug that I can subscribe to in order to get an info when it is fixed? I could not find one with the search.
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@davhae commented on GitHub (Dec 12, 2022):

Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable.
On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew.

<!-- gh-comment-id:1346908907 --> @davhae commented on GitHub (Dec 12, 2022): Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable. On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew.
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@gnilebein commented on GitHub (Dec 12, 2022):

Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable. On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew.

There is an fix for the issue... Just need to be merged... i added the change to my docker container (FIX: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2038)

<!-- gh-comment-id:1347140918 --> @gnilebein commented on GitHub (Dec 12, 2022): > Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable. On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew. There is an fix for the issue... Just need to be merged... i added the change to my docker container (FIX: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2038)
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@davhae commented on GitHub (Dec 13, 2022):

Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable. On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew.

There is an fix for the issue... Just need to be merged... i added the change to my docker container (FIX: #2038)

Like i said it has nothing to do with force-ssl

<!-- gh-comment-id:1347948574 --> @davhae commented on GitHub (Dec 13, 2022): > > Disabling force-ssl for the only Redirection-Host using the certificate does not make it renewable. On the other hand, temporarily removing the rewrite while force-ssl is activate results in a successful renew. > > There is an fix for the issue... Just need to be merged... i added the change to my docker container (FIX: #2038) Like i said it has nothing to do with force-ssl
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@evelynhathaway commented on GitHub (Dec 26, 2022):

@davhae Maybe the issue is that rewrite redirects before the NPM has a chance to respond to Let's Encrypt. What if you try wrapping your rewrite in a location block?

Custom Nginx Configuration - Redirects ACME challenge (Before)

rewrite ^(/.*)$ https://another-domain.com/ permanent;

Custom Nginx Configuration - Responds to ACME challenge (After)

location / {
  rewrite ^(/.*)$ https://another-domain.com/ permanent;
}
<!-- gh-comment-id:1365449507 --> @evelynhathaway commented on GitHub (Dec 26, 2022): @davhae Maybe the issue is that `rewrite` redirects before the NPM has a chance to respond to Let's Encrypt. What if you try wrapping your `rewrite` in a `location` block? **Custom Nginx Configuration - Redirects ACME challenge (Before)** ```nginx rewrite ^(/.*)$ https://another-domain.com/ permanent; ``` **Custom Nginx Configuration - Responds to ACME challenge (After)** ```nginx location / { rewrite ^(/.*)$ https://another-domain.com/ permanent; } ```
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Feb 4, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1925539695 --> @github-actions[bot] commented on GitHub (Feb 4, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 07:32:06 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 21, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2742069639 --> @github-actions[bot] commented on GitHub (Mar 21, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#1697
No description provided.