starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #237] Custom SSL certificates not working correctly #208

New issue
Closed
opened 2026-02-26 06:31:31 +03:00 by kerem · 5 comments
kerem commented 2026-02-26 06:31:31 +03:00
Owner
Copy link

Originally created by @xorinzor on GitHub (Nov 11, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/237

Adding letsencrypts certificates works great, but custom certificates is having quite a few issues.

  1. only RSA seems to be supported, trying to add a certificate from cloudflare using the ECDSA algorithm throws an error when you try to add it, as it fails to validate the certificate. (The error can also be only viewed via the console, it's not getting returned anywhere within the web interface)

  2. Just a visual glitch, but still confusing if you are unaware: the fields where you select a file will stay empty when a file is selected. This is just visual, because if you selected the proper key and certificate it will allow you to add the certificate.

  3. It doesn't seem to recognize the comma as a delimiter properly when entering the domain names.

And now where things really seem to go wrong:
Selecting the custom SSL certificate for a domain will return an internal server error, which will break that specific proxy host in the web interface until you manually fix it.

The reason for this is that it configures the path where it expects the certificate to be to "/etc/letsencrypt/live/" inside the "proxy_host/<id>.conf".

Which would work fine if it actually was a letsencrypt certificate, but our custom ssl is in a completely different location, that doesn't appear to be symlinked anywhere inside the docker container, and can only be accessed via the mount "/config" (if this has not been changed from it's default value for whatever reason, by the user).

As a result, any changes you attempt to make via the web interface fail as it will try to check the path of the certificate (or something similar, I can see something happening in the logs, but didn't dive too deep into it) and spit out an error.

Originally created by @xorinzor on GitHub (Nov 11, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/237 Adding letsencrypts certificates works great, but custom certificates is having quite a few issues. 1. only RSA seems to be supported, trying to add a certificate from cloudflare using the ECDSA algorithm throws an error when you try to add it, as it fails to validate the certificate. (The error can also be only viewed via the console, it's not getting returned anywhere within the web interface) 2. Just a visual glitch, but still confusing if you are unaware: the fields where you select a file will stay empty when a file is selected. This is just visual, because if you selected the proper key and certificate it will allow you to add the certificate. 3. It doesn't seem to recognize the comma as a delimiter properly when entering the domain names. And now where things really seem to go wrong: Selecting the custom SSL certificate for a domain will return an internal server error, which will break that specific proxy host in the web interface until you manually fix it. The reason for this is that it configures the path where it expects the certificate to be to `"/etc/letsencrypt/live/"` inside the `"proxy_host/<id>.conf"`. Which would work fine if it actually was a letsencrypt certificate, but our custom ssl is in a completely different location, that doesn't appear to be symlinked anywhere inside the docker container, and can only be accessed via the mount `"/config"` (if this has not been changed from it's default value for whatever reason, by the user). As a result, any changes you attempt to make via the web interface fail as it will try to check the path of the certificate (or something similar, I can see something happening in the logs, but didn't dive too deep into it) and spit out an error.
kerem closed this issue 2026-02-26 06:31:31 +03:00
kerem commented 2026-02-26 06:31:32 +03:00
Author
Owner
Copy link

@mfjonesy commented on GitHub (Nov 12, 2019):

I can confirm issue #2. I was going crazy trying to figure out why it wasn't letting me select the files. Good thing I saw this! However once I added the custom SSL cert from cloudflare I was able to select it for my nextcloud proxy host with no issues.

<!-- gh-comment-id:553041655 --> @mfjonesy commented on GitHub (Nov 12, 2019): I can confirm issue #2. I was going crazy trying to figure out why it wasn't letting me select the files. Good thing I saw this! However once I added the custom SSL cert from cloudflare I was able to select it for my nextcloud proxy host with no issues.
kerem commented 2026-02-26 06:31:32 +03:00
Author
Owner
Copy link

@MatthiasMT commented on GitHub (Nov 13, 2019):

First of all, amazing software done by the creator of this project!

Second i can also confirm this with some longs on whats happening.

image

Ill try to see if i can get it working without the GUI but that could take a while!

<!-- gh-comment-id:553598881 --> @MatthiasMT commented on GitHub (Nov 13, 2019): First of all, amazing software done by the creator of this project! Second i can also confirm this with some longs on whats happening. ![image](https://user-images.githubusercontent.com/13175677/68803627-689d7c80-0660-11ea-9edc-708718040282.png) Ill try to see if i can get it working without the GUI but that could take a while!
kerem commented 2026-02-26 06:31:32 +03:00
Author
Owner
Copy link

@xorinzor commented on GitHub (Nov 13, 2019):

Ill try to see if i can get it working without the GUI but that could take a while!

Manually editing the proxy_host/"number".conf file and changing the ssl lines to the correct path did the trick for me. You just cannot use the GUI to manage this proxy_host until the issue is fixed.

(Keep in mind you need to change the path to where the certificate files are located inside the docker container, not the path where it's stored on the host)

<!-- gh-comment-id:553599868 --> @xorinzor commented on GitHub (Nov 13, 2019): > Ill try to see if i can get it working without the GUI but that could take a while! Manually editing the proxy_host/"number".conf file and changing the ssl lines to the correct path did the trick for me. You just cannot use the GUI to manage this proxy_host until the issue is fixed. (Keep in mind you need to change the path to where the certificate files are located inside the docker container, not the path where it's stored on the host)
kerem commented 2026-02-26 06:31:32 +03:00
Author
Owner
Copy link

@MatthiasMT commented on GitHub (Nov 13, 2019):

Ill try to see if i can get it working without the GUI but that could take a while!

Manually editing the proxy_host/"number".conf file and changing the ssl lines to the correct path did the trick for me. You just cannot use the GUI to manage this proxy_host until the issue is fixed.

(Keep in mind you need to change the path to where the certificate files are located inside the docker container, not the path where it's stored on the host)

Ahh good to know its possible and i dont have to store anything in the database?

Ill take a look tomorrow and see what i can get working, thanks xorinzor

<!-- gh-comment-id:553604130 --> @MatthiasMT commented on GitHub (Nov 13, 2019): > > Ill try to see if i can get it working without the GUI but that could take a while! > > Manually editing the proxy_host/"number".conf file and changing the ssl lines to the correct path did the trick for me. You just cannot use the GUI to manage this proxy_host until the issue is fixed. > > (Keep in mind you need to change the path to where the certificate files are located inside the docker container, not the path where it's stored on the host) Ahh good to know its possible and i dont have to store anything in the database? Ill take a look tomorrow and see what i can get working, thanks xorinzor
kerem commented 2026-02-26 06:31:32 +03:00
Author
Owner
Copy link

@xorinzor commented on GitHub (Nov 13, 2019):

Ahh good to know its possible and i dont have to store anything in the database?

I wasn't aware that a database was being used, despite that, just manually editing the config file did the trick for me. Maybe if you edit the entry in the database it could fix some other issues, but that's just pure speculation as I have no idea what's being stored in the database.

<!-- gh-comment-id:553605454 --> @xorinzor commented on GitHub (Nov 13, 2019): > Ahh good to know its possible and i dont have to store anything in the database? I wasn't aware that a database was being used, despite that, just manually editing the config file did the trick for me. Maybe if you edit the entry in the database it could fix some other issues, but that's just pure speculation as I have no idea what's being stored in the database.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#208
No description provided.