starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #80] SSL Cipher error #71

New issue
Closed
opened 2026-02-26 05:34:06 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 05:34:06 +03:00
Owner
Copy link

Originally created by @checkerbomb on GitHub (Feb 21, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/80

I've installed a custom SSL certificate, and played with all the settings, but currently receiving an SSL error. I have ports 80/443 forwarded through the firewall to the nginx-proxy-host container. I've tried toggling things on/off in the Proxy Host settings with no change. Here are the basic settings I'm trying to use:

image

image

Here is the error I receive.

Chrome:
image

Firefox:
image

Originally created by @checkerbomb on GitHub (Feb 21, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/80 I've installed a custom SSL certificate, and played with all the settings, but currently receiving an SSL error. I have ports 80/443 forwarded through the firewall to the nginx-proxy-host container. I've tried toggling things on/off in the Proxy Host settings with no change. Here are the basic settings I'm trying to use: ![image](https://user-images.githubusercontent.com/1671346/53180192-1f356a80-35c3-11e9-90da-c075339564a8.png) ![image](https://user-images.githubusercontent.com/1671346/53180331-5dcb2500-35c3-11e9-9210-80ca64c189a5.png) Here is the error I receive. Chrome: ![image](https://user-images.githubusercontent.com/1671346/53180597-dfbb4e00-35c3-11e9-9fb0-167df71ae938.png) Firefox: ![image](https://user-images.githubusercontent.com/1671346/53180639-fe214980-35c3-11e9-82bf-a0de2be94b21.png)
kerem 2026-02-26 05:34:06 +03:00
kerem commented 2026-02-26 05:34:07 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Feb 25, 2019):

Can you use an online SSL checker to see what they say about the setup?

<!-- gh-comment-id:466832685 --> @jc21 commented on GitHub (Feb 25, 2019): Can you use an online SSL checker to see what they say about the setup? - https://www.sslshopper.com/ssl-checker.html - https://www.ssllabs.com/ssltest/ - https://www.digicert.com/help/
kerem commented 2026-02-26 05:34:07 +03:00
Author
Owner
Copy link

@checkerbomb commented on GitHub (Feb 25, 2019):

Thanks for the reply. Based on these tests, it seems to me that the SSL cert is not being presented by nginx. Here are the results from the first two links. I should also note that I am using this same cert without issue on pfSense via haproxy, which I am attempting to replace with nginx-proxy-manager. I have also double checked that firewall and NAT rules are setup correctly, and reuploaded the cert and reconfigured the proxy host as well.

image

image

<!-- gh-comment-id:467038684 --> @checkerbomb commented on GitHub (Feb 25, 2019): Thanks for the reply. Based on these tests, it seems to me that the SSL cert is not being presented by nginx. Here are the results from the first two links. I should also note that I am using this same cert without issue on pfSense via haproxy, which I am attempting to replace with nginx-proxy-manager. I have also double checked that firewall and NAT rules are setup correctly, and reuploaded the cert and reconfigured the proxy host as well. ![image](https://user-images.githubusercontent.com/1671346/53345121-35546b00-38e2-11e9-98c4-59b977495651.png) ![image](https://user-images.githubusercontent.com/1671346/53345270-7f3d5100-38e2-11e9-896b-f40ad0262ac8.png)
kerem commented 2026-02-26 05:34:08 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Feb 25, 2019):

Ok that's super weird. Can you find the generated nginx config file for this host, it will be in your data/nginx/proxy_host folder, paste the contents here without your domain name for privacy

<!-- gh-comment-id:467214725 --> @jc21 commented on GitHub (Feb 25, 2019): Ok that's super weird. Can you find the generated nginx config file for this host, it will be in your `data/nginx/proxy_host` folder, paste the contents here without your domain name for privacy
kerem commented 2026-02-26 05:34:08 +03:00
Author
Owner
Copy link

@checkerbomb commented on GitHub (Feb 26, 2019):

Sure thing. The formatting of the file was getting severely screwed up by Markdown, so I've attached it instead.

proxy-conf.txt

<!-- gh-comment-id:467463001 --> @checkerbomb commented on GitHub (Feb 26, 2019): Sure thing. The formatting of the file was getting severely screwed up by Markdown, so I've attached it instead. [proxy-conf.txt](https://github.com/jc21/nginx-proxy-manager/files/2905987/proxy-conf.txt)
kerem commented 2026-02-26 05:34:08 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Feb 27, 2019):

Ok so you can't use my.domain.com/portainer as the hostname, because it contains a path. When you ssl check my.domain.com/portainer it's actually checking my.domain.com and that doesn't (presumably) has configuration - and won't have ssl configured.

It's only currently possible to create portainer.domain.com host and apply a custom wildcard cert for domain.com to that proxy host.

Refer to #74 for possible future support of sub-folder forwarding.

<!-- gh-comment-id:467705703 --> @jc21 commented on GitHub (Feb 27, 2019): Ok so you can't use `my.domain.com/portainer` as the hostname, because it contains a path. When you ssl check `my.domain.com/portainer` it's actually checking `my.domain.com` and that doesn't (presumably) has configuration - and won't have ssl configured. It's only currently possible to create `portainer.domain.com` host and apply a custom wildcard cert for `domain.com` to that proxy host. Refer to #74 for possible future support of sub-folder forwarding.
kerem commented 2026-02-26 05:34:08 +03:00
Author
Owner
Copy link

@checkerbomb commented on GitHub (Feb 27, 2019):

OK, thanks for the feedback. I will wait until this has been implemented, as setting up a subdomain for each and every application I need to forward (currently 12 but steadily increasing) would be cumbersome and also defeat the purpose of the custom SSL cert I have previously purchased for this specific subdomain.

I will say that I personally believe reverse proxying based on path is a critical feature and one that many will make use of. Nginx already supports it natively. https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/

Thanks! :)

<!-- gh-comment-id:467879636 --> @checkerbomb commented on GitHub (Feb 27, 2019): OK, thanks for the feedback. I will wait until this has been implemented, as setting up a subdomain for each and every application I need to forward (currently 12 but steadily increasing) would be cumbersome and also defeat the purpose of the custom SSL cert I have previously purchased for this specific subdomain. I will say that I personally believe reverse proxying based on path is a critical feature and one that many will make use of. Nginx already supports it natively. https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ Thanks! :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#71
No description provided.