starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #87] [Feature request] Custom SSL local path / file #76

New issue
Open
opened 2026-02-26 05:34:09 +03:00 by kerem · 32 comments
kerem commented 2026-02-26 05:34:09 +03:00
Owner
Copy link

Originally created by @eithe on GitHub (Feb 26, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/87

Hi, I have my certificates accessible from the file system on the docker host so it would be great when adding a custom certificate that you could specify a local path instead of manually uploading the required files,

That way I could setup the container with e.g.:

volumes
  - /var/ssl:/ssl

And when adding a custom certificate I could enter e.g. /ssl/my.cert

Originally created by @eithe on GitHub (Feb 26, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/87 Hi, I have my certificates accessible from the file system on the docker host so it would be great when adding a custom certificate that you could specify a local path instead of manually uploading the required files, That way I could setup the container with e.g.: volumes - /var/ssl:/ssl And when adding a custom certificate I could enter e.g. `/ssl/my.cert`
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@vrelk commented on GitHub (May 6, 2019):

This would be very helpful. I use a .net for my local network, so being able to use something such as acme.sh to generate a wildcard using a txt dns entry would be great and not have to copy the cert over manually.

For reference: https://github.com/Neilpang/acme.sh

<!-- gh-comment-id:489474788 --> @vrelk commented on GitHub (May 6, 2019): This would be very helpful. I use a .net for my local network, so being able to use something such as acme.sh to generate a wildcard using a txt dns entry would be great and not have to copy the cert over manually. For reference: https://github.com/Neilpang/acme.sh
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@cbrherms commented on GitHub (Jun 24, 2019):

I would also like this. Would be useful for wildcard certs i'm generating via a different container.

<!-- gh-comment-id:505207333 --> @cbrherms commented on GitHub (Jun 24, 2019): I would also like this. Would be useful for wildcard certs i'm generating via a different container.
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@Dragonpark commented on GitHub (Sep 11, 2019):

I would also love this feature as this is the only thing preventing me from using this. I also use a different container to generate my certs (via DNS, not HTTP), which also handles automatically restarting any required containers when the certificate updates.

<!-- gh-comment-id:530183881 --> @Dragonpark commented on GitHub (Sep 11, 2019): I would also love this feature as this is the only thing preventing me from using this. I also use a different container to generate my certs (via DNS, not HTTP), which also handles automatically restarting any required containers when the certificate updates.
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@ubergeek77 commented on GitHub (Oct 3, 2019):

Apologies for the ping, but can we get a comment on this, @jc21 ?

<!-- gh-comment-id:538089073 --> @ubergeek77 commented on GitHub (Oct 3, 2019): Apologies for the ping, but can we get a comment on this, @jc21 ?
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@osnet commented on GitHub (Dec 4, 2020):

the actual compose magic is putting the certs persistent in ./letsencrypt/
image
image
image

ok you have to know what npm-ID is your cert but thats ok in smaller environments

<!-- gh-comment-id:738614455 --> @osnet commented on GitHub (Dec 4, 2020): the actual compose magic is putting the certs persistent in ./letsencrypt/ ![image](https://user-images.githubusercontent.com/1938728/101133522-2cd9aa00-3609-11eb-9ad8-175f00128842.png) ![image](https://user-images.githubusercontent.com/1938728/101133552-382cd580-3609-11eb-9a4a-34a1fea6f773.png) ![image](https://user-images.githubusercontent.com/1938728/101133570-43800100-3609-11eb-9931-702ec3c2f0fc.png) ok you have to know what npm-ID is your cert but thats ok in smaller environments
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@christian-skjetne commented on GitHub (Dec 10, 2020):

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration".
Example:

listen 443 ssl http2;
listen [::]:443;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /path/to/cert/cert.pem;
  ssl_certificate_key /path/to/cert/key.pem;

just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.

P.S: to force ssl redirect add the line include conf.d/include/force-ssl.conf;

<!-- gh-comment-id:742831838 --> @christian-skjetne commented on GitHub (Dec 10, 2020): There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example: ``` listen 443 ssl http2; listen [::]:443; # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /path/to/cert/cert.pem; ssl_certificate_key /path/to/cert/key.pem; ``` just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work. P.S: to force ssl redirect add the line `include conf.d/include/force-ssl.conf;`
kerem commented 2026-02-26 05:34:11 +03:00
Author
Owner
Copy link

@rubendepuben commented on GitHub (Feb 13, 2021):

Damn this feature would be nice

<!-- gh-comment-id:778671351 --> @rubendepuben commented on GitHub (Feb 13, 2021): Damn this feature would be nice
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@meinradr commented on GitHub (Aug 24, 2021):

This feature would be amazing. Specially for non proxy host certificates since there is no advanced tab and therefore @christian-skjetne workaround does not work.

<!-- gh-comment-id:904943141 --> @meinradr commented on GitHub (Aug 24, 2021): This feature would be amazing. Specially for non proxy host certificates since there is no advanced tab and therefore @christian-skjetne workaround does not work.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@shalak commented on GitHub (Mar 6, 2022):

Any updates on this one? I'm managing certbot separately and I'm provisioning all my services with certs via hooks. I'd like to see a "load cert from this path" option in npm...

<!-- gh-comment-id:1059880009 --> @shalak commented on GitHub (Mar 6, 2022): Any updates on this one? I'm managing certbot separately and I'm provisioning all my services with certs via hooks. I'd like to see a "load cert from this path" option in npm...
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@azoller1 commented on GitHub (Apr 4, 2022):

@shalak

Does @christian-skjetne comment not help you? Should be ok for any http proxy route. Haven't tried this out yet, though. Really want to use NPM, but this is a feature I would like to have. But, I think this should work for now.

<!-- gh-comment-id:1087204354 --> @azoller1 commented on GitHub (Apr 4, 2022): @shalak Does @christian-skjetne comment not help you? Should be ok for any http proxy route. Haven't tried this out yet, though. Really want to use NPM, but this is a feature I would like to have. But, I think this should work for now.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@shalak commented on GitHub (Apr 4, 2022):

Does @christian-skjetne comment not help you?

Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.

<!-- gh-comment-id:1087285820 --> @shalak commented on GitHub (Apr 4, 2022): > Does @christian-skjetne comment not help you? Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@azoller1 commented on GitHub (Apr 4, 2022):

Does @christian-skjetne comment not help you?

Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all.

I see. I am in the same boat as well. I am just manually editing my conf files at this point. Really easy to use nginxconfig.io to provide for the base files.

<!-- gh-comment-id:1087297840 --> @azoller1 commented on GitHub (Apr 4, 2022): > > Does @christian-skjetne comment not help you? > > Yes, it does solve the issue, but I do not like to have such workarounds. If I have to manage configuration manually, I prefer to keep it all manually and not use NPM at all. I see. I am in the same boat as well. I am just manually editing my conf files at this point. Really easy to use nginxconfig.io to provide for the base files.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@BigW72 commented on GitHub (May 27, 2022):

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:

...

Apologies if this is an idiot question, but why does it not seem to work to stop the container, replace the privkey.pem and fullchain.pem in the relevant /data/custom_ssl/npm-x folder with manually updated cert/key files and restarting the container?

<!-- gh-comment-id:1139729319 --> @BigW72 commented on GitHub (May 27, 2022): > There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example: > > ... > Apologies if this is an idiot question, but why does it not seem to work to stop the container, replace the `privkey.pem` and `fullchain.pem` in the relevant `/data/custom_ssl/npm-x` folder with manually updated cert/key files and restarting the container?
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@1liminal1 commented on GitHub (Oct 13, 2022):

There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example:

listen 443 ssl http2;
listen [::]:443;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /path/to/cert/cert.pem;
  ssl_certificate_key /path/to/cert/key.pem;

just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work.

P.S: to force ssl redirect add the line include conf.d/include/force-ssl.conf;

Can anyone advise what Im doing wrong here?

I add the config as specified and it gives me an offline error? Essentially breaks it

image

<!-- gh-comment-id:1277364286 --> @1liminal1 commented on GitHub (Oct 13, 2022): > There is a way to do this using the web interface. You can just turn off the SSL setting in the "proxy host" settings (set to none) and in the "Advanced"-tab you can set the ssl nginx manually using "Custom Nginx Configuration". Example: > > ``` > listen 443 ssl http2; > listen [::]:443; > > # Let's Encrypt SSL > include conf.d/include/letsencrypt-acme-challenge.conf; > include conf.d/include/ssl-ciphers.conf; > ssl_certificate /path/to/cert/cert.pem; > ssl_certificate_key /path/to/cert/key.pem; > ``` > > just copy and paste this for every "proxy host" you want to add. Not perfect or elegant, but it seems to work. > > P.S: to force ssl redirect add the line `include conf.d/include/force-ssl.conf;` Can anyone advise what Im doing wrong here? I add the config as specified and it gives me an offline error? Essentially breaks it ![image](https://user-images.githubusercontent.com/10505942/195568301-dcf268b0-f8ba-4fa9-b1fc-8d3cbdef80a1.png)
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@tuxthepenguin84 commented on GitHub (Nov 22, 2022):

@1liminal1
I had a similar issue until I realized I had a conflicting config in it (listen 80 was in "details" and "advanced", once I removed it from "advanced" it worked). I would double check all your paths are correct and possibly restart the container, here's my exact config:

listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;
<!-- gh-comment-id:1324049435 --> @tuxthepenguin84 commented on GitHub (Nov 22, 2022): @1liminal1 I had a similar issue until I realized I had a conflicting config in it (listen 80 was in "details" and "advanced", once I removed it from "advanced" it worked). I would double check all your paths are correct and possibly restart the container, here's my exact config: ``` listen 443 ssl http2; include conf.d/include/ssl-ciphers.conf; include conf.d/include/force-ssl.conf; ssl_certificate /data/custom_ssl/fullchain.pem; ssl_certificate_key /data/custom_ssl/privkey.pem; ```
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@tuxthepenguin84 commented on GitHub (Nov 22, 2022):

There's a simpler way to do this if all your Proxy Host need the same SSL config.

  1. Set SSL to none for all your Proxy Host
  2. Remove any SSL config from Advanced
  3. Paste your custom SSL config in /data/nginx/custom/server_proxy.conf
listen 443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;
  1. Restart container
<!-- gh-comment-id:1324162616 --> @tuxthepenguin84 commented on GitHub (Nov 22, 2022): There's a simpler way to do this if all your Proxy Host need the same SSL config. 1. Set SSL to none for all your Proxy Host 2. Remove any SSL config from Advanced 3. Paste your custom SSL config in /data/nginx/custom/server_proxy.conf ``` listen 443 ssl http2; include conf.d/include/ssl-ciphers.conf; include conf.d/include/force-ssl.conf; ssl_certificate /data/custom_ssl/fullchain.pem; ssl_certificate_key /data/custom_ssl/privkey.pem; ``` 4. Restart container
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@BigW72 commented on GitHub (Feb 10, 2023):

There's a simpler way to do this if all your Proxy Host need the same SSL config.

Great, thanks! I have also tested this with a single proxy host and it works - now I can update the SSL settings for the 40+ others for the last time!

<!-- gh-comment-id:1426328665 --> @BigW72 commented on GitHub (Feb 10, 2023): > There's a simpler way to do this if all your Proxy Host need the same SSL config. Great, thanks! I have also tested this with a single proxy host and it works - now I can update the SSL settings for the 40+ others for the last time!
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@ThaDaVos commented on GitHub (Sep 2, 2023):

Is there any progress on this issue except the mentioned workaround?

<!-- gh-comment-id:1703781049 --> @ThaDaVos commented on GitHub (Sep 2, 2023): Is there any progress on this issue except the mentioned workaround?
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@Ducksoul commented on GitHub (Nov 11, 2023):

I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline:
include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;

<!-- gh-comment-id:1806825709 --> @Ducksoul commented on GitHub (Nov 11, 2023): I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline: `include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;`
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@nsaneadmin commented on GitHub (Jan 20, 2024):

I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline: include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;

full path also fixed mine! Good find Thanks!

<!-- gh-comment-id:1901717763 --> @nsaneadmin commented on GitHub (Jan 20, 2024): > I had to declare absolute paths within the include lines. Otherwise the proxy hosts went offline: `include /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf;` full path also fixed mine! Good find Thanks!
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@shalafi99 commented on GitHub (Aug 26, 2024):

I too would be interested if this feature were to be included natively in NPM (thus eliminating the need to use the "Advanced" tab in each proxy host or going with the /data/nginx/custom/server_proxy.conf customization)

<!-- gh-comment-id:2311062444 --> @shalafi99 commented on GitHub (Aug 26, 2024): I too would be interested if this feature were to be included natively in NPM (thus eliminating the need to use the "Advanced" tab in each proxy host or going with the /data/nginx/custom/server_proxy.conf customization)
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@cwilson1776 commented on GitHub (Sep 25, 2024):

Regarding tuxthepenguin84's advice...

If your network and docker environment is set up for dual-stack, you need to also enable port 443 on IPv6:

listen 443 ssl http2;
listen [::]:443 ssl http2;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/force-ssl.conf;
ssl_certificate /data/custom_ssl/fullchain.pem;
ssl_certificate_key /data/custom_ssl/privkey.pem;

or you may get the dreaded SSL_ERROR_UNRECOGNIZED_NAME_ALERT error when connecting. (What's terrible about this error response is that the nginx logs will not report issues during the SSL negotiation phase, so...you've got nothing to go on when trying to debug).

<!-- gh-comment-id:2372736907 --> @cwilson1776 commented on GitHub (Sep 25, 2024): Regarding [tuxthepenguin84](https://github.com/tuxthepenguin84)'s [advice](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/87#issuecomment-1324162616)... If your network and docker environment is set up for dual-stack, you need to also enable port 443 on IPv6: ``` listen 443 ssl http2; listen [::]:443 ssl http2; include conf.d/include/ssl-ciphers.conf; include conf.d/include/force-ssl.conf; ssl_certificate /data/custom_ssl/fullchain.pem; ssl_certificate_key /data/custom_ssl/privkey.pem; ``` or you may get the dreaded SSL_ERROR_UNRECOGNIZED_NAME_ALERT error when connecting. (What's terrible about this error response is that the nginx logs will not report issues during the SSL negotiation phase, so...you've got nothing to go on when trying to debug).
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@AngelGonePro commented on GitHub (Jan 10, 2025):

Non of this is working for me
Please for the love of God add an option to add custom located certs, this is annoying and aggravating.
Your own cert system gets errors, so having to go this route is my only option.
image

<!-- gh-comment-id:2582921837 --> @AngelGonePro commented on GitHub (Jan 10, 2025): Non of this is working for me Please for the love of God add an option to add custom located certs, this is annoying and aggravating. Your own cert system gets errors, so having to go this route is my only option. ![image](https://github.com/user-attachments/assets/7532cbe8-6642-40d3-a0c8-78d658551a6c)
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@AngelGonePro commented on GitHub (Jan 10, 2025):

@tuxthepenguin84 Your method doesn't work. I just get a Unable to connect(to X.X.X.X:81) after restarting the docker. I have multiple domains so one file will not work for the multiple domains.
This feature needs to be added in the SSL section instead of having to upload them every renewal when certbot renews them.

<!-- gh-comment-id:2583024424 --> @AngelGonePro commented on GitHub (Jan 10, 2025): @tuxthepenguin84 Your method doesn't work. I just get a Unable to connect(to X.X.X.X:81) after restarting the docker. I have multiple domains so one file will not work for the multiple domains. This feature needs to be added in the SSL section instead of having to upload them every renewal when certbot renews them.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@slovely commented on GitHub (Jan 22, 2025):

Non of this is working for me Please for the love of God add an option to add custom located certs, this is annoying and aggravating. Your own cert system gets errors, so having to go this route is my only option. image

I suspect you've just hit the same issue I have. If you look in /data/logs/fallback_error.log my guess is you'll see something like:

the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/5.conf:31

The later version of nginx has moved how http2 is specified (see https://forum.hestiacp.com/t/nginx-1-25-1-listen-http2-directive-is-deprecated/9816). Now http2 should be removed from the listen line and moved into it's own line below as http2 on;.

HOWEVER - because on the SSL tab you are not selecting a cert, then you cannot enable http2 so NPM is already adding a conflicting http2 off; line...

Can we get the option to enable HTTP/2 support without having to choose a certificate please?

<!-- gh-comment-id:2608318331 --> @slovely commented on GitHub (Jan 22, 2025): > Non of this is working for me Please for the love of God add an option to add custom located certs, this is annoying and aggravating. Your own cert system gets errors, so having to go this route is my only option. ![image](https://github.com/user-attachments/assets/7532cbe8-6642-40d3-a0c8-78d658551a6c) I suspect you've just hit the same issue I have. If you look in `/data/logs/fallback_error.log` my guess is you'll see something like: ``` the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/5.conf:31 ``` The later version of nginx has moved how http2 is specified (see https://forum.hestiacp.com/t/nginx-1-25-1-listen-http2-directive-is-deprecated/9816). Now http2 should be removed from the `listen` line and moved into it's own line below as `http2 on;`. HOWEVER - because on the SSL tab you are not selecting a cert, then you cannot enable http2 so NPM is already adding a conflicting `http2 off;` line... Can we get the option to enable HTTP/2 support _without_ having to choose a certificate please?
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@tuxthepenguin84 commented on GitHub (Jan 22, 2025):

For everyone having issues it might be better to move to pure nginx. I did that a while back and haven't had any further problems.

<!-- gh-comment-id:2608474260 --> @tuxthepenguin84 commented on GitHub (Jan 22, 2025): For everyone having issues it might be better to move to pure nginx. I did that a while back and haven't had any further problems.
kerem commented 2026-02-26 05:34:12 +03:00
Author
Owner
Copy link

@AngelGonePro commented on GitHub (Jan 23, 2025):

Non of this is working for me Please for the love of God add an option to add custom located certs, this is annoying and aggravating. Your own cert system gets errors, so having to go this route is my only option. image

I suspect you've just hit the same issue I have. If you look in /data/logs/fallback_error.log my guess is you'll see something like:

the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/5.conf:31

The later version of nginx has moved how http2 is specified (see https://forum.hestiacp.com/t/nginx-1-25-1-listen-http2-directive-is-deprecated/9816). Now http2 should be removed from the listen line and moved into it's own line below as http2 on;.

HOWEVER - because on the SSL tab you are not selecting a cert, then you cannot enable http2 so NPM is already adding a conflicting http2 off; line...

Can we get the option to enable HTTP/2 support without having to choose a certificate please?

No, my log was that NPM couldn't somehow read the file, said was expecting --- PUBLIC KEY--- or something along the lines of that. Even though the file was generated using certbot and was generated correctly.

<!-- gh-comment-id:2608815347 --> @AngelGonePro commented on GitHub (Jan 23, 2025): > > Non of this is working for me Please for the love of God add an option to add custom located certs, this is annoying and aggravating. Your own cert system gets errors, so having to go this route is my only option. ![image](https://github.com/user-attachments/assets/7532cbe8-6642-40d3-a0c8-78d658551a6c) > > I suspect you've just hit the same issue I have. If you look in `/data/logs/fallback_error.log` my guess is you'll see something like: > > ``` > the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/5.conf:31 > ``` > > The later version of nginx has moved how http2 is specified (see https://forum.hestiacp.com/t/nginx-1-25-1-listen-http2-directive-is-deprecated/9816). Now http2 should be removed from the `listen` line and moved into it's own line below as `http2 on;`. > > HOWEVER - because on the SSL tab you are not selecting a cert, then you cannot enable http2 so NPM is already adding a conflicting `http2 off;` line... > > Can we get the option to enable HTTP/2 support _without_ having to choose a certificate please? No, my log was that NPM couldn't somehow read the file, said `was expecting --- PUBLIC KEY---` or something along the lines of that. Even though the file was generated using certbot and was generated correctly.
kerem commented 2026-02-26 05:34:13 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Aug 23, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3216117651 --> @github-actions[bot] commented on GitHub (Aug 23, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 05:34:13 +03:00
Author
Owner
Copy link

@bartgrefte commented on GitHub (Aug 23, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

Well, then here's a comment to keep it open ;)

<!-- gh-comment-id:3216523917 --> @bartgrefte commented on GitHub (Aug 23, 2025): > Issue is now considered stale. If you want to keep it open, please comment 👍 Well, then here's a comment to keep it open ;)
kerem commented 2026-02-26 05:34:13 +03:00
Author
Owner
Copy link

@BigW72 commented on GitHub (Aug 23, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

I still think it would be great if one could easily use externally managed certificates.

If you can't use the GUI for everything and have to manage text files without certainty that the workaround won't stop working then using something designed to be managed via config files works better for me.

I have recently switched to SWAG and miss the NPM GUI, but overall it is easier to add new hosts.

PS: The reason I had to manage certs externally is because my DNS doesn't support automated renewal.

<!-- gh-comment-id:3216588577 --> @BigW72 commented on GitHub (Aug 23, 2025): > Issue is now considered stale. If you want to keep it open, please comment :+1: I still think it would be great if one could easily use externally managed certificates. If you can't use the GUI for everything and have to manage text files without certainty that the workaround won't stop working then using something designed to be managed via config files works better for me. I have recently switched to SWAG and miss the NPM GUI, but overall it is easier to add new hosts. PS: The reason I had to manage certs externally is because my DNS doesn't support automated renewal.
kerem commented 2026-02-26 05:34:13 +03:00
Author
Owner
Copy link

@BeanBagBob commented on GitHub (Oct 2, 2025):

I would love for this to be added to NPM natively.

<!-- gh-comment-id:3359714215 --> @BeanBagBob commented on GitHub (Oct 2, 2025): I would love for this to be added to NPM natively.
kerem commented 2026-02-26 05:34:13 +03:00
Author
Owner
Copy link

@BeanBagBob commented on GitHub (Oct 2, 2025):

Question. Will NPM notice when the certificate on the host has been renewed?

<!-- gh-comment-id:3361594751 --> @BeanBagBob commented on GitHub (Oct 2, 2025): Question. Will NPM notice when the certificate on the host has been renewed?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#76
No description provided.