[GH-ISSUE #709] [QUESTION] Connection isn't secure only for my whoogle subdomain #457

New issue

Closed

opened 2026-02-25 20:35:48 +03:00 by kerem · 2 comments

kerem commented

2026-02-25 20:35:48 +03:00

Owner

Originally created by @ludoctl on GitHub (Apr 2, 2022).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/709

Hi there,

My knowledge being full of gaps, I'm not sure where to look to solve that:
Got a bunch of services all hosted via docker behind the same nginx reverse proxy setup, all on subdomains over https with my Cloudflare issued Client certificate.

I get the "Connection isn't private/secure" and NET::ERR_CERT_INVALID (on chrome) and need to add an exception... though it isn't the case for any other of my services/subdomains. All subdomains are listed as hosts on the cloudflare certificates page... any idea where I should look?

Originally created by @ludoctl on GitHub (Apr 2, 2022). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/709 Hi there, My knowledge being full of gaps, I'm not sure where to look to solve that: Got a bunch of services all hosted via docker behind the same nginx reverse proxy setup, all on subdomains over https with my Cloudflare issued Client certificate. I get the "Connection isn't private/secure" and NET::ERR_CERT_INVALID (on chrome) and need to add an exception... though it isn't the case for any other of my services/subdomains. All subdomains are listed as hosts on the cloudflare certificates page... any idea where I should look?

kerem

2026-02-25 20:35:48 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-25 20:35:48 +03:00

Author

Owner

@benbusby commented on GitHub (Apr 6, 2022):

Hi @ludoctl. Without being able to see your nginx config, it's a little hard to diagnose what the issue could be. I have a similar setup to yours, with multiple services defined for different subdomains with each in their own nginx server block. Here's an example configuration:

server {
	server_name subdomain.domain.com;
	location / {
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header Host $host;
		proxy_pass http://localhost:5000;

	}

	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Is your setup similar to that? Your cert definitions will likely point somewhere else since you're using Cloudflare certificates, but otherwise I'm assuming it's the same general configuration. I'm not familiar with using Cloudflare certificates, but can you verify that the certificate used for the site (found via the URL bar -> lock icon -> "Connection is Secure" -> "View certificate" or something like that) is what you'd expect in terms of common name and validity period?

@benbusby commented on GitHub (Apr 6, 2022): Hi @ludoctl. Without being able to see your nginx config, it's a little hard to diagnose what the issue could be. I have a similar setup to yours, with multiple services defined for different subdomains with each in their own nginx server block. Here's an example configuration: ``` server { server_name subdomain.domain.com; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://localhost:5000; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } ``` Is your setup similar to that? Your cert definitions will likely point somewhere else since you're using Cloudflare certificates, but otherwise I'm assuming it's the same general configuration. I'm not familiar with using Cloudflare certificates, but can you verify that the certificate used for the site (found via the URL bar -> lock icon -> "Connection is Secure" -> "View certificate" or something like that) is what you'd expect in terms of common name and validity period?

kerem commented

2026-02-25 20:35:48 +03:00

Author

Owner

@ludoctl commented on GitHub (Apr 7, 2022):

Hey Ben,
Thanks for your reply, I realized today it was my mistake - a combination of over done nginx proxy settings and cloudflare being set to proxy DNS only. All good now though I still have #708 which prevents me from using my whoogle as default search engine on FF desktop. Works on my mobile since I can add it with the query string there.

@ludoctl commented on GitHub (Apr 7, 2022): Hey Ben, Thanks for your reply, I realized today it was my mistake - a combination of over done nginx proxy settings and cloudflare being set to proxy DNS only. All good now though I still have #708 which prevents me from using my whoogle as default search engine on FF desktop. Works on my mobile since I can add it with the query string there.