nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
Cannot upload self-signed certificates anymore
Checklist
- Have you pulled and found the error with
jc21/nginx-proxy-manager:latestdocker image? - [x] Yes
- Are you sure you're not using someone else's docker image?
- [x] Yes
- Have you searched for similar issues (both open and closed)?
- [x] Yes
Describe the bug
I cannot upload self-signed certificates for my local network anymore. It gives the error Upload failed: Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected. even though it is definitely not and the Console gives me Failed to load resource: the server responded with a status of 400 () on URL https://proxy.local/api/nginx/certificates/validate. A screenshot of the Request will be included below and there is also a log file of a fresh start containing only the logs of adding a custom certificate. This even happened when I deleted an already uploaded certificate and tried to re-upload it. The console only shows
[2/14/2024] [4:33:15 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -subject -noout
[2/14/2024] [4:33:15 PM] [Global ] › ⬤ debug CMD: openssl pkey -in /tmp/82717e67-3388-467a-9efd-1b3d6f14ff6e/tmp -check -noout 2>&1
[2/14/2024] [4:33:15 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -issuer -noout
[2/14/2024] [4:33:15 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -dates -noout
{
"error": {
"code": 400,
"message": "Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected."
},
"debug": {
"stack": [
"ValidationError: Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
" at Timeout._onTimeout (/app/internal/certificate.js:679:14)",
" at listOnTimeout (node:internal/timers:573:17)",
" at process.processTimers (node:internal/timers:514:7)"
]
}
}
Nginx Proxy Manager Version v2.11.1
To Reproduce Steps to reproduce the behavior:
- Go to
SSL Certificates - Click on
Add SSL Certificat - Click on
Custom - Write in a Name
- Upload the key file of the certificate
- Upload respective certificate
- Click on
Save - See error
Expected behavior Certificate should be successfully uploaded and being usable for local proxy hosts.
Screenshots
Operating System Simple Docker deployment w/out external DB. On:
- Raspberry Pi 5 4GB
- Raspbian
Additional context RasPi:
- PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
- NAME="Debian GNU/Linux"
- VERSION_ID="12"
- VERSION="12 (bookworm)"
- VERSION_CODENAME=bookworm
- ID=debian
-
uname -maarch64
Docker version 25.0.3, build 4debf41
I got the same issue. After a little investigation I found that the backend is using openssl to verify your private key with the following command:
openssl pkey -in ' + filepath + ' -check -noout 2>&1
Running this same command for my key (8192bit RSA) on the same machine (Raspi 5), it takes around 30-40s. However, the timeout is to occur after 10s already.
I could solve the problem by modifying this line: https://github.com/NginxProxyManager/nginx-proxy-manager/blob/209c1b33347d1ea82870e742edf5039cc254d7ba/backend/internal/certificate.js#L680 I logged into the container and executed the following command:
sed -i 's/10000/50000/g' /app/internal/certificate.js
After a restart of the container, I could upload my keys.
It would be good to increase this limit for slower machines with larger keys to at least 40-50s.
Can confirm, and I am also using 8192bit RSA! This should be considered! With increasing the timeout, it works
This impacted me as well. It really would be nice if this is addressed.
Quick fix, execute this on your docker host:
docker exec -it proxy sed -i 's/10000/50000/g' internal/certificate.js && docker restart proxy