I followed this guide: https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/

But my Nginx Proxy Manager is running on a VPS that is connected to my local network through a WireGuard tunnel. Could that be an issue? I don’t know why it’s not working?

My NPM is also accessible to the local IP of my homeserver on which WireGuard is running.

  • Dataprolet@lemmy.dbzer0.comOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    NPM should serve as both, but only issuing SSL certificates for my local network is the issue. Have you taken a look at the tutorial I’ve linked in the original post?

    And what do you mean with the port I’ve exposed? Exposed where? NPM uses port 81.

      • Dataprolet@lemmy.dbzer0.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Ah I see. As I’ve said the proxy is working for my domain and is available from the internet. So that shouldn’t be an issue…

        This is the output of the openssl command:

        spoiler
        # openssl s_client -connect 127.0.0.1:443 -showcerts
        
        CONNECTED(00000003)
        80DB1D0BDC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1586:SSL alert number 112
        ---
        no peer certificate available
        ---
        No client certificate CA names sent
        ---
        SSL handshake has read 7 bytes and written 297 bytes
        Verification: OK
        ---
        New, (NONE), Cipher is (NONE)
        Secure Renegotiation IS NOT supported
        Compression: NONE
        Expansion: NONE
        No ALPN negotiated
        Early data was not sent
        Verify return code: 0 (ok)
        ---
        
        spoiler
        # openssl s_client -connect 127.0.0.1:80 -showcerts
        
        CONNECTED(00000003)
        809B89C5DB7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
        ---
        no peer certificate available
        ---
        No client certificate CA names sent
        ---
        SSL handshake has read 5 bytes and written 297 bytes
        Verification: OK
        ---
        New, (NONE), Cipher is (NONE)
        Secure Renegotiation IS NOT supported
        Compression: NONE
        Expansion: NONE
        No ALPN negotiated
        Early data was not sent
        Verify return code: 0 (ok)
        ---