March 15, 20251 yr Hi everyone, I’m encountering an issue with my NGINX Proxy Manager (NPM) setup in combination with Cloudflare and the SSL Handshake Failed error (Error 525). Setup: NGINX Proxy Manager is running in a Docker container on ports 18443 (HTTPS) and 1880 (HTTP) and with the Web UI Port: 7818. The Vaultwarden WebUI port is 4743. I just have changed the default admin credentials and under "General settings" the Domain URL to "http://example.com" (obvious my domain). In my Cloudflare DNS entrys I have added a CNAME with the name "XYZ" and with the target "example.com". Proxy-status is activated und TTL is auto. I have set up the configuration according to the following instructions: Vaultwarden -> https://www.youtube.com/watch?v=vHo9TwSqxaM NPM -> https://www.youtube.com/watch?v=nhacNUxVcy4 I have successfully configured a Let’s Encrypt SSL certificate for my domain through NPM. My domain has also a valid Lets Encrypt certificate on Cloudflare. The SSL/TLS mode in Cloudflare is set to “Full”, and the domain is hosted on Cloudflare. Ports 443 and 80 are correctly forwarded in my router (external 443 to internal 18443, and external 80 to internal 1880). I checked the SSL-certificate successfully with https://www.sslshopper.com/ssl-checker.html. I also testet the DNS successfully with https://dnschecker.org. Problem: When trying to access my domain, I get the “SSL Handshake Failed” error with Error Code 525. I’ve verified that my SSL certificate in NPM is valid and that port 443 is open and reachable externally. Cloudflare settings are correct, but I still can’t establish a successful connection to the server. I have already done a lot of research and ChatGPT also thinks it could be one of these two possibilities: - Cloudflare expects my server to be listening on port 443, but my NPM container is listening on port 18443. - There might be an issue with the port forwarding or SSL certificates. What I’ve already tried: Set the SSL/TLS mode in Cloudflare to “Full”. (also tried to switch for a couple seconds to Flexibel) Tested the Cloudflare proxy (switching to Gray) and tried direct connections. Checked port forwarding and confirmed the SSL certificate status. For a more in-depth assessment, I have attached the anonymized diagnostic. I would appreciate any help or suggestions on how to correctly set up the connection between Cloudflare and my NGINX Proxy Manager so the SSL handshake succeeds. Has anyone had similar experiences or found a solution? Thanks in advance! alent-diagnostics-20250315-0131.zip
March 15, 20251 yr If you open NPM and you click on your vaultwarden proxy hosts name does it load you to the login? Also did you use http or https in NPM for vaultwarden? Make sure your server time and date are also corrrect. Edited March 15, 20251 yr by Gragorg
March 15, 20251 yr Author 8 hours ago, Gragorg said: If you open NPM and you click on your vaultwarden proxy hosts name does it load you to the login? Also did you use http or https in NPM for vaultwarden? Make sure your server time and date are also corrrect. When I click my page in NPM it opens the cloudflare error landing page. I have tried both in NPM, HTTP and HTTPS. Both result in the same error. The server time/date is correct.
March 15, 20251 yr Author When I open the local page via http://x.x.x.x:4743 the page is loading forever but when I open http://x.x.x.x:4743/admin it opens the VaultWarden configuration site. The same happens when a friend opens it from a different network.
March 15, 20251 yr In the admin General Settings did you enter your https cloudflare URL under Domain URL? Quote
March 15, 20251 yr Author 45 minutes ago, Gragorg said: In the admin General Settings did you enter your https cloudflare URL under Domain URL? Yes, I did it for http and https.
March 17, 20251 yr If you can't load the local GUI then it has to be an issue with Vaultwarden setup. I would focus on getting Vaultwarden running standalone without NPM first. Some people have had issue with bonding being enabled Unraid Network settings so you could try and disable that and see.
April 1, 20251 yr Author On 3/17/2025 at 3:00 PM, Gragorg said: If you can't load the local GUI then it has to be an issue with Vaultwarden setup. I would focus on getting Vaultwarden running standalone without NPM first. Some people have had issue with bonding being enabled Unraid Network settings so you could try and disable that and see. Reinstalling didnt help me Can you tell me which setting you mean with bonding? Do you mean the "Network Type:" or bonding two NICs? -> If you mean the later, I only have one NIC in use. Any other guesses, why I cant load the page -> http://localhost:port ???
May 22, 20251 yr Solution I had the same 525 SSL handshake issue with Cloudflare and NGINX Proxy Manager. The problem turned out to be that Cloudflare expects the backend to serve SSL on port 443, but my NPM was running SSL on a different port (like 18443). I fixed it by either mapping port 18443 to 443 in the Docker run command or compose file, or by using NGINX's internal redirect to serve SSL properly on 443. Also, make sure your Cloudflare SSL/TLS setting is set to Full (Strict) if you have a valid certificate in NPM. Once I did that and confirmed port forwarding in my router/firewall, the handshake worked fine.I hope it helps!
March 16Mar 16 I don't understand. Can you tell me exactly what I need to change to make this work? Everything was fine until today. My redirects on the router look like this:In Unraid, my settings are as follows:I see that Nginx had some kind of update, so I generated new certificates, but it still isn't working.
March 16Mar 16 To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:jlesage/nginx-proxy-manager:v25.09.1Once this is resolved, you should change it back to:jlesage/nginx-proxy-manage
March 16Mar 16 4 hours ago, sdchoni said:To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:jlesage/nginx-proxy-manager:v25.09.1Once this is resolved, you should change it back to:jlesage/nginx-proxy-manageThis is why I love this community so much!Thank you!!!
March 17Mar 17 Today i also suddenly had this problem, it has been working fine for years. Luckily i found this post, changed repository to jlesage/nginx-proxy-manager:v25.09.1, and all is back up and running. Can anybody tell us what this is about?
March 17Mar 17 20 hours ago, sdchoni said:To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:jlesage/nginx-proxy-manager:v25.09.1Once this is resolved, you should change it back to:jlesage/nginx-proxy-manageAbsolute hero! Thanks
March 17Mar 17 Unfortunately, when I try to revert to the previous version, it throws errors left and right.
March 17Mar 17 4 hours ago, Kulis said:Unfortunately, when I try to revert to the previous version, it throws errors left and right.Yes, also happens to me, can't login to the admin dashboard. I don't think there's an easy fix...
March 17Mar 17 Im also having this issue with my server. Been running fine for years, all of a sudden 525 error on all domains. The certificates are still good as I just provisioned several of them not more than two months ago. I'm completely lost as to what this issue is and how to fix it.
March 18Mar 18 On 3/16/2026 at 7:48 AM, sdchoni said:To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:jlesage/nginx-proxy-manager:v25.09.1Similarly, never had an issue until just this week, but doing this repository adjustment fixes it! (For now…)Unfortunately trying to login to my Nginx management I get a “bad gateway” error, but remotely accessing everything else that’s proxied via my Cloudflare domain is working at least. Hopefully we can get a better fix soon.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.