Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SSL Handshake Failed (Error 525) with NGINX Proxy Manager and Cloudflare

Featured Replies

Hi everyone,

I’m encountering an issue with my NGINX Proxy Manager (NPM) setup in combination with Cloudflare and the SSL Handshake Failed error (Error 525).

 

Setup:

NGINX Proxy Manager is running in a Docker container on ports 18443 (HTTPS) and 1880 (HTTP) and with the Web UI Port: 7818.

The Vaultwarden WebUI port is 4743. I just have changed the default admin credentials and under "General settings" the Domain URL to "http://example.com" (obvious my domain).

In my Cloudflare DNS entrys I have added a CNAME with the name "XYZ" and with the target "example.com". Proxy-status is activated und TTL is auto.

 

I have set up the configuration according to the following instructions:

Vaultwarden -> https://www.youtube.com/watch?v=vHo9TwSqxaM
NPM -> https://www.youtube.com/watch?v=nhacNUxVcy4

 

I have successfully configured a Let’s Encrypt SSL certificate for my domain through NPM.

My domain has also a valid Lets Encrypt certificate on Cloudflare.

The SSL/TLS mode in Cloudflare is set to “Full”, and the domain is hosted on Cloudflare.

Ports 443 and 80 are correctly forwarded in my router (external 443 to internal 18443, and external 80 to internal 1880).
I checked the SSL-certificate successfully with https://www.sslshopper.com/ssl-checker.html.

I also testet the DNS successfully with https://dnschecker.org.

 

Problem:

When trying to access my domain, I get the “SSL Handshake Failed” error with Error Code 525.

I’ve verified that my SSL certificate in NPM is valid and that port 443 is open and reachable externally.

Cloudflare settings are correct, but I still can’t establish a successful connection to the server.

 

I have already done a lot of research and ChatGPT also thinks it could be one of these two possibilities:

- Cloudflare expects my server to be listening on port 443, but my NPM container is listening on port 18443.

- There might be an issue with the port forwarding or SSL certificates.

 

What I’ve already tried:

Set the SSL/TLS mode in Cloudflare to “Full”. (also tried to switch for a couple seconds to Flexibel)

Tested the Cloudflare proxy (switching to Gray) and tried direct connections.

Checked port forwarding and confirmed the SSL certificate status.

 

For a more in-depth assessment, I have attached the anonymized diagnostic.

 

I would appreciate any help or suggestions on how to correctly set up the connection between Cloudflare and my NGINX Proxy Manager so the SSL handshake succeeds. Has anyone had similar experiences or found a solution?

 

Thanks in advance!

alent-diagnostics-20250315-0131.zip

Solved by uskhina

If you open NPM and you click on your vaultwarden proxy hosts name does it load you to the login?  Also did you use http or https in NPM for vaultwarden?  Make sure your server time and date are also corrrect.

Edited by Gragorg

  • Author
8 hours ago, Gragorg said:

If you open NPM and you click on your vaultwarden proxy hosts name does it load you to the login?  Also did you use http or https in NPM for vaultwarden?  Make sure your server time and date are also corrrect.

When I click my page in NPM it opens the cloudflare error landing page.

I have tried both in NPM, HTTP and HTTPS. Both result in the same error. The server time/date is correct. Screenshot_2025-03-15-12-34-31-28_3aea4af51f236e4932235fdada7d1643.thumb.jpg.5e577d840c04e15a42151c0ecebe9cf4.jpg

  • Author

When I open the local page via http://x.x.x.x:4743 the page is loading forever but when I open http://x.x.x.x:4743/admin it opens the VaultWarden configuration site.

The same happens when a friend opens it from a different network.

Screenshot_2025-03-15-12-46-57-04_3aea4af51f236e4932235fdada7d1643.thumb.jpg.c1db6b1a213709295c341f1535b28f79.jpg

Screenshot_2025-03-15-12-50-45-12_3aea4af51f236e4932235fdada7d1643.thumb.jpg.0be1fdbfc90cc618c980f6937a993e72.jpg

In the admin General Settings did you enter your https cloudflare URL under Domain URL?

Quote

 

 

  • Author
45 minutes ago, Gragorg said:

In the admin General Settings did you enter your https cloudflare URL under Domain URL?

 

Yes, I did it for http and https.

If you can't load the local GUI then it has to be an issue with Vaultwarden setup.  I would focus on getting Vaultwarden running standalone without NPM first.  Some people have had issue with bonding being enabled Unraid Network settings so you could try and disable that and see.

  • 3 weeks later...
  • Author
On 3/17/2025 at 3:00 PM, Gragorg said:

If you can't load the local GUI then it has to be an issue with Vaultwarden setup.  I would focus on getting Vaultwarden running standalone without NPM first.  Some people have had issue with bonding being enabled Unraid Network settings so you could try and disable that and see.

Reinstalling didnt help me :(
Can you tell me which setting you mean with bonding? Do you mean the "Network Type:" or bonding two NICs? -> If you mean the later, I only have one NIC in use.
Any other guesses, why I cant load the page -> http://localhost:port  ???

  • 1 month later...
  • Solution

I had the same 525 SSL handshake issue with Cloudflare and NGINX Proxy Manager. The problem turned out to be that Cloudflare expects the backend to serve SSL on port 443, but my NPM was running SSL on a different port (like 18443). I fixed it by either mapping port 18443 to 443 in the Docker run command or compose file, or by using NGINX's internal redirect to serve SSL properly on 443. Also, make sure your Cloudflare SSL/TLS setting is set to Full (Strict) if you have a valid certificate in NPM. Once I did that and confirmed port forwarding in my router/firewall, the handshake worked fine.

I hope it helps!

  • Author

Thanks for your help! I will try it.

  • 9 months later...

I don't understand. Can you tell me exactly what I need to change to make this work? Everything was fine until today. My redirects on the router look like this:
image.png

In Unraid, my settings are as follows:
image.png

I see that Nginx had some kind of update, so I generated new certificates, but it still isn't working.

To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:
jlesage/nginx-proxy-manager:v25.09.1

Once this is resolved, you should change it back to:
jlesage/nginx-proxy-manage

4 hours ago, sdchoni said:

To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:
jlesage/nginx-proxy-manager:v25.09.1

Once this is resolved, you should change it back to:
jlesage/nginx-proxy-manage

This is why I love this community so much!
Thank you!!!

Today i also suddenly had this problem, it has been working fine for years.

Luckily i found this post, changed repository to jlesage/nginx-proxy-manager:v25.09.1, and all is back up and running.
Can anybody tell us what this is about?

20 hours ago, sdchoni said:

To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:
jlesage/nginx-proxy-manager:v25.09.1

Once this is resolved, you should change it back to:
jlesage/nginx-proxy-manage

Absolute hero! Thanks

Unfortunately, when I try to revert to the previous version, it throws errors left and right.

4 hours ago, Kulis said:

Unfortunately, when I try to revert to the previous version, it throws errors left and right.

Yes, also happens to me, can't login to the admin dashboard. I don't think there's an easy fix...

Im also having this issue with my server. Been running fine for years, all of a sudden 525 error on all domains. The certificates are still good as I just provisioned several of them not more than two months ago. I'm completely lost as to what this issue is and how to fix it.

On 3/16/2026 at 7:48 AM, sdchoni said:

To temporarily resolve this issue, you can use the previous release of Nginx Proxy Manager. Edit the app and change the repository to:
jlesage/nginx-proxy-manager:v25.09.1

Similarly, never had an issue until just this week, but doing this repository adjustment fixes it! (For now…)

Unfortunately trying to login to my Nginx management I get a “bad gateway” error, but remotely accessing everything else that’s proxied via my Cloudflare domain is working at least.

Hopefully we can get a better fix soon.

Looks like they pushed an update that has fixed the issue, at least on my end.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.