July 6, 2025Jul 6 Hi I'm having a problem with SSL certs, on Firefox I'm getting SSL_ERROR_INTERNAL_ERROR_ALERT (with Chrome it's a ERR_SSL_PROTOCOL_ERROR) when navigating to my proxy host. Below are the setup steps I followed along with the troubleshooting I did. Short of testing the SSL cert on a webserver to verify that it is intact (please let me know if I should attempt this), I'm out of ideas. Any help is greatly appreciated.The setup steps I followed:Setup a subdomain haos.mydomain.com to redirect to my top-level domain, mydomain.comVerify that mydomain.com is currently pointed to my dynamic IP (via dynamic DNS).Follow this tutorial to setup NPM-Official, which is basically:https://www.youtube.com/watch?v=nhacNUxVcy4Install NPM-Official container. Choose to have a fixed IP address.Forwarded ports 80 and 443 from my router to the NPM-Official IP address.Verify that I can access the NPM-Official welcome screen when navigating to http://myipaddressSetup mydomain.com and *.mydomain.com SSL Certs in the NPM webUI. I deviated from the tutorial by enabling DNS Challenge to allow wildcard cert generation.Create a Proxy Host. It's pointed to my HA OS virtual machine, so http and port 8123. It uses the *.mydomain.com SSL cert.Now I should be able to type in haos.mydomain.com via http or https and see the HA OS interface. But instead, what I see with http is 502 bad gateway, and with https SSL_ERROR_INTERNAL_ERROR_ALERT on Firefox and with Chrome it's a ERR_SSL_PROTOCOL_ERROR. Troubleshooting:nslookup says haos.mydomain.com is correctly pointed to my external IP addressmanually navigating to the HA OS IP address successfully shows me the HA web interface as expectedNPM-Official log shows successful cert generation when I click on Renew:[7/5/2025] [8:40:19 PM] [SSL ] › info - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/npm-2.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Renewing an existing certificate for *.mydomain.com and mydomain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /etc/letsencrypt/live/npm-2/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [7/5/2025] [8:40:19 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /etc/letsencrypt/live/npm-2/fullchain.pem -subject -noout [7/5/2025] [8:40:19 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /etc/letsencrypt/live/npm-2/fullchain.pem -issuer -noout [7/5/2025] [8:40:19 PM] [Global ] › ⬤ debug CMD: openssl x509 -in /etc/letsencrypt/live/npm-2/fullchain.pem -dates -noout Edited July 6, 2025Jul 6 by gusgus formatting
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.