search

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
22.24k stars 2.57k forks source link

Cannot upload self-signed certificates anymore #3547

Open Peddaahh opened 7 months ago

Peddaahh commented 7 months ago

Checklist

Describe the bug I cannot upload self-signed certificates for my local network anymore. It gives the error Upload failed: Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected. even though it is definitely not and the Console gives me Failed to load resource: the server responded with a status of 400 () on URL https://proxy.local/api/nginx/certificates/validate. A screenshot of the Request will be included below and there is also a log file of a fresh start containing only the logs of adding a custom certificate. This even happened when I deleted an already uploaded certificate and tried to re-upload it. The console only shows

[2/14/2024] [4:33:15 PM] [Global   ] › ⬤  debug     CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -subject -noout
[2/14/2024] [4:33:15 PM] [Global   ] › ⬤  debug     CMD: openssl pkey -in /tmp/82717e67-3388-467a-9efd-1b3d6f14ff6e/tmp -check -noout 2>&1 
[2/14/2024] [4:33:15 PM] [Global   ] › ⬤  debug     CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -issuer -noout
[2/14/2024] [4:33:15 PM] [Global   ] › ⬤  debug     CMD: openssl x509 -in /tmp/74f9af22-e506-47d4-b6c3-b34d3fe78cf9/tmp -dates -noout
{
    "error": {
        "code": 400,
        "message": "Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected."
    },
    "debug": {
        "stack": [
            "ValidationError: Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
            "    at Timeout._onTimeout (/app/internal/certificate.js:679:14)",
            "    at listOnTimeout (node:internal/timers:573:17)",
            "    at process.processTimers (node:internal/timers:514:7)"
        ]
    }
}

Nginx Proxy Manager Version v2.11.1

To Reproduce Steps to reproduce the behavior:

  1. Go to SSL Certificates
  2. Click on Add SSL Certificat
  3. Click on Custom
  4. Write in a Name
  5. Upload the key file of the certificate
  6. Upload respective certificate
  7. Click on Save
  8. See error

Expected behavior Certificate should be successfully uploaded and being usable for local proxy hosts.

Screenshots image image

image

image image image

Operating System Simple Docker deployment w/out external DB. On:

Additional context RasPi:

Docker version 25.0.3, build 4debf41

b1t-hunter commented 7 months ago

I got the same issue. After a little investigation I found that the backend is using openssl to verify your private key with the following command:

openssl pkey -in ' + filepath + ' -check -noout 2>&1

Running this same command for my key (8192bit RSA) on the same machine (Raspi 5), it takes around 30-40s. However, the timeout is to occur after 10s already.

I could solve the problem by modifying this line: https://github.com/NginxProxyManager/nginx-proxy-manager/blob/209c1b33347d1ea82870e742edf5039cc254d7ba/backend/internal/certificate.js#L680 I logged into the container and executed the following command:

 sed -i 's/10000/50000/g' /app/internal/certificate.js

After a restart of the container, I could upload my keys.

b1t-hunter commented 7 months ago

It would be good to increase this limit for slower machines with larger keys to at least 40-50s.

Peddaahh commented 7 months ago

Can confirm, and I am also using 8192bit RSA! This should be considered! With increasing the timeout, it works

TopHatProductions115new commented 4 months ago

This impacted me as well. It really would be nice if this is addressed.

b1t-hunter commented 3 months ago

Quick fix, execute this on your docker host:

docker exec -it proxy sed -i 's/10000/50000/g' internal/certificate.js && docker restart proxy
TopHatProductions115new commented 1 month ago

Quick fix, execute this on your docker host:

docker exec -it proxy sed -i 's/10000/50000/g' internal/certificate.js && docker restart proxy

Just checking, does this work on the latest release?

b1t-hunter commented 1 month ago

Quick fix, execute this on your docker host:

docker exec -it proxy sed -i 's/10000/50000/g' internal/certificate.js && docker restart proxy

Just checking, does this work on the latest release?

The fix should should. The line number is still the same and there is only one 10000 in the whole file.