Having problems setting up NGINX Home Assistant SSL proxy add-on


I really hope thaqt you guys can help.

I have been following these guides to configure the NGINX SSL proxy add-on.

and I have even tried using this one

I have a new installation (doesn’t have the latest update) running on a Ubuntu 18.10 Server and the add-on is v2.1.

The error I am getting is shown in the add-in’s log as
INFO] Running nginx… nginx: [emerg] BIKO_new_file("/ssl/cert.pem") failed (SSL: error02001002:system library:fopen:No such file or directory:fopen(’/ssl/cert.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)

I have followed the guides and it is really frustrating that it is not working.

I have attached screenshots of my config files and of the error in the add-in’s log.

Any help would be gratefully received.

Thanks Paul

I wrote this guide and it works. Take a look in shared projects

Nginx Reverse Proxy Set Up Guide – Docker

Hi Juan,

I will take a look at your guide tonight.

Thank you


Hi @juan11perez

I have been following your guide and ran into a problem. I am sure it is something I have done wrong and would really appreciate your help to fix it.

I used your updated docker-compose file for the wildcard subdomains and the docker-compose seems to work, but the server runs is running in the terminal window. If I close the terminal it shuts letsencrypt down.

Also the folder home/user/docker-projects/letsencrypt/config/nginx/site-confs/default folder is empty, in your guide NGINX should be in there ?

If I run docker ps it doesn’t show letsencrypt so I have definitely done something wrong.

I have attached my docker compose file and a screenshot of the terminal.

That’s definitely incorrect. If you’re running a docker via docker-compose it will not shut down when you leave the terminal.

I presume it has to do with your next comment about the folder.

You must definitely have a folder where letsencrypt stores its configuration.

you mention /home/user/docker-projects/letsencrypt/config. I presume you have changed the “user” part to your actual ubuntu user?

@juan11perez :weary: :face_with_symbols_over_mouth: school boy error, missed that. Thank you.

I changed it from user to pj (which is my user) and it has now created the folders and files.

I should be able to close the terminal window without it terminating letsencrypt, as it does now show a running container when I type docker ps?

yes, no terminal required

I used your default configuration file, and changed the bits you advised. But what is the purpose of the fastcgi_pass hostip:9000 line? I have portainer running on port 9000, so should I change this and if so what to?

Should I also configure one of the subdomains to point to portainer?

Also, I use configurator, so I used subdomain 1 and changed the server_name to conf.***.duckdns.org and then proxy_pass to is that right?

Sorry for all the questions, learning as I go.

dont know what fastcgi_pass hostip exactly does. but leave it as is.

Change portainer ports to something else i.e. 9100:9000

you should configure the domains you want to expose externally, as per my write up.

for the proxy pass the ip needs to be your server ip with the correct port. xxxx:3218 I pressume you’re example should work. I just use the ip i see on my router for the server.

@juan11perez as far as I can tell I have followed your guide to the letter and used your configs to ensure it is right substituting my details for yours. But it refuses to work.

If I type https://hass.*****.duckdns.org on the local server, I get a time out error and if I try it from the local network or externally I also get a time out issue.

I am forwarding ports 80 & 443 from my router to my server.

Also, I can still connect to my local server by its IP and port (8123, 3128, 9001) the letsencrypt container is running, and I don’t know how to troubleshoot it further. I have rebooted the server several times and also restarted the letsencrypt container after every config change.

I would really appreciate any help you could offer.


Is the letsencrypt docker running?
Have you got the right image for your system?
On a Pi it should be arm32v7-latest

Check the docs, recheck your compose



I am running my Ubuntuserver in Hyper-V on a Windows 10 Pro x64 PC.
What version should letsencrypt be for that? All of the important containers seem to be running (see attached)

I will check my compose again when I get home tonight.

Thank you.

I thought it was a RPI. Portainer says is running. You need to check your logs. See if you spot something.
Also seems you’ve got another nginx add on running.


I tided up my portainer and removed the other nginx from my home assistant setup.

I have checked my docker-compose file and also my site-confs default file and I cannot find a difference from your files. I also rechecked my gid and uid and it is right.

I also checked my portainer logs for the letsencrypt container, and again it all seems to be working (see attached logs, I edited my email address) but I still cannot access https://hass..duckdns.org, or https://conf..duckdns.org even from the server.

Any ideas on why it is being such a problem??

Portainer letsencrypt log.yaml (1.3 KB)

Logs look normal. I’m afraid I can’t offer more advice.