Here’s a good one (error).
OK, here’s my setup, I might have missed something:
A docker container is running at https://192.168.1.236:2021 (necessary for wss) at home.
Another Nginx Proxy Manager container is routing cloudflare subdomain to https://192.168.1.236:2021
Since 443 is managed by Nginx Proxy Manager I can’t give it to 236
https://192.168.1.236:2021 is working (with cert error of course, but working)
NAT/PAT opened ports 80/443
When I visit https://tsi.mydomain.com/ from TOR (so it’s a pure external route) I get:SEC_ERROR_UNKNOWN_ISSUER
while Certificate is my cloudflare origin certificate
Accepting the “risk” sends to the correct page and wss is working.
Both Nginx Proxy and the local server at 2021 use the origin server
Cloudflare is Full strict, redirect to https.
I double checked and the same settings (AFAIK) were working for another local test server, same ISP.
I already setup other domains in the past with the same infrastructure and pipeline but never got this error.
Oh, and, that’s new, when I test from my machine I get a SSL certificate error issued from my ISP, but when I test with 4G, I have the same error as with TOR (Cloudflare as unknown issuer)