- Use cloudflare to get an api token
- Set an a record for a wildcart cert *.domain.com pointing towards your servers local IP such as 192.168.0.1, turn off cloudflare proxy
- Go into NPM and setup the SSL cert using dns challenge and your api token
- setup a proxy host user your subdomain.domain.com pointing towards your docker container
- key step!!! make sure you do not have conflicting ports 80 and 443 on your machine. On unraid the device management ports are set to this, but for NPM to do local proxies, it needs access to these ports.
I would recommend just using caddy. It removes the complicated part of ssl management. For a local network it’ll setup a local self signed certificate authority and you can just install those certificates to any devices on your LAN that you want to have access. For a public setup it’ll use letsencrypt. You will still need to setup dns if you want wildcard routing.
If you want to use DNS challenge with Caddy it’s kind of annoying though (need to download/compile a separate version with the DNS plugin you need).
Which is probably a good idea if you don’t plan to expose the services publicly but want a real certificate to avoid self-signed cert warnings.
I’ve never had this issue but I run basically everything through docker and presumably it bundles this by default.