Chrome will not respect whatever common name you specify during the certificate creation, so you have to create some config file - openssl.cnf.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

[ req ]

default_bits       = 2048
prompt             = no
string_mask        = default
distinguished_name = req_dn
x509_extensions = x509_ext

[ req_dn ]

countryName            = JP
stateOrProvinceName    = Kyoto
organizationName       = Kamineko Moe
commonName             = Kamineko Moe Service

[ x509_ext ]

subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = home.lan
DNS.2 = *.home.lan

What you really need to change is just DNS.1 and DNS.2 if you want to support wildcard as well, feel free to change req_dn block as well.

With openssl installed, you then just need to run something like this:

1

openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out kamineko-cert.crt -keyout kamineko-key.key -config openssl.cnf

If you are not generating these locally, copy crt and key files to your machine. Install the crt file locally and for every device that might need it.

In Nginx Proxy Manager, add new custom SSL certificate (button in the top right) and upload key and cert files as needed. Now you just have to assign this certificate to the proxy hosts you created. Some services don’t work really well behind these proxies, so before you give up, try some other service first.