Old thread but this has helped me solve the problem.
It seems like a Mikrotik/RouterOS issue for not being able to trust the Let's Encrypts new CA ISRG Root X1. I was having issues with not able to access Mikrotik's webfig from behind a NGINX reverse proxy neither through the router's gateway ip address nor domain name, from both private and public networks. I had other services with different domain names hosted in my private network that were accessible from everywhere.
Please see https://letsencrypt.org/docs/dst-root-c ... mber-2021/
After importing old CA DST Root CA X3 from https://ssl-tools.net/subjects/6ff4684d ... 2c1d8a2fa6 solved the problem. Finally I can access the router admin console using SSL.
BTW I'm on latest software 7.13.3
Some settings to note
It seems like a Mikrotik/RouterOS issue for not being able to trust the Let's Encrypts new CA ISRG Root X1. I was having issues with not able to access Mikrotik's webfig from behind a NGINX reverse proxy neither through the router's gateway ip address nor domain name, from both private and public networks. I had other services with different domain names hosted in my private network that were accessible from everywhere.
Please see https://letsencrypt.org/docs/dst-root-c ... mber-2021/
After importing old CA DST Root CA X3 from https://ssl-tools.net/subjects/6ff4684d ... 2c1d8a2fa6 solved the problem. Finally I can access the router admin console using SSL.
BTW I'm on latest software 7.13.3
Some settings to note
- Rewrite DNS - point the domains to the correct local ip addresses in Adguard (or whatever DNS server in use)
- Port forward 80 and 443 to NGINX proxy on the WAN interface
- Have hairpin NAT rule. I added x.x.x.x/24 to x.x.x.x/24 for all ports
- Generated Let's Encrypts certificates through NGINX. Then exported and imported into Router OS as well as DST Root CA X3
Statistics: Posted by schoudhry — Sun Feb 04, 2024 12:49 am