When using proxy: Host marked as down because of "self-signed certificate" error even though "Ignore TLS/SSL error for HTTPS websites" is checked

[t-k365]

📑 I have found these related issues/pull requests

In #1380 a proposed solution by @louislam is to tick the checkbox "Ignore TLS/SSL error for HTTPS websites" which doesn't seem to work for me.

🛡️ Security Policy

• I agree to have read this project Security Policy

Description

My only host with a self signed certificate is marked down with the reason "self-signed certificate" even though "Ignore TLS/SSL error for HTTPS websites" is checked for that website.

This is a new install and the first time I'm using Uptime Kuma

👟 Reproduction steps

Monitor website which uses a self signed certificate using a HTTP(s) monitor
Check "Ignore TLS/SSL error for HTTPS websites"
Observe host shows down even though it's up
Observe the message "self-signed certificate"

👀 Expected behavior

Host shows up and ignores the certificate error

😓 Actual Behavior

Host shows down because of "self signed certificate"

🐻 Uptime-Kuma Version

1.23.13

💻 Operating System and Arch

Debian 12

🌐 Browser

Edge 127.0.2651.98

🖥️ Deployment Environment

• Runtime: Docker 27.1.2
• Database: sqlite/embedded
• Filesystem used to store the database on: ext4
• number of monitors: 24

📝 Relevant log output

2024-08-14T14:51:32+02:00 [MONITOR] WARN: Monitor #16 'REDACTED-MONITOR-NAME': Failing: self-signed certificate | Interval: 60 seconds | Type: http | Down Count: 0 | Resend Interval: 0

[t-k365]

Weirdly enough if I test the same site on the uptime-kuma demo, it does infact ignore the self signed certificate and shows the host as up.

It might have to do with my actual installation being behind a http proxy.

[t-k365]

Further testing seems to confirm this is an issue that's only happening when using a proxy.
Both the web demo and another instance of uptime-kuma, that doesn't use proxy, have no issues monitoring the site in question.

So the issue seems to be: When using a proxy, ignoring tls/ssl errors doesn't work properly. Host gets marked down with the error "self-signed", even though it's up.

I've also tried the last 2 versions, as I've seen there have been some proxy-related changes.

1.23.12 is very bad, all sites that use proxies get marked down using that version
1.23.11 is the same as 1.23.13. A site using proxy and having a self-signed cert gets marked down even if it's up and "ignore tls/ssl error" is checked.

[Bodo-von-Greif]

I had the same problem but the reason was a 401 unouthorized which i included in the accepted status codes.
I checked Ignore "TLS/SSL error for HTTPS websites" and use no-proxy.
Now i have no problems.
I get the Cert Exp. correct.

[cliouo]

Version: 1.23.16
The same issue arises when using an http proxy to monitor self-signed certificate https websites:
The expected situation is that when "Ignore TLS/SSL errors for HTTPS sites" is checked, it can ignore the normal monitoring of self-signed certificates for HTTPS sites
The reality is the indication of the "self-signed certificate" issue