Question regarding setting up HTTPS with Tailscale

Hi, I’ve installed Umbrel. Setup Nextcloud & Tailscale on the install. Later enabled MagicDNS and switched on HTTPS on Tailscale admin console.

Later ran tailscale cert <domain> inside the Tailscale docker instance, it succeeded. But when I try to visit the https domain I get an err saying ERR_CONNECTION_RESET . I ran the same command from the instance where I installed umbrel (on the host machine, not the docker) and that also seems to not make a difference. I don’t think I fully understand as of yet how certs are managed by Tailscale.

What am I missing?


I’m attempting the same thing but can’t even figure out how to run ‘tailscale cert’ to assign a certificate.

How did you manage it?

Update just for reference, I managed to obtain the certificate by running the following command whilst ssh’ed into Umbrel:

sudo docker exec -it tailscale_web_1 tailscale cert [tailscale machine name].[tailnet domain alias]

Where tailscale machine name and tailnet domain alias were assigned in the machines and DNS settings.

I found the name of the docker container using sudo docker ps which listed a container name for both web and Tor and ran the command in the non-Tor container.

This appeared to run successfully and create the necessary files on the server, but as with OP when I attempted to visit the domain whilst connected to Tailscale I also received the message:


Any Tailscale/DNS/TLS/HTTPS experts amongst us?


In the Tailscale admin console, under Services, a list is presented of all running services. In mine, port 443 is not listed. I think the solution is to open port 443 in the Nginx config. However, the nginx.conf file will be overwritten when the software is updated, so this is not a good solution.


Using Tailscale HTTPS would be fast, secure and convenient were it supported on Umbrel. Using Tailscale means we don’t need to open up ports to the internet which is very appealing to users like me.

And Tailscale is much much much faster than Tor. By a long shot.

Please work on this feature. It would be of huge benefit to many users.


Does anyone know how I need to override the Nginx conf to make tailscale HTTPS work? Even if I would have to do it again after each update?