# Troubleshoot

<details>

<summary>The extension appears grey in Tableau Online but not in the desktop</summary>

* Check the whitelisting in Tableau settings. The extension url needs to be whitelisted to be able to run in a Tableau Online dashboard.
* Is the extension running behind a proxy? Be sure the proxy is not adding CSP (Content Security Policy) Headers to the request. To find out if this is the cause, open the developer tools in your browser and open the console tab. When there are red messages complaining about Content Security Policy, then this is the problem.

</details>

<details>

<summary>Running behind a Reversed Proxy and a wrong domain in the trex file</summary>

* If you are running behind a reversed proxy and the domain in the trex is therefore showing the domain of the server instead of the public-facing domain, follow these steps.
* Open the config.yaml file in your installation folder.
* Add or update the host variable to the public-facing domain.
* Restart the application.
* Download the trex file from yourdomain.com/trex

<figure><img src="https://795374256-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6yVPUWGXrvCkUcDV7WOV%2Fuploads%2FiugBF6hhYweSlro03fm9%2FScherm%C2%ADafbeelding%202025-07-08%20om%2011.10.49.png?alt=media&#x26;token=e9b9ff1b-7290-477e-9f73-d416ad6abb74" alt=""><figcaption></figcaption></figure>

</details>

<details>

<summary>How to decrypt my keyfile?</summary>

Our application requires an unencrypted SSL key file. If you only have an encrypted key file, you must decrypt it using OpenSSL. Use the following command:

**Windows**

openssl.exe rsa -in encrypted.key -out decrypted.key

Linux

openssl rsa -in encrypted.key -out decrypted.key

</details>

<details>

<summary>Protocol mismatch after ppgrade – “Missing ALPN protocol” / allowHTTP1 error</summary>

#### Symptoms

After upgrading to newer versions:

* Browser shows an error when accessing the extension endpoint (e.g. `https://<host>:<port>/...`)
* Error message may include:\
  `Missing ALPN Protocol, expected h2 to be available`
* Environment includes a reverse proxy or load balancer in front of the extension service

### Cause

A protocol mismatch between the reverse proxy/load balancer and the enterprise (self-hosted) environment.

Typical scenarios:

* The extension server is configured to run with **HTTPS (TLS) enabled**
* The reverse proxy/load balancer forwards traffic to the extension server using **HTTP**
* The extension server expects **TLS/HTTP2**, but receives **plain HTTP/1.1**

This results in the `Missing ALPN Protocol` error.

### Resolution

Ensure protocol alignment between the reverse proxy/load balancer and the extension server.

* If the extension server is configured to run on **HTTPS**:
  * The reverse proxy/load balancer must forward traffic using HTTPS
  * Do not forward plain HTTP traffic to a TLS-enabled backend port
  * The extension server requires HTTP/2 over HTTPS, so the load balancer must be configured accordingly

After correcting the configuration, restart the service if required and re-test access to the extension endpoint.

</details>

<details>

<summary>SSL error during upgrade when using a .pfx certificate</summary>

#### Issue

During the upgrade, you may see:

`SSL_ERROR_INTERNAL_ERROR_ALERT`\
`ERR_SSL_PROTOCOL_ERROR`\
(or a *Secure Connection Failed* message)

<figure><img src="https://795374256-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6yVPUWGXrvCkUcDV7WOV%2Fuploads%2FsuPoiQoHr7s5oGRo9igB%2Fimage.png?alt=media&#x26;token=a79f23c8-0feb-4a08-9a28-740327c7f51e" alt=""><figcaption></figcaption></figure>

#### Cause

Recent extension versions do **not support `.pfx` certificates** in this setup.

#### Solution

Convert the `.pfx` file to PEM format and use those instead:

```
openssl pkcs12 -in server.pfx -nocerts -nodes -out key.pem
openssl pkcs12 -in server.pfx -clcerts -nokeys -out cert.pem
```

#### Next steps

* Configure SSL using `key.pem` and `cert.pem`
* Restart the extension
* Retry the upgrade

</details>