I generated selfsigned domain certificate and then started Keycloak:

docker run \
  --name keycloak \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=password \
  -e KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem \
  -e KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem \
  -v $PWD/server.crt.pem:/opt/keycloak/conf/server.crt.pem \
  -v $PWD/server.key.pem:/opt/keycloak/conf/server.key.pem \
  -p 8443:8443 \
  quay.io/keycloak/keycloak \
  start-dev

But I can't access auth page https://<IP>:8443/auth/. There is always "Page not found" error.

What is wrong?

Starting with Keycloak 17 for the Quarkus distribution:

The new distribution introduces a number of breaking changes, including:

• Configuring Keycloak has significantly changed

• Quarkus is not an application server, but rather a framework to build applications

• /auth removed from the default context path

• Custom providers are packaged and deployed differently

Because of the third bullet point you are getting

But I can't access auth page https://:8443/auth/. There is always "Page not found" error.

You can get around this issue with one of two solutions:

1. Use the previous endpoints, but now removing /auth from them or;

2. as pointed on in the documentation:

By default, the new Quarkus distribution removes /auth from the context-path. To re-introduce the /auth use the http-relative-path build option. For example: bin/kc.[sh|bat] start-dev --http-relative-path /auth

There is no more auth. It is now called admin

Access page with: https://<IP>:8443/admin/