AdGuard Home Wildcard aliases
-
@Kubernetes said in AdGuard Home Wildcard aliases:
This should look like this:
https://adguard.yourdomain.tld/dns-query/CLIENTIDyes, but for Android I have to use DoT and not DoH ?
DoT DNS over TLS (DoT) is supported and uses port 853 by default. DoT is required for Android's "Private DNS mode" (available since Android 9.0 Pie). To use Client ID identifiers, you must add a wildcard subdomain alias of the form *.adguard.domain.com.
-
@Kubernetes as I understand this, for DoT I need a wildcard domain. In AdGuard Adnroid app I can use DoH with your string, this works fine.
-
-
@girish I switched now from Porkbun API to Wildcard Domain. How to get it working now?
Just get this:
Apr 29 22:16:09 2023/04/29 20:16:09.334842 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority Apr 29 22:16:09 2023/04/29 20:16:09.584416 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority Apr 29 22:16:09 2023/04/29 20:16:09.602320 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority
-
@lukas Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
Unfortunately, one cannot create a wildcard certificate from the Wildcard Domain. This is because Let's Encrypt requires you to set values in the DNS to get a wildcard cert. With a wildcard provider, Cloudron has no way to program the DNS. Only fix right now is to switch to some other programmable DNS provider. Sorry...
-
@girish said in AdGuard Home Wildcard aliases:
Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
you got maybe any ticket number? I will contact them now
-
@girish update to latest Cloudron Version, bunny.net integration is working fine (thanks for this), but DoT on my Android Phone is still not working, in AdGuard Home Log I see:
May 02 10:35:57 2023/05/02 08:35:57.599729 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.907614 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.914408 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate
What is wrong? I use <clientname>.adguard.mydomain.TLD and I added an Alias (*.adgaurd) to AdGuard Home.
What is wrong?
Thank you and Regards,
Lukas -
@lukas The first few lines should give us the issuer and expiry like this:
Certificate: Data: Version: 3 (0x2) Serial Number: 04:1d:71:e7:48:c7:d3:80:02:ac:c1:ac:5b:79:e5:3f:3e:4e Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Apr 15 02:11:00 2023 GMT Not After : Jul 14 02:10:59 2023 GMT
Then later down, you should also see the SAN section:
X509v3 Subject Alternative Name: DNS:*.girish.in
Ideally, there should the wildcard and non-wildcard DNS listed above in your case.
-
Certificate: Data: Version: 3 (0x2) Serial Number: 36:5d:97:51:3d:9f:45:89:58:45:67:c2:82:a6:83:3f:6d:50:69:0b Signature Algorithm: sha256WithRSAEncryption Issuer: CN = *.mydomain.cloud Validity Not Before: Apr 2 14:06:15 2023 GMT Not After : Jun 10 14:06:15 2025 GMT
and
X509v3 extensions: X509v3 Subject Alternative Name: DNS:mydomain.cloud, DNS:*.mydomain.cloud