AdGuard Home Wildcard aliases
-
@lukas Yeah, so they never got back
I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.ioUnfortunately, one cannot create a wildcard certificate from the Wildcard Domain. This is because Let's Encrypt requires you to set values in the DNS to get a wildcard cert. With a wildcard provider, Cloudron has no way to program the DNS. Only fix right now is to switch to some other programmable DNS provider. Sorry...
-
-
@lukas Yup, so in next release, it should work
You have to switch to some other provider for something immediate (like today). -
@lukas Yeah, so they never got back
I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.ioUnfortunately, one cannot create a wildcard certificate from the Wildcard Domain. This is because Let's Encrypt requires you to set values in the DNS to get a wildcard cert. With a wildcard provider, Cloudron has no way to program the DNS. Only fix right now is to switch to some other programmable DNS provider. Sorry...
@girish said in AdGuard Home Wildcard aliases:
Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
you got maybe any ticket number? I will contact them now
-
@girish said in AdGuard Home Wildcard aliases:
Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
you got maybe any ticket number? I will contact them now
-
@girish update to latest Cloudron Version, bunny.net integration is working fine (thanks for this), but DoT on my Android Phone is still not working, in AdGuard Home Log I see:
May 02 10:35:57 2023/05/02 08:35:57.599729 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.907614 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.914408 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificateWhat is wrong? I use <clientname>.adguard.mydomain.TLD and I added an Alias (*.adgaurd) to AdGuard Home.
What is wrong?
Thank you and Regards,
Lukas -
@girish update to latest Cloudron Version, bunny.net integration is working fine (thanks for this), but DoT on my Android Phone is still not working, in AdGuard Home Log I see:
May 02 10:35:57 2023/05/02 08:35:57.599729 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.907614 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.914408 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificateWhat is wrong? I use <clientname>.adguard.mydomain.TLD and I added an Alias (*.adgaurd) to AdGuard Home.
What is wrong?
Thank you and Regards,
Lukas -
@lukas If you go to Location view and click Save (without making any changes), does that help the situation ? That should maybe (re)trigger getting the cert.
-
@lukas can you check the output of
openssl x509 -text -in /etc/certs/_.adguard.domain.certin the web terminal of adguard ? Does it seem like a valid Let's Encrypt certificate? -
@lukas The first few lines should give us the issuer and expiry like this:
Certificate: Data: Version: 3 (0x2) Serial Number: 04:1d:71:e7:48:c7:d3:80:02:ac:c1:ac:5b:79:e5:3f:3e:4e Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Apr 15 02:11:00 2023 GMT Not After : Jul 14 02:10:59 2023 GMTThen later down, you should also see the SAN section:
X509v3 Subject Alternative Name: DNS:*.girish.inIdeally, there should the wildcard and non-wildcard DNS listed above in your case.
-
@lukas The first few lines should give us the issuer and expiry like this:
Certificate: Data: Version: 3 (0x2) Serial Number: 04:1d:71:e7:48:c7:d3:80:02:ac:c1:ac:5b:79:e5:3f:3e:4e Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Apr 15 02:11:00 2023 GMT Not After : Jul 14 02:10:59 2023 GMTThen later down, you should also see the SAN section:
X509v3 Subject Alternative Name: DNS:*.girish.inIdeally, there should the wildcard and non-wildcard DNS listed above in your case.
Certificate: Data: Version: 3 (0x2) Serial Number: 36:5d:97:51:3d:9f:45:89:58:45:67:c2:82:a6:83:3f:6d:50:69:0b Signature Algorithm: sha256WithRSAEncryption Issuer: CN = *.mydomain.cloud Validity Not Before: Apr 2 14:06:15 2023 GMT Not After : Jun 10 14:06:15 2025 GMTand
X509v3 extensions: X509v3 Subject Alternative Name: DNS:mydomain.cloud, DNS:*.mydomain.cloud -
Certificate: Data: Version: 3 (0x2) Serial Number: 36:5d:97:51:3d:9f:45:89:58:45:67:c2:82:a6:83:3f:6d:50:69:0b Signature Algorithm: sha256WithRSAEncryption Issuer: CN = *.mydomain.cloud Validity Not Before: Apr 2 14:06:15 2023 GMT Not After : Jun 10 14:06:15 2025 GMTand
X509v3 extensions: X509v3 Subject Alternative Name: DNS:mydomain.cloud, DNS:*.mydomain.cloud -
@lukas It's not getting the new certs for some reason - it's using the self-signed cert. If you go to Domains -> Renew all certs. Can you check the logs when it's renewing? Do you see any errors?
-
@lukas From the logs, it seems the domain is not using Wildcard certs at all. If you go to Domains -> Edit -> Advanced. What is the certificate provider ? I suspect it's not wildcard . Can you change it and try to renew certs again?
I guess the reason is because you went from maybe Wildcard DNS to Programmatic DNS. In wildcard DNS, wildcard cert is not possible. But this is indeed a workflow/ui thing, that we have to consider in the future.
-
@lukas From the logs, it seems the domain is not using Wildcard certs at all. If you go to Domains -> Edit -> Advanced. What is the certificate provider ? I suspect it's not wildcard . Can you change it and try to renew certs again?
I guess the reason is because you went from maybe Wildcard DNS to Programmatic DNS. In wildcard DNS, wildcard cert is not possible. But this is indeed a workflow/ui thing, that we have to consider in the future.
-
@girish so which steps do I need to go, to get this resolved?
Btw. I see there some "non-used" SSL certificates, is there any kind of "housekeeping" ?
-
@lukas I am a bit lost at this point. Are you able contact me at support@cloudron.io , so I can debug your instance?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login