AdGuard Home Wildcard aliases
-
@Kubernetes as I understand this, for DoT I need a wildcard domain. In AdGuard Adnroid app I can use DoH with your string, this works fine.
-
-
@girish I switched now from Porkbun API to Wildcard Domain. How to get it working now?
Just get this:
Apr 29 22:16:09 2023/04/29 20:16:09.334842 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority Apr 29 22:16:09 2023/04/29 20:16:09.584416 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority Apr 29 22:16:09 2023/04/29 20:16:09.602320 [error] handling tcp: reading msg: reading len: remote error: tls: unknown certificate authority
-
@lukas Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
Unfortunately, one cannot create a wildcard certificate from the Wildcard Domain. This is because Let's Encrypt requires you to set values in the DNS to get a wildcard cert. With a wildcard provider, Cloudron has no way to program the DNS. Only fix right now is to switch to some other programmable DNS provider. Sorry...
-
@girish said in AdGuard Home Wildcard aliases:
Yeah, so they never got back I even sent them a reminder. Please point them to this thread (if you are a customer). I sent mails from girish@cloudron.io
you got maybe any ticket number? I will contact them now
-
@girish update to latest Cloudron Version, bunny.net integration is working fine (thanks for this), but DoT on my Android Phone is still not working, in AdGuard Home Log I see:
May 02 10:35:57 2023/05/02 08:35:57.599729 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.907614 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate May 02 10:35:57 2023/05/02 08:35:57.914408 [error] handling tcp: reading msg: reading len: remote error: tls: bad certificate
What is wrong? I use <clientname>.adguard.mydomain.TLD and I added an Alias (*.adgaurd) to AdGuard Home.
What is wrong?
Thank you and Regards,
Lukas -
@lukas The first few lines should give us the issuer and expiry like this:
Certificate: Data: Version: 3 (0x2) Serial Number: 04:1d:71:e7:48:c7:d3:80:02:ac:c1:ac:5b:79:e5:3f:3e:4e Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Apr 15 02:11:00 2023 GMT Not After : Jul 14 02:10:59 2023 GMT
Then later down, you should also see the SAN section:
X509v3 Subject Alternative Name: DNS:*.girish.in
Ideally, there should the wildcard and non-wildcard DNS listed above in your case.
-
Certificate: Data: Version: 3 (0x2) Serial Number: 36:5d:97:51:3d:9f:45:89:58:45:67:c2:82:a6:83:3f:6d:50:69:0b Signature Algorithm: sha256WithRSAEncryption Issuer: CN = *.mydomain.cloud Validity Not Before: Apr 2 14:06:15 2023 GMT Not After : Jun 10 14:06:15 2025 GMT
and
X509v3 extensions: X509v3 Subject Alternative Name: DNS:mydomain.cloud, DNS:*.mydomain.cloud
-
@lukas From the logs, it seems the domain is not using Wildcard certs at all. If you go to Domains -> Edit -> Advanced. What is the certificate provider ? I suspect it's not wildcard . Can you change it and try to renew certs again?
I guess the reason is because you went from maybe Wildcard DNS to Programmatic DNS. In wildcard DNS, wildcard cert is not possible. But this is indeed a workflow/ui thing, that we have to consider in the future.