As an Oracle database and APEX developer as part of my day job, I would LOVE to see this integrated into Cloudron,
Unfortunately I very much doubt Oracle would allow its free products to be integrated into another commercial product without a very one-sided data-sharing agreement. Much of Oracle's profits come from it's data-brokerage and ad tech businesses.
L
Posts made by lcd_official
-
RE: Oracle 21XE with APEXposted in App Wishlist
-
RE: Preferred Chain option when renewing certificatesposted in AdGuard Home
@girish Good morning!
It appears to be working perfectly! Tested renewing cert and Android’s Private DNS function is still happy to connect to AGH via DoT. That’s amazing - thank you for implementing that so quickly!I have to say, after using Cloudron for a while now, what you guys have built here is nothing short of amazing - with so much automation - app installation, VPS security patches, managing certs, auto DNS config + providing LDAP, quick access to Cron, integration with registrars, custom apps - I can go on for days.
This really is bringing self-host to the masses…
Thank you so much
-
RE: Preferred Chain option when renewing certificatesposted in AdGuard Home
@girish Hi!
Sorry for the late response…. Last few days have been busy…
As of package version 1.4.6 it seems it may be working, at least surviving a reboot. I will perform additional testing in the morning including a manual renew of the cert and will report back asap.Thanks!
-
RE: Preferred Chain option when renewing certificatesposted in AdGuard Home
@girish Yes, that is exactly right. That matches with what I found as well.
Sure, I think that would make sense, if the AdGuardHome package could remove the X3 cert at start - perhaps going as far as making it an option exposed via checkbox for the user to include the X3 cert to support "legacy" Android devices, based on preference...
Ultimately I believe this to be an Android issue, in the way that they have rigidly implemented DNS over TLS, but I doubt a change to Android will be anywhere near a quick fix to get implemented
Let me know your thoughts...
Thanks again
-
RE: Preferred Chain option when renewing certificatesposted in AdGuard Home
@girish Awesome! Thanks for sharing the name of the code file. I will look through and see if there is any way to implement something similar to certbot's '--preferred-chain' option and will share here if I can find any workaround.
Thanks!
-
Preferred Chain option when renewing certificatesposted in AdGuard Home
Hi! I am submitting this here because it’s not really a bug - at least not for Cloudron.
I have encountered the same situation with Android clients in my implementation of AdGuard Plus that is described here: Let’s Encrypt and DNS over TLS on Android.
Long story short, Let’s Encrypt’s expired X3 certificate causes problems for Android clients on DNS-over-TLS.
The issue can be mitigated by invoking the option
—preferred-chain “ISRG Root X1”when renewing Let’s Encrypt certificates, which excludes the expired certificate from the cert chain.It's in no way a Cloudron bug, but since Cloudron handles certificate renewal, it seems to me to be the best place to insert a solution.
I believe Cloudron uses the ACME API in order to request renewals from Let’s Encrypt, and I would love to have the ability to specify the above option (or perhaps the ability to request other options as well might also be useful to others) within the Cloudron UI or API as part of the certificate setup/renewal.
Thanks for your time, and please let me know if you need any clarification at all.
Thanks!