fivestones

Members
  • Posts

    3
  • Joined

  • Last visited

fivestones's Achievements

Noob

Noob (1/14)

0

Reputation

  1. I went back and looked at cloudflare again, and while I'm pretty sure that a few months ago when I was trying it it wouldn't let me use *.mydomain.com to make a DNS A record, now it does. They say that using a wildcard DNS like this will make the wildcard subdomains not be protected by the cloudflare network (unless you pay for the enterprise version), but it will still point to your server as intended. So I set it up for my domain, made the wildcard subdomain in cloudflare, and then set the letsencrypt docker to make a wildcard cert, and it all works! Now I can go to any random subdomain random.mydomain.com and it points to mydomain.com if nothing is specified in letsencrypt config/nginx/site-confs/default. Or if I specify something in that file random.mydomain.com can point to a particular port on my server like ghost or plex. I'm so excited to see it all working! Thanks for the tip on cloudflare.
  2. Ok, I think I found the problem. It's a problem with the way certbot uses the nsone api apparently. It tries to set two records and the first works but the second doesn't, because nsone's api has to be called a different way I guess. Here's the bug for certbot: https://github.com/certbot/certbot/issues/5735 I guess I have to wait for this bug to be fixed if I want to keep using nsone with certbot/letsencrypt. I tried just running certbot from the command line to get a wildcard cert and I got the same error. The reason the error says TXT record is wrong is because it's looking for the second record that was set and it was never set, and it's just reading the first one. (It does successfully delete the TXT record it had set so nothing extra is left in my DNS.) I know cloudflare is free and supports wildcard certs, but when I last looked you couldn't set a wildcard A DNS record (e.g., <anything>.<domain>.<tld> points to my server) at least in the free version. Has this changed? Thanks for your help you guys. Aptalca, your work has been making my life so much better for months. Appreciate it.
  3. I'm having trouble with a wildcard certificate. I've got letsencrypt running through docker-compose, and prior to now have been using a certificate for specific subdomains which has been working perfectly. Today I have been trying to get it to work with a single wildcard certificate instead. In the letsencrypt log is says: ... Waiting 30 seconds for DNS changes to propagate Waiting for verification... Cleaning up challenges An unexpected error occurred: Exception: Record identifier could not be found. Please see the logfiles in /var/log/letsencrypt for more details. IMPORTANT NOTES: - The following errors were reported by the server: Domain: [domain].im Type: unauthorized Detail: Incorrrect TXT record "cR1VRcO[...]WwIKF4yJiqV-eQ" found at _acme-challenge.<domain>.im ... So I guess for some reason the wrong TXT record is getting set? When I repeat the process (again trying to use a wildcard), it finds the same wrong TXT record. If I change it back to particular subdomains, everything works as intended (and that same wrong TXT record is not the one that is used). I'm using nsone.net (which is the only one supported for DNS challenges that is both free and lets you use wildcard subdomains in the dns as far as I could see). The pertinent part of my docker-compose is: linuxserver-letsencrypt: image: linuxserver/letsencrypt container_name: linuxserver-letsencrypt restart: unless-stopped ports: - 443:443 - 80:80 environment: - TZ=America/Chicago - PGID=${PGID} - PUID=${PUID} - EMAIL=<email> - URL=<domain>.im - VALIDATION=dns - DNSPLUGIN=nsone - SUBDOMAINS=wildcard volumes: - /opt/appdata/linuxserver-letsencrypt:/config cap_add: - NET_ADMIN I read something above about a problem with letsencrypt and some other newer TLD. I'm using "im" TLD. Maybe this is part of the problem? But it works find if I'm doing it with specific domains/subdomains, and only fails with wildcard. I exec'd into the docker and had a look at /var/log/letsencrypt/letsencrypt.log. It's pretty long and I'm not sure what I'm looking for to diagnose this. I see at the end where it lists the same incorrect TXT record being found when it does the acme-challenge. Maybe there is something in this file that would be helpful to help figure out why this is failing?