Wanting to Encrypt Disks, need to set up HTTPS, cant provision certificate

[knights_of_pine]

6.9.2

I have been wanting to encrypt my array disks.  I understand that portion but in the Spaceinvader One video it states you must have HTTPS set up.  I go into settings>management access and click "provision" but i get an error:

 

Sorry, an error occurred in processing your SSL certificate. The error is: Your router or DNS server has DNS rebinding protection enabled, preventing xxxxxxxxxxx.unraid.net 192.168.x.x resolution. See Help for more details and workarounds.

 

I searched this error and it seems i need to change some setting in my router?  I am using opnsense with unbound and adguardhome plugin.

 

can someone provide some assistance?  thank you!!

[JorgeB]

12 hours ago, knights_of_pine said:

it states you must have HTTPS set up

You don't need HTTPS to enable disk encryption.

[knights_of_pine]

what is the benefit of enabling https?

 

i acces my unraid server locally and by wireguard vpn only. 

[JorgeB]

It's needed if you want for example to use the myservers plugin for remote access, not needed for local access in a secure lan.

[ljm42]

The thinking goes that if you are concerned about security enough to want to encrypt your disks, you should probably also encrypt the communication between your web browser and the server, since that is how you input the encryption password. 

 

Using a fully proper SSL certificate requires you to have a Fully Qualified Domain Name such as hash.unraid.net which Unraid provides. We manage the DNS for you, so that hash.unraid.net points to your server's IP address on the local LAN. However, some routers and DNS servers have a feature called "DNS Rebinding Protection" which prevents this from working. You'll need to do a Google search for "YourRouterName disable DNS rebind" to figure out how to get past that, the solution may be to replace your router. You could also try changing your DNS servers to 8.8.8.8, in case it is your DNS server that is blocking it.

 

The other option would be to use a self-signed certificate rather than a full and proper certificate. Or you might decide you are fine without encrypted communication. It all depends on what level of security you are comfortable with.