SpencerJ Posted December 8, 2022 Share Posted December 8, 2022 1/18/23 UPDATE: As previously announced, we stopped renewing certificates for the unraid.net domain at the beginning of the year. We had initially expected a grace period of a few months where the certificates would continue to work, but due to some necessary infrastructure improvements, the old unraid.net domain certificates are now invalid and will not work. If you still need to migrate from the unraid.net certificate to a myunraid.net certificate, you may have difficulty accessing your server's webgui. Actions for Unraid 6.10 or Newer: If you can't access the server's webgui, use a local keyboard/monitor or SSH into the server and run 'use_ssl no'. (Note: if the system responds "command not found" then jump down to the section for Unraid 6.9 and earlier.) Then, you can access the server via http://ipaddress (or http://ipaddress:port if you have defined a custom http port). Note: these are http URLs, not https URLs. Navigate to the Settings → Management Access page in the Unraid webgui and click the "Upgrade Cert" button. Click on the Certificate URL and verify you can access the server via the ipaddress.hash.myunraid.net certificate. You can change the "Use SSL/TLS" setting back to Yes or Strict if all is well. Note: if you have a high-end router and previously added an exception to allow DNS Rebinding on the unraid.net domain, you will need to add an exception for myunraid.net. This feature is on/off on most consumer routers, so no additional changes are required to support the myunraid.net domain if the unraid.net domain works fine. Be sure to update your bookmarks! The My Servers dashboard will automatically use the appropriate URL if you use the My Servers plugin. Action needed for Unraid 6.9 and earlier: Older versions of Unraid do not support the newer myunraid.net certificates. You should be able to access the webgui using https://ipaddress (or https://ipaddress:port if you have defined a custom https port). Note that these are https URLs, not http URLs, so you'll need to ignore any browser warnings about invalid certificates. Navigate to Settings → Management Access and set "Use SSL/TLS" to No. Then, open a web terminal (>_) and type: rm /boot/config/ssl/certs/certificate_bundle.pem If you plan to stay on an older version of Unraid, uninstall the My Servers plugin, as it will be dropping support for older versions of Unraid. Warning: these older versions of Unraid are outdated concerning security updates and features, so we recommend taking advantage of our free upgrade policy and upgrading your system to the latest version of Unraid. On Jan 1, 2023, we will stop renewing Let’s Encrypt SSL certificates on the unraid.net domain. If you are still using a hash.unraid.net domain to access your server, please switch to the newer myunraid.net certificates that we provide for free. The URLs used with these new certificates will provide increased privacy, particularly for remote access. Upgrade actions for Unraid 6.10 or higher: Navigate to the Settings → Management Access page in the Unraid webgui. If there is an “Upgrade Cert” button, press it. This will update the certificate and change your URL from hash.unraid.net to ipaddress.hash.myunraid.net. You will need to sign back into the webgui with your root password afterward. Note: if you have a high-end router and previously added an exception to allow DNS Rebinding on the unraid.net domain, you will now need to add an exception for myunraid.net. On most consumer routers this feature is simply on/off so no additional changes are required to support the myunraid.net domain if the unraid.net domain worked fine. Be sure to update your bookmarks! If you are using My Servers, the My Servers dashboard will automatically use the appropriate URL. Action needed for Unraid 6.9 and earlier: Older versions of Unraid do not support the newer myunraid.net certificates, so if you don’t wish to upgrade Unraid you’ll need to navigate to Settings → Management Access and set "Use SSL/TLS" to No. Then open a web terminal and type: rm /boot/config/ssl/certs/certificate_bundle.pem If you plan to stay on an older version you should also uninstall the My Servers plugin as it will be dropping support for older versions of Unraid as well. Warning: these older versions of Unraid are out of date with regard to security updates and features, so our recommendation is to take advantage of our free upgrade policy and upgrade your system to the latest version of Unraid. Then, switch to the myunraid.net certificate as described above. Note: If you are unable to upgrade your certificate by Jan 1, 2023, the unraid.net certificate will continue to work for another 90 days, although at some point during that time it will expire and your browser will warn that it is insecure. On Apr 1 we will shut down DNS for these certificates and the URLs associated with them will no longer work to access your server. We highly recommend that you avoid this by migrating to the new certificate before Jan 1, 2023. If you have any questions on this or need additional help, comment here or contact support! 3 2 Quote Link to comment
SpencerJ Posted December 8, 2022 Author Share Posted December 8, 2022 Blogs with pictures here: https://unraid.net/blog/ssl-certificate-update-2 https://unraid.net/blog/ssl-certificate-update Quote Link to comment
dada051 Posted December 9, 2022 Share Posted December 9, 2022 I'm curious to know how this new link increase privacy 1 Quote Link to comment
kellekellner Posted December 9, 2022 Share Posted December 9, 2022 I can't get access to my server now. What is the error? The MyServers Page says Online an local Access, but chrome says: DNS_PROBE_FINISHED_NXDOMAIN Quote Link to comment
dada051 Posted December 9, 2022 Share Posted December 9, 2022 Can you try "nslookup {yourdomain}" in a terminal? If yes, what's the answer. Is it the new IP.hash.myunraid.net URL that you're trying to connect to? Quote Link to comment
kellekellner Posted December 9, 2022 Share Posted December 9, 2022 Yes i try to connect to the new domain. But the IP is the local IP from my server. nslookup says: Non-existent domain. Quote Link to comment
dada051 Posted December 9, 2022 Share Posted December 9, 2022 Yes the the new domain, like the old, send the local IP address when you resolve it. Don't know why you have "Non-existent domain." as a result. Quote Link to comment
kellekellner Posted December 9, 2022 Share Posted December 9, 2022 I've tried a little bit. When go from extern to this domain in can access the server. But when im local it won't work. I have the port 543 for the webgui Quote Link to comment
dada051 Posted December 9, 2022 Share Posted December 9, 2022 Maybe a loopback issue or DNS rebinding issue with your router. Or just DNS propagation. If it's the last, you just have to wait a bit. 1 Quote Link to comment
ljm42 Posted December 9, 2022 Share Posted December 9, 2022 2 hours ago, kellekellner said: chrome says: DNS_PROBE_FINISHED_NXDOMAIN I agree with @dada051, your client is either having issues with DNS Rebinding or with DNS propagation. If you were previously running with an unraid.net certificate, then DNS Rebinding should not be an issue. Although depending on your network you may have taken steps to allow DNS Rebinding specifically for the unraid.net domain, in which case you'll need to do the same for the myunraid.net domain. On the client computer, open a command prompt and run these commands, pasting the results back here: nslookup rebindtest.unraid.net nslookup rebindtest.unraid.net 8.8.8.8 nslookup rebindtest.myunraid.net nslookup rebindtest.myunraid.net 8.8.8.8 Quote Link to comment
kellekellner Posted December 9, 2022 Share Posted December 9, 2022 Thank you fot your Help ! It was an rebinding issued. I had the Port in the Domain. This was the fault. Thanks Quote Link to comment
ljm42 Posted December 9, 2022 Share Posted December 9, 2022 17 minutes ago, kellekellner said: I had the Port in the Domain. This was the fault. The best way to get the new url is to go to the Settings -> Management Access page. On newer versions of Unraid there is a section titled "Local URLs" that lists out your options, otherwise you can click on the "Certificate URL" for the myunraid.net certificate. Quote Link to comment
jackfalveyiv Posted December 9, 2022 Share Posted December 9, 2022 It looks like after clicking Upgrade Cert that my machine can connect to the console via the new URL, but it does not display all information. I can access the shares, users, settings, plugins and dockers, but many other menus are not accessible. Furthermore, the Dashboard loads but returns no information, and when I click on Main I get a constant loading screen. I can access the console via a local unsecure link. All I did was click Upgrade Cert as per the blog post. Am I missing a step somewhere? Quote Link to comment
ljm42 Posted December 9, 2022 Share Posted December 9, 2022 11 minutes ago, jackfalveyiv said: It looks like after clicking Upgrade Cert that my machine can connect to the console via the new URL, but it does not display all information. I can access the shares, users, settings, plugins and dockers, but many other menus are not accessible. Furthermore, the Dashboard loads but returns no information, and when I click on Main I get a constant loading screen. I can access the console via a local unsecure link. All I did was click Upgrade Cert as per the blog post. Am I missing a step somewhere? Clear your browser's cache, and disable any popup blockers / ad blockers for the new url Quote Link to comment
jackfalveyiv Posted December 9, 2022 Share Posted December 9, 2022 All set, thank you! 1 Quote Link to comment
Frank1940 Posted December 9, 2022 Share Posted December 9, 2022 Got it working. It took about an hour. Had to fix the DNS rebinding on my Ubiquity router. Longest part of the whole process was getting the Bitwarden password manager set up to properly fill in the password as that was a real headache as I have two servers and the most password managers want to use the base URL ( myunraid.net in this case) by default. 1 Quote Link to comment
Cicatrix Posted December 9, 2022 Share Posted December 9, 2022 Done, thanks. Took about 10-15 minutes until domain was found. Had some panic. 1 Quote Link to comment
Blobbonator Posted December 10, 2022 Share Posted December 10, 2022 Hi I've got the same DNS_PROBE_FINISHED_NXDOMAIN error. When i do the DNS probe for nslookup 192-168-178-85.***.myunraid.net Server: fritz.box Address: fd0***2e *** No internal type for both IPv4 and IPv6 Addresses (A+AAAA)-Entrys for 192-168-178-85.d4***.myunraid.net available. so the ipv4 entry seems to be missing how can I fix this? having no access to the web interface is pretty annoying Quote Link to comment
Frank1940 Posted December 10, 2022 Share Posted December 10, 2022 (edited) 2 hours ago, Blobbonator said: Server: fritz.box I think this is the clue that you need. Now read this paragraph from this original post: On 12/8/2022 at 3:29 PM, SpencerJ said: Note: if you have a high-end router and previously added an exception to allow DNS Rebinding on the unraid.net domain, you will now need to add an exception for myunraid.net. On most consumer routers this feature is simply on/off so no additional changes are required to support the myunraid.net domain if the unraid.net domain worked fine. Your Fritz router/modem(?) probably is one of those "high-end router" that require an exception to allow DNS rebinding for the myunraid,net domain. Try googling fritzbox dns rebinding and look for a solution. EDIT: When you find the solution, post it up here as Wikipedia indicates that this 'Fritzbox' is a widely used device throughout Europe.. Edited December 10, 2022 by Frank1940 1 1 Quote Link to comment
dada051 Posted December 10, 2022 Share Posted December 10, 2022 Did you try with another dns server (just had to add 1.1.1.1 or 8.8.8. 8 at the end of the command) Quote Link to comment
Blobbonator Posted December 10, 2022 Share Posted December 10, 2022 31 minutes ago, Frank1940 said: I think this is the clue that you need. Now read this paragraph from this original post: Your Fritz router/modem(?) probably is one of those "high-end router" that require an exception to allow DNS rebinding for the myunraid,net domain. Try googling fritzbox dns rebinding and look for a solution. EDIT: When you find the solution, post it up here as Wikipedia indicates that this 'Fritzbox' is a widely used device throughout Europe.. Thank you it worked. Just googled it and found https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7590-AX/3565_FRITZ-Box-reports-Your-FRITZ-Box-s-DNS-rebind-protection-rejected-your-query-for-reasons-of-security/ Didn't remember that I had to do it before but my router had the old unraid url already entered And I just updated it because of the notice in unraid and didn't read the forum post beforehand. Btw. I could workaround my way to the web interface with a vpn client - just for information if someone has the same issue. 2 Quote Link to comment
Frank1940 Posted December 10, 2022 Share Posted December 10, 2022 @SpencerJ, can we remove the DNS rebinding on unraid.net now after updating the SSL certificate or does Unraid still require DNS access to it for some other propose? Quote Link to comment
ljm42 Posted December 10, 2022 Share Posted December 10, 2022 8 hours ago, Frank1940 said: @SpencerJ, can we remove the DNS rebinding on unraid.net now after updating the SSL certificate or does Unraid still require DNS access to it for some other propose? Once you have migrated your Unraid system(s) to use the myunraid.net certificate, then DNS Rebinding on the unraid.net domain is no longer a concern. You can remove any special handling of DNS Rebinding for the unraid.net domain from your router. 2 1 Quote Link to comment
gilladur Posted December 11, 2022 Share Posted December 11, 2022 I had next to the changes in my Fritzbox to add the Local DNS Records [A/AAAA] in my pihole. You'll find it on the left side in PiHole under "Local DNS" Quote Link to comment
jackfalveyiv Posted December 12, 2022 Share Posted December 12, 2022 Ran into another issue, everything seems to be working so not a critical issue, but I'm seeing this in my Unraid console and unsure what it means/indicates. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.