shawnngtq Posted March 1 Share Posted March 1 Hi Guys, UnRaid 6.12.1. Everything is fine yesterday night. Until I remove wireguard server-to-server tunnel. I deleted the external EC2 wireguard that routes all the traffic to my UnRaid, to save AWS VPS cost. The problem now is that all my internet facing apps exposed by Nginx Proxy Manager can't be reached. Firefox: SEC_ERROR_UNKNOWN_ISSUER Google Chrome: NET::ERR_CERT_AUTHORITY_INVALID Here is what I tried, from upstream to downstream 0. Restart Unraid -> no imppact 1. AWS route 53 -> I confirmed that the domain A record is pointed to my UnRaid public ipv4 address. Issue not here 2. UnRaid firewall -> maybe the issue is here? 3. Nginx Proxy Manager (NPM) -> I deleted all the certs and re-provisioned, no impact. I tried another NPM fresh installation, still same. I don't see any logs generated when I go to the site. Does this imply that the request never hit here? 4. Fail2Ban container -> stop this container, no impact 5. ddns-route53 container -> stop this container, no impact 6. VPN manager -> disable this, no impact Quote Link to comment
shawnngtq Posted March 1 Author Share Posted March 1 I think Nginx Proxy Manager (NPM) is not the issue. Stopping NPM container still yield same error ... Meaning the issue occur before NPM. Quote Link to comment
shawnngtq Posted March 1 Author Share Posted March 1 I deleted AWS route 53 A record, then recreate them (domainname.com, www.domainname.com). I am sure it's they are ready via nslookup domainname.com nslookup www.domainname.com Same issue, even thought NPM is off Quote Link to comment
shawnngtq Posted March 2 Author Share Posted March 2 https://www.ssllabs.com/ssltest/ Ran this SSL test, the output is: Assessment failed: Unable to connect to the server Quote Link to comment
shawnngtq Posted March 2 Author Share Posted March 2 I flushed my iptables (iptables -F). Same issue Quote Link to comment
shawnngtq Posted March 2 Author Share Posted March 2 Use NPM to test server reachability. *.domainname.com: There is a server found at this domain but it returned an unexpected status code Invalid domain or IP. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running. domainname.com: There is a server found at this domain but it returned an unexpected status code Invalid domain or IP. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running. Quote Link to comment
shawnngtq Posted March 2 Author Share Posted March 2 Used Wireshark to track traffic. So it seems that AWS route 53 did pass the traffic to my server. The problem is in my server, not route 53 then. Protocol: TLSv1.2 Length: 61 Info: Alert (Level: Fatal, Description: Certificate Unknown) 20240302 - Copy.txt Quote Link to comment
shawnngtq Posted March 3 Author Share Posted March 3 Wireshark only show the local traffic, not external traffic. When I go to these domains with different internet, instead of `Your connection is not private / Warning: Potential Security Risk Ahead`, the browser shows `The connection has timed out` Perhaps the server's firewall block external traffic? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.