[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

3 hours ago, Ryguy said:

So I recently migrated my Letsencrypt instance to Swag, and all of my proxy confs seem to be working except for the Ombi one. I changed nothing in the subdomain conf file from what ws in place with Letsencrypt, but now the container wont start, and I get an Execution Error Code 403.

 

Anyone overcome a similar problem?

It's the ombi container not starting? If so, that shouldn't have anything to do with swag.

Link to comment
2 hours ago, LoneTraveler said:

Hello all, 

 

Just finished the house move, well physically moving everything anyway, and thought I would start with setting up the essentials, water, heating, Unraid. 

 

Everything is going well except that I'm unable to access any of my five proxied services (bitwarden, nextcloud, emby, radarr or sonarr) locally if I type in their public address. I can access them via their local port numbers, however if I enter eg bitwarden.mydomain.uk I receive back;

 

This site can’t be reached

The web page at https://bitwarden.mydomain.uk/ might be temporarily down or it may have moved permanently to a new web address.

ERR_HTTP2_PROTOCOL_ERROR

 

If I use my mobile, the pages can be accessed fine, just locally is the issue. 

 

The only difference from the other house is that I have moved from BT to Vodafone. I recall when I was initially setting Letsencrypt up, some people had an issue with "double NAT / hairpinning" which I'm wondering may be my issue. 

 

Before I set about replacing the supplied Vodafone router however, I wanted to double check with yourselves that I'm not missing something obvious (which wouldn't be the first time). 😂

 

The only changes I have made to the router are;

*Updated the port forwarding rules for 80 & 443,

*Disabled UPnP, 

*Ensured that my Unraid servers local address (192.168.1.149) was given an exception in the routers firewall. 

 

I have looked online for similar issues however people seem to have the opposite problem (unable to access externally). 

 

Any advice would be greatly appreciated as I'm up the wall with everything else going on and this would certainly help me out getting it to work. 

 

 

20201007_173012.jpg

20201007_173040.jpg

 

 

20201007_173244.jpg

You need to disable that dmz as soon as possible as you have just opened the whole unraid server to the internet! Enable hairpining on your router and it should work inside your lan also.

  • Thanks 1
Link to comment
Quote

 

Meanwhile, I found out that on the flash drive there is something like a cache of the container settings that also keeps the .xml of the deleted containers.

Since I renamed the repository from "lets encrypt" to "swag" while also adding the new swag container, I guess something went wrong with the assignment.

The renamed Let's encrypt:

1.thumb.jpg.de91e6be00b9cf896b587b953974749f.jpg

 

The original Swag:

2.jpg.6d9b9fee8e3bf65e9ff34abd25235acb.jpg

 

I guess because of the same name and because the my-letsencrypt.xml was the first file, it has priority.

 

I found the XMLs on this Location on the Flash Drive:

3.thumb.jpg.e30fccc439f607207d82f535d45e3fdd.jpg

 

So in my opinion the fix must be to just erase the "my-letsencrypt.xml" file, right?

Could someone please confirm this to me? Could someone please also explain a noob how to delete the my-letsencrypt.xml from my flash drive?

😀

 

Thank you for help!

 

1.jpg

Link to comment
50 minutes ago, saarg said:

It's the ombi container not starting? If so, that shouldn't have anything to do with swag.

Correct. It will start up on bridge but not when connected to custom network. The only change was with the migration to swag that why I figured there must be some kind of conflict. 

Link to comment
7 hours ago, saarg said:

You need to disable that dmz as soon as possible as you have just opened the whole unraid server to the internet! Enable hairpining on your router and it should work inside your lan also.

 

😲 Many thanks for the advice! This is what happens when a "non-IT" tinkers with Unraid. 😁

 

I'll have a look around on how to enable hairpining on Vodafone. 👍

Edited by LoneTraveler
Link to comment
Quote

Edit the template. Click advanced settings and change the icon URL to https://raw.githubusercontent.com/linuxserver/docker-templates/linuxserver.io/img/linuxserver-ls-logo.png

This was exactly what I have done. But It doesn't matter which Icon I put that way in. It does not change. Please take a look at what I have documented  then you will see.

Link to comment

Just trying to configure my server again after a mishap earlier, I had letsencrypt and changed to swag now I’m trying to start a fresh and I get this
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:

The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "lidarr": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)

Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
My template is

Any help would be grateful


Sent from my iPhone using Tapatalk

IMG_2165.jpg
Link to comment
39 minutes ago, Spoonsy1480 said:

Just trying to configure my server again after a mishap earlier, I had letsencrypt and changed to swag now I’m trying to start a fresh and I get this
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:

The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "lidarr": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)

Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
My template is

Any help would be grateful


Sent from my iPhone using Tapatalk

IMG_2165.jpg

The container thinks your url is set to "lidarr"

 

Post a full log

Link to comment

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=myipaddress
SUBDOMAINS=www,
EXTRA_DOMAINS=radarr,sonarr,plex,lidarr,nzbget,
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
EMAIL=Myemail
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.myipaddress
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d radarr -d sonarr -d plex -d lidarr -d nzbget
E-mail address entered: myemail
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:

The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "lidarr": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)

Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

This is my log


Sent from my iPhone using Tapatalk

Link to comment
3 hours ago, Spoonsy1480 said:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=myipaddress
SUBDOMAINS=www,
EXTRA_DOMAINS=radarr,sonarr,plex,lidarr,nzbget,
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
EMAIL=Myemail
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.myipaddress
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d radarr -d sonarr -d plex -d lidarr -d nzbget
E-mail address entered: myemail
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:

The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "lidarr": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)

Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

This is my log


Sent from my iPhone using Tapatalk

The subdomains go in the subdomain field and not extra domain field.

Link to comment

I'm using this container successfully as a proxy for several other containers and also for a VM running Home Assistant. I modified the included config so that it would work with the VM and it seems fine except for websockets in some of the hassio add-ons. Websockets work fine via the local IP address, but not via the proxy.

 

Is there a reason that I can't simply add the necessary websocket config lines to the / location? That seems to kill the whole thing. As it is, I have tried to add another location for the base url of the add-on that I'm trying to enable websockets for (esphome here, but I've also tried vscode). It's not working and I believe it's most likely because I'm not configuring the proxy correctly.

 

Proxy config is below. Any help would be greatly appreciated!

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name homeassistant.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /a0d7b954_esphome/ {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:443;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

 

Link to comment
1 hour ago, shooga said:

I'm using this container successfully as a proxy for several other containers and also for a VM running Home Assistant. I modified the included config so that it would work with the VM and it seems fine except for websockets in some of the hassio add-ons. Websockets work fine via the local IP address, but not via the proxy.

 

Is there a reason that I can't simply add the necessary websocket config lines to the / location? That seems to kill the whole thing. As it is, I have tried to add another location for the base url of the add-on that I'm trying to enable websockets for (esphome here, but I've also tried vscode). It's not working and I believe it's most likely because I'm not configuring the proxy correctly.

 

Proxy config is below. Any help would be greatly appreciated!

 


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name homeassistant.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /a0d7b954_esphome/ {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:443;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

 

 

Did you try dropping the slash after esphome? Also, why do you have :443 after proxy_set_header Host?

 

My configuration is otherwise the same except I do not have the proxy_set_header x-forwarded... set. See mine below. Note that /endpoint/ui is for Node-RED.

 

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name homeassistant.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.31;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.31;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/hassio_ingress {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.31;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /endpoint/ui {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.31;
        set $upstream_port 1880;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

 

Edited by bigmak
fixed some tab/space issues in code block
Link to comment

Thanks @bigmakfor the response. I had added :443 while trying different things I found in my research - it didn't work and I've removed it now.

 

Turns out I didn't need to add a location for esphome specifically (/a0d7b954_esphome), but needed to add the /api/hassio_ingress location. Saw that in your config and thought it was worth a try. That fixed it! Now it works for esphome and vscode. Thanks again!

 

Just to be clear for anyone else looking for help, this is the section that I needed to add. Maybe it's in the latest config sample with the container, but it wasn't in mine.

    location /api/hassio_ingress {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

 

Link to comment

Hi,

 

Anyone else getting this error?

I've googled around a bit but couldn't find an answer. I've also check the files in the container but couldn't find anything about "sslforfree"

 

The error message is:

image.thumb.png.f8dc279879e0576a0b9ff6f163d476d3.png

nginx: [emerg] cannot load certificate "/config/sslforfree/cert.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/sslforfree/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

My old letsencrypt container dosn't give this error message every 0.5 second.

And I've reintalled swag as well (delete container > delete swag folder under appdata > install swag)

Edited by Muff
Link to comment
3 hours ago, shooga said:

Thanks @bigmakfor the response. I had added :443 while trying different things I found in my research - it didn't work and I've removed it now.

 

Turns out I didn't need to add a location for esphome specifically (/a0d7b954_esphome), but needed to add the /api/hassio_ingress location. Saw that in your config and thought it was worth a try. That fixed it! Now it works for esphome and vscode. Thanks again!

 

Just to be clear for anyone else looking for help, this is the section that I needed to add. Maybe it's in the latest config sample with the container, but it wasn't in mine.


    location /api/hassio_ingress {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.205;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

 

You shouldn't need that. The latest updates to nginx.conf and proxy.conf auto enable websockets when needed.

Link to comment
2 hours ago, Muff said:

Hi,

 

Anyone else getting this error?

I've googled around a bit but couldn't find an answer. I've also check the files in the container but couldn't find anything about "sslforfree"

 

The error message is:

image.thumb.png.f8dc279879e0576a0b9ff6f163d476d3.png


nginx: [emerg] cannot load certificate "/config/sslforfree/cert.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/sslforfree/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

My old letsencrypt container dosn't give this error message every 0.5 second.

And I've reintalled swag as well (delete container > delete swag folder under appdata > install swag)

Looks like you modified your confs and referenced a custom cert. Our image does not use such a cert out of the box.

Link to comment
On 10/7/2020 at 10:53 PM, Mor9oth said:

This was exactly what I have done. But It doesn't matter which Icon I put that way in. It does not change. Please take a look at what I have documented  then you will see.

Finally, I solved it. So for everybody who has the same Problems with showing up the old Let's Encrypt Icon here is the solution:

  1. Go to advanced view and copy the correct image-url to the clipboard
  2. Rename the Image-URL to something that does not exist and save it. Then you will see that the icon is missing
  3. Go back to the advanced view and paste the correct image-url 

 

At least this worked for me. But maybe the steps further (removing the old .xml) could also do have an impact on this.

Here I documented everything that I did:

 

 

Link to comment
13 hours ago, Mor9oth said:

Finally, I solved it. So for everybody who has the same Problems with showing up the old Let's Encrypt Icon here is the solution:

  1. Go to advanced view and copy the correct image-url to the clipboard
  2. Rename the Image-URL to something that does not exist and save it. Then you will see that the icon is missing
  3. Go back to the advanced view and paste the correct image-url 

 

At least this worked for me. But maybe the steps further (removing the old .xml) could also do have an impact on this.

Here I documented everything that I did:

 

 

Yup, I had the same problem and  had to delete the old my-letsencrypt.xml to get it to change the icon. Thanks for posting

Link to comment

Hi,

 

I did a search for this error and the only solution i could find was to delete the old conf files and let the docker container redownload by restarting it. But the error still remains:

 

"nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)"

 

Any help would be very appreciated ... i am an unRaid newbie :/

 

 

[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

Edited by Syed
Link to comment

Hey All - I've got this up and running for a while now - great image thanks. Just a question though, it it possible to have a wild card URL entry? Kind of like the way google does with *.google.com?

 

My current setup just has this:

 

URL=topleveldomain.com

SUBDOMAINS=portainer,sonarr,radarr

 

But when I click to view the cert in the browser it seems that it sets portainer.topleveldomain.com as the URL and the rest in the SAN where they should be. Was just looking to see if possible to clean up. Currently, my topleveldomain doesn't point to anything if that makes a difference?

Link to comment

I'm having an interesting problem with LetsEncrypt. Two issues I've experienced I would like to try and resolve: if I use use DNS through Cloudflare my subdomains become unbearably slow. If I do the subdomains through my registrar and forego Cloudflare, anytime I add or remove a subdomain LetsEncrypt reports a firewall/timeout error for several hours rendering my subdomains inaccessible. Does anyone know why this is happening?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.