Certbot
-
I'm in a different situation. I'm hosting my OwnCloud server with Vultr on CentOS 7. I followed the directions but I get the errors that I listed above. Unsure what I need to do on CentOS.
- Do I need to specify the ServerName or does CertBot make that irrelevant?
- Do I need to setup a vhost or is the ssl.conf what I am supposed to use by default?
- Is the failed authorization procedure due to Google or is it my settings?
-
@wirestyle22 I had to specify the servername
i used the ssl.conf default -
@alex.olynyk said in Certbot:
Where is your Roseradiology.com DNS domain? I don't see it in the list.
-
we dont have one. its just rose.internal
-
You need to create one. That's what allows you to use different, internal IPs for that roseradiology.com domain while inside your network.
that's what makes split horizon DNS.
-
@Dashrender But Why? Why host any roseradiology.com DNS locally? Speed?
-
@aaronstuder I am confused here, too. I don't see where the benefit is in this setup.
-
@StrongBad The only thing I can think of is speed? Maybe it's a bit faster? However many routers have loopback NAT, so no difference there.
-
@wirestyle22 Can you start a new topic? It's hard to keep track here.
-
@alex-olynyk remove roseradiology.com from your local DNS complerely, then try again after flushing DNS. I bet it works.
-
@aaronstuder removed and flushed but no change
-
@alex.olynyk Did you remove all records, or just the owncloud one? You have to remove the whole domain.
-
Unless I completely misunderstood something in the beginning, the OP indicated that he had roseradiology.com on his internal DNS as well. So working from that, I gave the above response.
Now that we see that he does not have that already in place, I would agree, avoid it if at all possible - but you have to make sure things work first.
This means making sure his firewall/router supports hairpin routing.
It works as follows:
an internal client makes a request for the IP to OC.roseradiology.com, which is responded to from the internet DNS server with an IP on his firewall (assuming the OP is using NATing).
The client then tries to connect to that IP, which is on the outside of his firewall.
The firewall gets a packet and realizes that it has a rule that says this packet needs to go back inside the network to the designated internal IP (cisco PIX firewalls can NOT do this). Assuming this works - the traffic is sent back inside the network
and all is fine. -
@aaronstuder
removed domain -
@Dashrender things do work if I use 2 different URL's
-
@alex.olynyk said in Certbot:
@Dashrender things do work if I use 2 different URL's
How does file sharing work that way?
-
dont know. havent put into production yet
-
@alex.olynyk said in Certbot:
dont know. havent put into production yet
LOL, so how do you know that things will work The links that are generated by the system will only work to one or the other group (internal or external) is the expectation.
-
honestly dont know, this has been placed in my lap to get working
-
OK @alex-olynyk did add roseradiology.com, but not in the correct place. As such, it never worked as desired.