Certbot
-
@StrongBad said in Certbot:
@alex.olynyk said in Certbot:
I setup a CNAME internally because i gave owncloud a different name internally. owncloud.rose.internal
Won't that cause issues? ownCloud requires DNS to be consistent between internal and external, doesn't it?
I would think so....
-
Any ideas?
-
can i post my DNS config so you can have a look?
-
-
I'd appreciate any information right now
-
-
I'm in a different situation. I'm hosting my OwnCloud server with Vultr on CentOS 7. I followed the directions but I get the errors that I listed above. Unsure what I need to do on CentOS.
- Do I need to specify the ServerName or does CertBot make that irrelevant?
- Do I need to setup a vhost or is the ssl.conf what I am supposed to use by default?
- Is the failed authorization procedure due to Google or is it my settings?
-
@wirestyle22 I had to specify the servername
i used the ssl.conf default -
@alex.olynyk said in Certbot:
Where is your Roseradiology.com DNS domain? I don't see it in the list.
-
we dont have one. its just rose.internal
-
You need to create one. That's what allows you to use different, internal IPs for that roseradiology.com domain while inside your network.
that's what makes split horizon DNS.
-
@Dashrender But Why? Why host any roseradiology.com DNS locally? Speed?
-
@aaronstuder I am confused here, too. I don't see where the benefit is in this setup.
-
@StrongBad The only thing I can think of is speed? Maybe it's a bit faster? However many routers have loopback NAT, so no difference there.
-
@wirestyle22 Can you start a new topic? It's hard to keep track here.
-
@alex-olynyk remove roseradiology.com from your local DNS complerely, then try again after flushing DNS. I bet it works.
-
@aaronstuder removed and flushed but no change
-
@alex.olynyk Did you remove all records, or just the owncloud one? You have to remove the whole domain.
-
Unless I completely misunderstood something in the beginning, the OP indicated that he had roseradiology.com on his internal DNS as well. So working from that, I gave the above response.
Now that we see that he does not have that already in place, I would agree, avoid it if at all possible - but you have to make sure things work first.
This means making sure his firewall/router supports hairpin routing.
It works as follows:
an internal client makes a request for the IP to OC.roseradiology.com, which is responded to from the internet DNS server with an IP on his firewall (assuming the OP is using NATing).
The client then tries to connect to that IP, which is on the outside of his firewall.
The firewall gets a packet and realizes that it has a rule that says this packet needs to go back inside the network to the designated internal IP (cisco PIX firewalls can NOT do this). Assuming this works - the traffic is sent back inside the network
and all is fine. -
@aaronstuder
removed domain