TLDR:

  • Update: the server software has a bug about generating+saving certificates. Bug has been reported; as a workaround I added the local IP to my local ‘hosts’ file so I can continue (but that does not solve it of course).
  • I suspect there’s a problem with running two servers off the same IP address, each with their own DNS name?

Problem:

  • When I enter https://my.domain.abc into Firefox, I get an error ERR_SSL_UNRECOGNIZED_NAME_ALERT instead of seeing the site.

Context:

  • I have a static public IP address, and a Unifi gateway that directs the ports 80,443 to my server at 192.168.1.10 where Nginx Proxy Manager is running as a Docker container. This also gives me a _Let’s Encrypt certificate.
  • I use Cloudflare and have a domain foo.abc pointed to my static public IP address. This domain works, and also a number of subdomains with various Docker services.
  • I have now set up a second server running yunohost. I can access this on my local LAN at https://192.168.1.14.
  • This yunohost is set up with a DynDNS xyz.nohost.me. The current certificate is self-signed.
  • Certain other ports that yunohost wants (22,25,587,993,5222,5269) are also routed directly to 192.168.1.14 by the gateway mentioned above.
  • All of the above context is OK. Yunohost diagnostics says that DNS records are correctly configured for this domain. Everything is great (except reverse DNS lookup which is only relevant for outgoing email).

Before getting a proper certificate for the yunohost server and its domain, I need to make the yunohost reachable at all, and I don’t see what I am missing.

What am I missing?

  • 𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶
    link
    fedilink
    English
    31 year ago

    Did you try doing any searching on the error message before posting here? That’s an SSL error. Most likely due to you using a dns name that doesn’t match the cert being provided by the server.

  • @jay
    link
    fedilink
    English
    11 year ago

    You could point the DynDNS to your first server, generate a valid SSL certificate with letsencrypt, then move DynDNS and the certificate to the new server.

    As per your update, the problem with the server is generating certificates, right?

    • @PlutoniumAcid@lemmy.worldOP
      link
      fedilink
      English
      11 year ago

      Yeah, the problem is that the server is down supposed to do it all on its own and when that doesn’t work there’s no good way to hack it without confusing the clever system… It would then be forever a manual process.

      Better to let the Yunohost Dec’s sort it out internally.