Hosting websites on DMZ gives cert error from LAN
-
Hello everyone,
I'm currently hosting to personal websites at home on a DMZ, both are in containers and another container act as reverse proxy thanks to Nginx. On the reverse proxy Let's Encrypt takes care of the certificates for me.
When I access my websites from the outside of my LAN (from WAN) everything works perfectly but if I want to access it from inside the LAN I have an error because the certificate is wrong.
The error is: SEC_ERROR_UNKNOWN_ISSUERWhen I displays the certificate it says it has been delivered by PFSense instead of Let's Encrypt?
Maybe it's dumb but I can't figure it out, i'd be happy to have some help...
-
@notarobot Just to make sure and to rule out, are you also using pfBlockerNG?
-
Nope !
-
That sounds like you're connecting to the pfSense GUI. Split DNS will avoid the router altogether. Is your web site hostname resolving to the WAN IP of the router, and if so is NAT reflection enabled for that rule?
-
https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
-Rico
-
@Rico No success with solution 1. I want to try Solution 2 but PfSense is not my DSN Resolver, I use a containerized PiHole.
-
@notarobot said in Hosting websites on DMZ gives cert error from LAN:
I use a containerized PiHole.
So pfSense is just the router. Not the DNS.
And you're telling us that pihole can't do something as a "host override" ?I'm willing to bet it can. So solution 2 is (always) possible.
-
@Gertjan said in Hosting websites on DMZ gives cert error from LAN:
I'm willing to bet it can. So solution 2 is (always) possible.
So what I did was editing the Pihole's /etc/hosts file and adding:
X.X.X.X my.domain.nameI launched gravity.sh (specific to PiHole) and it seems to work.
Does it seems like the right thing to do ?
-
@notarobot said in Hosting websites on DMZ gives cert error from LAN:
Does it seems like the right thing to do ?
This is the moment that Iwould advise to check up with pihole manuals/forum/faq/.
So I'll to that ;) -
This post is deleted!