server certificate problem



  • Hello. I ran into the problem of determining the certificate by the browser. I will explain everything in order. I have two servers: one running Nextcloud, the other running Proxmox + pfSense. Some time ago I only used one pfSense on the second server. A certificate was obtained for the Nextcloud server from LetsEncrypt and installed successfully. My cloud worked great both internally and externally. As soon as I installed pfSense on the virtual machine, access from the local network (I tried both single-net and different subnets) to the cloud stopped: the browser swears about the mismatch of the certificate, which turned out to be self-signed from pfSense. With external access to Nexcloud, there is no such problem with the certificate. Help me solve the problem, please.


  • LAYER 8 Global Moderator

    Access the server via its local IP, just setup a host override to resolve the fqdn to the local IP vs trying to do nat reflection. Which you would have to setup if you want to go that route, but the host override is better choice.



  • Thanks for the answer, but I don't understand something. I created a rule for Nat, port forwarding. I tried to ping the server using fqdn from the local host and see the local address of the server. From the browser, I can see the server both by the local ip and by the full name. But only the certificate is different, not the one installed on the server. Does the router change the certificate when processing a packet? At first glance, it is.


  • Netgate Administrator

    If you are hitting the pfSense self-signed cert when testing internally you need to do one of this things shown here:

    https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

    Steve



  • @stephenw10 , Thank you very much for the direction to the necessary information. According to the documentation on the link, I configured DNS forvarder properly, rechecked the settings of all hosts. Oh, miracle !!! Some had a DNS server 8.8.8.8. I fixed it and it worked. Thank you very much for your support!


Log in to reply