Is the reason for renewal failure my use of dynamic DNS?
-
I am new to ACME certificates. I would like to be able to set these up with all my clients for whom I install Netgate routers.
Starting with my own I am now notified that my certificate cannot be renewed. I am wondering, whether it has to do with my using a wildcarded dynamic DNS name.
Also, I found that even if the dynamic DNS name of my router locally, when I try to access it that way, I get this:
“Potential DNS Rebind attack detected, see https://en.wikipedia.org/wiki/DNS_rebinding Try accessing the router by IP address instead of by hostname.”
-
@DominikHoffmann said in Is the reason for renewal failure my use of dynamic DNS?:
the dynamic DNS name of my router locally
That is the DDNS name as it is known to the 'outside' world, also known as the Internet ?
Easy : don't.
Use :
It's this domain name that you have to 'own' (actually : rent) and it's this domain name that you have to use with ACME to get a certificate from Letsencrypt that includes the "Subject Alt Names" like "pfSense.your-local-domain.name"
You can also ask for a wildcard certificate like "Subject Alt Names" :
*.your-local-domain.name your-local-domain.nameand now you can export the certificate and use it also for your NAS :
NAS.your-local-domain.name
and your printer :
printer.your-local-domain.nameThat is : both the NAS and 'printer' need to have some sort of GUI that permits you to import the certificate you've exported from pfSense.
@DominikHoffmann said in Is the reason for renewal failure my use of dynamic DNS?:
Starting with my own I am now notified that my certificate cannot be renewed
And the reason was ?
The acme package logs a lot, full with details mentioning everything that goes well, and also what doesn't go well. The latter will interest you.
It's here : /tmp/acme/[domain account]/ and look for the file that has the log extension.
