this post was submitted on 13 Sep 2023
16 points (90.0% liked)

Selfhosted

40218 readers
904 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

TLDR:

  • Update: the server software has a bug about generating+saving certificates. Bug has been reported; as a workaround I added the local IP to my local 'hosts' file so I can continue (but that does not solve it of course).
  • I suspect there's a problem with running two servers off the same IP address, each with their own DNS name?

Problem:

  • When I enter https://my.domain.abc into Firefox, I get an error ERR_SSL_UNRECOGNIZED_NAME_ALERT instead of seeing the site.

Context:

  • I have a static public IP address, and a Unifi gateway that directs the ports 80,443 to my server at 192.168.1.10 where Nginx Proxy Manager is running as a Docker container. This also gives me a _Let's Encrypt certificate.
  • I use Cloudflare and have a domain foo.abc pointed to my static public IP address. This domain works, and also a number of subdomains with various Docker services.
  • I have now set up a second server running yunohost. I can access this on my local LAN at https://192.168.1.14.
  • This yunohost is set up with a DynDNS xyz.nohost.me. The current certificate is self-signed.
  • Certain other ports that yunohost wants (22,25,587,993,5222,5269) are also routed directly to 192.168.1.14 by the gateway mentioned above.
  • All of the above context is OK. Yunohost diagnostics says that DNS records are correctly configured for this domain. Everything is great (except reverse DNS lookup which is only relevant for outgoing email).

Before getting a proper certificate for the yunohost server and its domain, I need to make the yunohost reachable at all, and I don't see what I am missing.

What am I missing?

you are viewing a single comment's thread
view the rest of the comments
[–] PlutoniumAcid@lemmy.world 1 points 1 year ago (3 children)

Yes, I did. It appears that the server is not even providing any cert at all to the browser, which is why this fails.

This looks to be a problem within the Yunohost software that generates the self-signed cert, so nothing I can do about it from the outside. I have posted an error report to the Yunohost forum.

[–] SheeEttin@lemmy.world 4 points 1 year ago

I think if there was no cert at all, the server would fail to start in the first place.

Also I would consider trying to use openssl to see what's actually happening since the browser can sometimes obfuscate things in it's attempts to be helpful.

openssl s_client -connect :443

I'm with @SheeEttin@lemmy.world in that the server should fail to start if there was no certificate to load. It's more likely that the server is providing an invalid cert. Using the openssl command above would help you identify that.

That's odd. Do you not get the advanced option to proceed anyway and load the page?