this post was submitted on 31 Jan 2024
5 points (85.7% liked)

Selfhosted

60366 readers
609 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I set up SSL certificates for my internal services behind Traefik, but I was having some issues obtaining the certificates. I ended up having to add this line in my Docker compose file to bypass PiHole which is controlling the internal hostnames for my domain:

- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53

After adding that, I was able to successfully pull a cert. The issue is, I have a firewall set up that blocks DNS requests from everywhere except my DNS servers (PiHole), so I had to pause that rule temporarily to get the request to go through.

Wondering what I can do here (if anything) to resolve this without having to disable my firewall rules regularly.

you are viewing a single comment's thread
view the rest of the comments
[–] theit8514@lemmy.world 1 points 2 years ago (1 children)

I would start by testing if you can resolve acme-v02.api.letsencrypt.org from the PiHole and if not, see what you need to unblock that.

[–] theit8514@lemmy.world 1 points 2 years ago (1 children)
[–] WASTECH@lemmy.world 1 points 2 years ago

Did some more testing to get some details. The error I am getting from Traefik is that Cloudflare cannot create the record because it already exists (PiHole already has the entries). If I delete the records from PiHole, Traefik can then create the TXT records in Cloudflare.