I have been attempting to set up a RMM server using TacticalRMM on Ubuntu 20.04. I do not plan on making this public facing, yet it requires a cert.
I have set up Webmin on Ubuntu 20.04 server running Bind9 DNS Server -- I'm fairly new to all of this but here is how it is set up:
Two master zones created one for my domain, in this case [example.com] forwarding and another for 10.10.100 my subnet for reverse forwarding.
I have three address entries in both zones - [rmm-tactical.example.com], [api-tactical.example.com], [mesh-tactical.example.com] each pointing at the RMM server. [10.10.100.21]
I changed the DNS server on the RMM server to point to my Webmin Bind9 DNS server.
The problem that occurs is when running through the install I get to a lets encrypt portion -- it asks about the three separate entries and main domain:
Enter the subdomain for the backend (e.g. (https://api.example.com/)): [api-tactical.example.com]
Enter the subdomain for the frontend (e.g. (https://rmm.example.com/)): [rmm-tactical.example.com]
Enter the subdomain for meshcentral (e.g. (https://mesh.example.com/)): [mesh-tactical.example.com]
Enter the root domain (e.g. [example.com] or [example.co.uk]: [example.com]
I get past this point then it asks:
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
tg2pUGffgCQeojg58V3Pw4jm3H5ZDQd2t3PxNLaflO0
I create a text record under the Master zone for [Example.com] named exactly "_acme-challenge.example.com" containing the value provided above.
I press enter on install and it errors Challenge failed....is this because its a local domain and letsencrypt is attempting to check with [example.com] on the internet and the text record does not exist there? It should be going through my primary LOCAL DNS server first at [10.10.100.10] (webmin Bind9)
Any insight on how to make this work locally? I do not want this exposed to the internet. This is part of the program install so I'm not really sure how to get past this.
Github for this project: https://github.com/wh1te909/tacticalrmm
The FAQ Page(FAQ - Tactical RMM Documentation) on github says:
Can I run Tactical RMM locally behind NAT without exposing anything to the internet?ΒΆ
Yes, you will just need to setup local DNS for the 3 subdomains, either by editing host files on all your agents or through a local DNS server.