Confused adding Cert to UNIFI Controller sub-domain

lslamp · September 26, 2022, 2:31pm

I ran this command:
certbot certonly --standalone -d icanunifi.e2snail.com

It produced this output:

# #

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for icanunifi.e2snail.com
Performing the following challenges:
http-01 challenge for icanunifi.e2snail.com
Waiting for verification...
Challenge failed for domain icanunifi.e2snail.com
http-01 challenge for icanunifi.e2snail.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: icanunifi.e2snail.com
Type: connection
Detail: xxx.xxx.xxx.xxx: Fetching
http://icanunifi.e2snail.com/.well-known/acme-challenge/-pYodsIrfP3u1JIBUoBqzxVzu-ZJ9Q6iTKiRlkSYCyo:
Timeout during connect (likely firewall problem)

# #

My web server is (include version):
Unifi Controller (built in web server)

The operating system my web server runs on is (include version):
Ubuntu 22.04

My hosting provider, if applicable, is:
N/A but Delta

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

I have been following the instructions provided on the following link.

The issue that I am facing is that I am running my Unifi Controller on a local VM running behind a USG gateway. The gateway has a static ipaddress.
I have added the DNS entry in the zone file for the domain e2snail.com. The URL icanunifi.e2snail.com points to the public ipaddress of the static how ipaddress.
If I open the URL https://icanunifi.e2snai.com:8899 then I can login to my controller. When I try to follow the instructions provided I an told that there is a potential firewall issue.

As suggested I added the entry for the local ipaddress pointing to the sub-domain into my /etc/hosts file.

this shows as
192.168.1.1 icanunifi.e2snail.com (gateway)
192.168.1.128 icanunifi.e2snail.com (server where the unifi controller software is installed on)

I have also opened my firewall on the controller to allow both pot 80 and 443 access to the internal VM from the outside.

There is no firewall installed on the internal VM.

What is blocking the response. Is there a way to change the port to 8899 where the controller is responding on?

Thanks
Lawrence

Bruce5051 · September 26, 2022, 2:41pm

Check here for possible help with UniFi Let's Encrypt on Ubiquiti's UniFi

lslamp · September 26, 2022, 2:52pm

Thanks for replying mate, I have managed to figure it out.

The fix is to remove the gateway reference from the hosts file.

So my hosts file now only has 192.168.1.120 icanunifi.e2snail.com

Lawrence

system · October 26, 2022, 2:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.