Trying to get a certificate for a domain that is being host on a DSM Synology NAS.
This NAS is behind a Pfsense firewall and the firewall thru a DMZ to my Xfinity modem/router.
Any idea?
Q1: What port(s) are presently being served to the Internet?
Q2: Is there a routable IP for a resolvable FQDN in use?
[I do see a label "www" but only see RFC1918 IP addresses]
Q3: Have you considered using DNS authentication instead of all the port-forwarding required for HTTP(S) authentication?
So I have port forward on the Xfinity and on the Pfsense several ports 80,81,443,53
so my public IP is being use on the NAS with DDNS (mre.synology.me) and this DDNS points to my public IP
on my DNS records I have
A www (my public ip)
CNAME _domain 1977mre.com
CNAME _domainconn mre.synology.me
If you go to the domain 1977mre.com you will access the page, but no certificate
Your question 2 and 3 , if not answered, maybe are above my knowledge. I have make work all this
testing and Googling
regards
You got a certificate on Sep19 with just the domain mre.synology.me in it. That works correctly for HTTPS requests to that domain. But, HTTPS requests to www.mre.synology.me fail as that name isn't in that certificate. You need to review the method used to get that cert and request both domain names. See that cert here: crt.sh | 21142755422 and notice just the one name in the Subject Alternative Name (SAN) section.
Note that both those names have the public IP in them. There is no CNAME involved. Nothing wrong with that I am just making it clear no CNAME is involved.
mre.synology.me. 76 IN A 73.201.141.115
www.mre.synology.me. 7 IN A 73.201.141.115
The domain 1977mre.com is a very different story. That also is not CNAME'd but is using what looks like a redirect service. My first guess is that is the GoDaddy Domain Forwarding feature but many others offer similar services.
Thanks Mike, I will work on this. I appreciate your help.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.