I ran this command: certbot certonly --nginx -d panel.rvm-mc.com -d node.rvm-mc.com
It produced this output: succesfully generated certificate
My web server is (include version): nginx v1.22.1
The operating system my web server runs on is (include version): Ubuntu server 22.04
My hosting provider, if applicable, is: Cloudflare for DNS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot v1.21.0
I have installed Pterodactyl and Wings according to the documentation on Pterodactyl.io.
I also have generated two certs using certbot.
One for the panel and one for the node. The panel cert is for panel.rvm-mc.com and node is for node.rvm-mc.com, which both point via A records in Cloudflare (not behind proxy) towards my pubic IP. My router then forwards the proper traffic to the server.
The panel works and is encrypted with a cert, but with wings I get this: Pterobin The command I used to generate the certs is certbot certonly --nginx -d panel.rvm-mc.com -d node.rvm-mc.com , but it keeps generating a cert for "mediarouter.home" or at least Wings keeps saying that.
Does anyone have any experience with this or has encountered this in the past?
As for the mediarouter.home name, I came to that conclusion by this error that Wings (pterodactyl proccess) gave me when trying to start up: Get "https://panel.rvm-mc.com/api/application/nodes/1/configuration": x509: certificate is valid for mediarouter.home, mediarouter1.home, mediarouter2.home, mediarouter3.home, not panel.rvm-mc.com
The site you send tells me that that common name does not match on the cert for node.rvm-mc.com. I don't know why that would be.
Because the server block in nginx that handles that domain name is using a cert which only has the panel domain name in it. At one time you issued a cert with both names in it but not anymore. You are just getting certs with individual names. That's fine but then each name needs its own nginx server block for its own cert.
At one time you even got an ECDSA / E1 wildcard cert for *.rvm-mc.com,rvm-mc.com. Probably by trying to proxy your DNS in Cloudflare.
II have generated a single new cert for panel.rvm-mc.com and node.rvm-mc.com. the SSL checker site does not report any errors anymore and my webserver is up and running again. I still seem to get the same error as mentioned in my original post (the mediarouter.home error)
Output of certbot certificates is now this:
Found the following certs:
Certificate Name: node.rvm-mc.com
Serial Number: 3fabe110e5c9d065e526f873abb756fa9bd
Key Type: RSA
Expiry Date: 2023-07-08 17:16:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/node.rvm-mc.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/node.rvm-mc.com/privkey.pem
Wings is a service written in Go that interfaces with Docker and the Panel to provide secure access for controlling servers via the Panel. This image taken from their website provides a nice layout of the different systems.
I dont know if its of any relevance, but looking a bit deeper into google, it seems that his mediarouter.home behavour is indeed something to do with my router, more specifically with Huawei routers and the way it apperantly "evedrops" on HTTPS traffic. The given fix is... replacing the router with a different brand.
It seems that i can switch the firewall level between "Low" and "High". It was already on now. The tooltip that shows implies that there also should be an "Off" option, but that is nowhere to be found. Im guessing my ISP removed that.
I also have three other options, which are all turned on. These are ICMP flood protection, SYN flood protection and ARP Attack protetion. None of these have any effect it seems.