I would nominate you for being the first person to receive a third arm - so you can keep clicking without missing a single beat as you eat
But seriously... You are almost single handedly keeping the fast-food small business franchises of America in business!
Keep up the good work.
~This has been a lame attempt at an unpaid non-political advertisement~
~Remember to Vote early and Vote often~
~Americans for American FFSBF US National Development Organization LLC is solely responsible for its' content and views or lack thereof~
We will now return you to our regularly scheduled topic...
Does your DNS service provider support updates via DNS? I got my certificates from Ionis have no idea what this question means or how I would find the answer. They provided the DNS as far as I am aware
Do you have a static Internet IP (home ISP)? I have BT Broadband have nothing specifically assigned as an external static IP for anything at my home. Obviously I use static addresses in my Home Network.
Can you spell DNS? Yep Doh
OK ^that^ was a trick question [the question spelled it out for you] and can be skipped
Does your ISP allow port 80 (HTTP)? No idea how do I find out
Does your ISP allow port 53 (DNS)? No idea how do I find out
Can your router port forward 80 (TCP)? It has pages for configuring port forwarding rules in its advanced setting . Smart Hub 2 from BT
Can your router port forward 53 (TCP and UDP)? I can set TCP,UDP or both
And just so we are crystal clear:
Do want get a cert for a device that will only be accessed from your internal network only or also from the Internet?
Then these additional details:
Q1. Who is your DNS provider (for your domain: pjrawlings.co.uk)?
Q2. We can make it work with static or dynamic (static is just a lot simpler).
More on that later...
Q3. DONE
Q4+Q6. We need to test this.
You would need to port forward (TCP 80) in to an internal device that is listens (on any port) for HTTP type connections.
Q5+Q7. We also need to test this.
You would need port forward (TCP+UDP 53) in to an internal device that "can" listen to DNS type requests.
It would be helpful if your router has some logs to see if it gets these requests.
Here "can" means it doesn't have to have a full time DNS server running. We can bring up the acme-dns when needed.
Q6. relates directly to Q4
Q7. relates directly to Q5
Q8. Excellent!
Answer the additional question at the top of this post and then we can go from there.
Now we need to know if IONOS supports DNS updates via API.
If yes, the we go that route.
If no, then we need to know if your ISP allows port 80 (HTTP) OR port 53 (DNS).
[either one will work (DNS may be simpler in the long run) - provided your router can port forward them]
I will contact Ionos tomorrow for some bizarre reasonm they dont supply email support and only use phone.
Can you expand a little on "does my ISP support Port 80 or 53" . I assumed that all HTTP came through 80 so they must support it. So what do you mean by does my ISP allow port 80 . Allow what and can I test either of these. I really want to learn so please dont assume I know anything .
OK you need to make an entry there "HTTP" for port 80 external to port 80 internal for TCP.
Then repeat that for any other ports that you might want to secure (like "HTTPS" 443 TCP).
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kodi.pjrawlings.co.uk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. kodi.pjrawlings.co.uk (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for kodi.pjrawlings.co.uk
We're making progress.
The port forwarding looks good (the HTTP label for 443 could be HTTPS - but that's just a label).
The error:
Means there is no DNS entry found for that name.
Have you made an entry in your global domain DNS for it?
Nevermind, I see you did:
Name: kodi.pjrawlings.co.uk
Address: 192.168.1.4
That IP will not work for HTTP validation.
You need to change that to your real (external) Internet IP.
That is the IP the world will go to to find your kodi device.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Sorry, I should have reread through the posts before moving in the most likely direction...
OK, so even though you only want this to be accessed from the Internal network we still need some way to authenticate the certificate request.
Let's use HTTP (port 80) for that. Please remove the HTTPS port 443 forwarding entry in your router - the world doesn't need to access your kodi device.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]