Subdomains on local lan behind primary synology DNS with reverse proxy configured


#1

Hi,

I am having some issues with using the following setup:

My domain is hosted at Afraid.or where I have also created the subdomains.

Unifi USG is configured to update ddns at Afraid with IP and to use Synology DNS as primary DNS server.

Synology server is configured as DNS server with master zone configured as TLD and then resources corresponding to Afraid subdomains.

I also have reverse proxy configured in Synology Application portal to point to my other servers on the local network.

I have created lets encrypt certificates using synology web interface for TLD as well as sub domains.

I have a linux (18.04 LAMP) box with 2 of the FQDN (subdomains) being used to run 2 applications (Zoneminder &; Traccar)

I am however now stuck as when I try to go to the hostname traccar. domain.com I get ssl error stating that the issuer of the certificate is ubuntu. When I try and run certbot on the linux box I get:

CODE: SELECT ALL

Domain: traccar.[i]domain.com[/i]
   Type:   unauthorized
   Detail: Invalid response from
   http://traccar.[i]domain.com[/i]/.well-known/acme-challenge/hBJoFjgJJ9iiWfNV1u_3qhbD_Fp1bCZexgjuL4f1K7E:
   "<!DOCTYPE html>
   <html>
   <head>
   <meta charset="utf-8">
   <style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I use port forwarding on my USG to open 80 and 443 and point these to my Synology NAS

Can someone point me in the right direction of how this should be configured?


#2

Do any of the subdomains show the proper LE cert (from the Internet)?

If so, how did you get those configured to work?
Did you configure the Synology to forward all TLS traffic to one IP?

If not, then they are all failing… and it would seem that the Synology needs to reverse proxy based on SNI.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.