unRAID letsencrypt

I’m aware I’m not filling in the sheet, but it is not applicable for me.

I run a unRAID server and would like to remotely access certain docker containers (Emby and Ombi).
I’ve followed a guide (https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/) but ran into an issue.
unRAID runs on ports 80 and 443, thus forcing me to place different ports on letsencrypt.
This would not be an issue if I could simply forward an external port to a different internal port (say port 444 to 443). Alas, my ISP does not provide this. The router you’re forced to use has no such option.

Are there any workarounds?
Sorry for the wall of text, thanks for reading

Thorn

  • Use a DNS challenge
  • Run unRAID on different ports. Mostly port 80, as that one is used for the http-01 challenge
2 Likes

Hello

Thanks for the quick response.
I’ll look into the DNS challenge, as I have no idea what it contains.

I’m not entirely sure what you mean by the second one. And if I have to run it mostly on 80, wouldn’t this still cause the same issue?

Sorry for all the questions, I’m no networking expert.

So I've done some searching about the DNS challenge but I can't really figure it out.
I suppose I'll need something like acme.sh or acme-dns?
How do I progress onwards though? Do I still only need something like DuckDNS, the basic Letsencrypt docker and NGINX?
From what I understand the DNS challenge is so that you confirm you own the DNS domain (?) and for some reason this is done on port 80. So how can something like the aforementioned programms circumvent this?

Really sorry about the incompetence, I appreciate all support!
Thorn

DNS authentication does NOT involve port 80.
It is done completely via DNS.
A new TXT record would need to be created in the Internet DNS zone for the requested FQDN.
There are APIs that can help automate the process but it depends largely on the DNS provider in use.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.