Unraid ssl invalid certificate

Hi, I created an ssl certificate in unraid using the built-in letsencrypt option and it woked perfectly
Now that I have changed my wifi router to google wifi I am getting he 'this site cannot be reached error.

Is there something I need to do to refresh the certificate?

I did try and run the address through https://www.ssllabs.com/ssltest and that gave me this error:

Assessment failed: IP address is from private address space (RFC 1918)

I can access the server using the ip address

2 Likes

Hi and welcome!

Global DNS is for globally routed IPs.
When you publish an RFC 1918 (private) IP in the global DNS space it becomes unusable by anyone without direct access to your private network.
That is why the SSL Labs test failed - it can't reach your IP.

Now to answer your question:

That depends entirely on how you obtained the current certificate.
Which begs the question: How did you (obtain the current certificate)?
Feel free to be detailed, or better yet, also answer the "form" that should have been presented to you when you chose the "Help" category:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

@pihldg

Welcome to the Let's Encrypt Community, Phil :slightly_smiling_face:

Nice profile picture!

rg305 is right on target. If you're going to use http-01 authentication to receive a certificate, you'll want to have your publicly accessible IP address (from your ISP) as the value of the A record in your DNS for your domain name. In that case, you'll want to forward the traffic accordingly to be sure your webserver answers for port 80 of that public IP address.

You could use dns-01 authentication instead, which requires creation of TXT records in your DNS, but allows you to continue using a private IP address as the value of your A record in your DNS.


@rg305

There's some of the answer.

1 Like

I have to admit, this is my first dip into the world of SSL certificates so I feel a little out of my depth. I tried to answer the help questions as best I can but I wasn't sure of the answers.

Would this be what you mean by domain name:
https://52be830d33c939c0e8e6705709b80c5a27de8be3.unraid.net/

On unraid, there is an option to create a certificate via letsencypt. I took this option and was issued a certificate which worked fine until I changed my wifi from virgin media to google so I'm assuming that's the change and that's the issue.

I realised that the reason I got an issue with ssllabs is because I don't want or need my server to have a public ip address. It was just something I tried as I thought it might give some more details.

The certificate is granted via the options page here:

2 Likes

Your domain name is the domain you bought from a registrar - yourdomain.net, yourdomain.com, whatever - just like letsencrypt.org (this site). It also includes any subdomains you may have created (i.e.: community.letsencrypt.org)

It you provide the domain name(s), help is so much easier to get as no one is trying to figure out what's wrong with the car without raising the hood. :wink:

1 Like

@JimPas I appreciate what you are saying and thank you so much for trying to help.
It's what I understand by a domain name but I have never bought a domain name. Before I got the certificate the server name locally was \tower\ which presumably was mapped locally to the static ip address I have inside my network for the machine. After getting the certificate issued, I still used the same \tower\ which then redirected to the secure url I posted earlier and then as if by magic redirected to my local server at that ip address, with that url in the address bar. Does that make sense? I'm not sure how else to describe what happens or what other information to provide.