UNraid ssl invalid certificate


#1

I setup unraid to get a ssl certificate and it worked fine for the first day. When I tried https on my Unraid nas the next day it says certificate invalid. it only shows a invalid certificate on my desktop pc and my laptop, if i connect with my cheap android tablet it connects fine and its secure. Can anyone help me fix the connection on my pc/laptop? thanks David


#2

What’s your domain name? Can you try testing with https://www.ssllabs.com/ssltest/? Maybe you’re missing the intermediate certificate or something.


#3

I am new to all this all I have is https:192.168.1.2/Main which I thought would be secure but chrome browser in windows says the certificate is invalid? tried sslabs all i got was this:

Assessment failed: IP address is from private address space (RFC 1918)


#4

Where did you get your certificate from? Is it from Let’s Encrypt? Let’s Encrypt doesn’t issue certificates to cover IP addresses, and 192.168.1.2 is a private IP address on your LAN which no public certificate authority is allowed to issue a certificate for.

Even when you have a certificate, it matters what name you access the server by because the certificate lists specific names. So if you have a different way to access the server under a different name (or address), it won’t be valid if it’s not something that was explicitly listed in the certificate.


#5

I got the Lets Encrypt certificate in unraid, there is a option to click called provisioning, which when clicked gave me a certificate and allowed a secure connection it changes from https://192.168.1.2 to https://80cb532a3592ac93409f2e40c8251df4c295dbd2.unraid.net/Main then loads main page for unraid. I get a secure connection on my tablet so the certificate must be somewhere for it to work on my tablet?


#6

Which URL do you first type in on each device? Do you start at https://192.168.1.2/ and then get redirected to the other one?


#7

yes https://192.168.1.2/Main and it redirects to the other


#8

Hmmm! Well, I don’t know why one device is accepting the https://192.168.1.2/ because that’s technically going to be an invalid certificate (the Let’s Encrypt certificate definitely doesn’t list 192.168.1.2 as a valid name to use to reach the device). Maybe you previously added a certificate warning exception on one device but not on the other?

You could ask the Unraid people what they intend with this design, but my suggestion would be to bookmark the longer address on both devices so that you can easily go directly to it. The longer address is the only one that’s technically valid, so you should get better results if you skip the redirect step.


#9

thanks for the help I will see what the unraid people say :slight_smile:


#10

Unraid probably uses the dns-01 challenge to get a certificate for 80cb532a3592ac93409f2e40c8251df4c295dbd2.unraid.net, as there is a valid certificate from Let’s Encrypt for that hostname.

The IP address resolves to a private IP, which would work fine in @david2 own local network. And by using the dns-01 challenge, Unraid can issue certificates for subdomains under the unraid.net domain.

Unraid probably has some kind of API to their main servers so their NAS devices can request the appropriate token in their DNS servers.


#11

@Osiris Osiris any idea how i can correct the connection so it will work on my pc/laptop?


#12

I fixed it, just changed my dns server to googles 8.8.8.8, yes! thanks for help guys


#13

I have absolutely no idea why that would help!


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.