perryaj 0 Posted ... Hello, New user here with a similar problem, big fan of the service so far. It would help me if this could be dummied down a little. Similarly to OP, this setup works for regular http: webserver > airvpn? > airdns > user Goal: I would like to be able to accomplish this with https (webserver > airvpn? > airdns > cloudflare hostname > user) where each phase is encrypted. Problem: I am unable to register a certificate using the records in the background section. I think I misunderstood what you meant Background: My webserver (cosmos server) expects a hostname and allows you to use letsecrypt with your hostname (and it's subdomains) to encrypt connections with tls. Their documentation has you open a port on your router, then point your domain to your router with these records: A my.domain.here my.ip.address.numbers CNAME * my.domain.here It was working in this configuration. But in an effort to increase security (not a fan of opening up my router to attacks), I'd like to use port-forwarding instead. From the information in this thread I've ended up with these DNS records: CNAME my.domain.here subdomain.airdns.org CNAME * my.domain.here I am requesting a certificate for my.domain.here and it's subdomains (*.my.domain.here). Error: When I try to register a certificate I get this error: cloudflare: failed to find zone airdns.org.: ListZonesContext command failed: Invalid request headers (6003) Googling this error has not turned up many good results, but the error makes sense, I don't own your domain! Questions: First off, is this setup what you meant? Second, is there a way I can change my records to get past this error? Finally, do I need this at all? I can disable https all together but am not clear of the security ramifications (maybe your tls connection with the user is enough). Quote Share this post Link to post
Staff 10014 Posted ... @perryaj Hello! You must not renounce to HTTPS. Explanation and solution has been provided by @OpenSourcerer in the first answer to the OP on this thread, please see here: https://airvpn.org/forums/topic/55424-nextcloud-server-behind-airvpn-problem-with-ssl/?do=findComment&comment=214209 Kind regards Quote Share this post Link to post
OpenSourcerer 1441 Posted ... Please open your own thread in the future and link to information you found elsewhere. 16 hours ago, perryaj said: First off, is this setup what you meant? Second, is there a way I can change my records to get past this error? Just follow what I wrote: Use your own domain, then set a CNAME for yourdomain.tld and *.yourdomain.tld to the DDNS name of AirVPN, then issue a certificate for yourdomain.tld. The error you get is because you are trying to issue a cert for airvpn.org which is of course not your domain. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post