My acme.sh docker setup seems to have attached itself to my router instead of my home server. So, my Dynu domain leads nowhere, except when SSH access leads to the router. In the past, Port Forwarding from the router to the server's IP worked fine, but doesn't anymore. I'm confused since the router can't access the server's IP. I'm not sure why ufw on the server doesn't seem to open the ports. I'm also not sure about what options I need to configure without screwing everything up.
does acme update your Dynu IP ?
No, it does not. I use DietPi's DDNS client.
How do I stop my router's "certs" from overwriting my domain's certs?
the router only use untrusted self signed certs, if you're not getting that kind of errors, the router shouldn't be blamed.
Alright, then I assume the problem here is either:
- The domain's address is attached to my ISP's address, which leads to the router.
- Something's wrong with my port forward config.
I still can't figure out a solution. Using curl on my server's domain leads to "Rejected request from RFC1918 IP to public server address".
Are you trying to access a server in your network from within your network using your domain name which is set to your public IP?
Yes. My domain name seems to be attached to my public IP, which leads to my router. However, my static IP should lead to my domain as before, but does not. Trying to reach my static IP or domain name seems to lead me to an "Unable to connect" error page when in my network, and "PR_END_OF_FILE_ERROR" when outside my network.
that's kind of expected of a public dyndns FQDN, but you can override it in your local LAN dns.
static IP where ?
there's no fw on the LAN, if there is, you need to provide a sketch for your network.
- I'm not sure how to do that.
- Since I gave a static lease to my domain in LuCI, I hoped that would be sufficient.
- I don't really understand this, so I provided the port forwards I have right now, that worked before. My HTTP port is nonstandard, but I didn't think it would affect anything.
- if set up like this, the FQDN will resolve to your public IP when outside your LAN, and the internal IP when inside. Just make sure your clients use your router's DNS server.
then the other part of what I wrote needs to be taken care of.
on a client, run nslookup your.FDQN.abc and nslookup your.FDQN.abc 192.168.1.1.
are the IPs returned the same ?
if using a browser to access whatever you're trying to access, make sure Secure DNS is disabled.
The nslookup queries did show different IPs, but then I made them equal by setting my DNS to my router's DNS.
Even when I switched my system to use the same DNS as my router, checked if the Secure DNS is off, and such, I'm still not sure why I'm unable to access my server and all its pages. All the same "Connection Refused" errors as usual.
from where ?
1 Like
I use my desktop, which is connected to the router directly by Ethernet. On my phone, I have a VPN which also doesn't show my pages, probably because of the certificate not matching, or something. All my pages are bound to wildcard versions of my domain.
assume you've also tried https://192.168.1.147 ?
this shouldn't be a router issue though, since it's not involved in any client <> client traffic on a LAN.
Oh. Well, that address also doesn't work, which leads me to believe my system is screwed and I would need to start over from scratch. I recently had my modem replaced, which didn't change anything, so I'm wondering if there's any configs I'm missing. If not, apologies for wasting your time. I always did have trouble with port forwards on my router since moving to OpenWrt.
there's nothing to troubleshoot in openwrt, if you can't get it to work within your own LAN ..
3 Likes