Hi all,
I’ve been banging my head against the wall for a few days trying to figure out DNS… I’m trying to use cloudflare and have set up an account but the crux of my issue seemed to be that there should be a string in the DNS TXT record which I’m not sure where to find, leading the ACME challenge to fail dns-01 challenge when attempting to create certificate via the wrench. I just don’t want to delete the localhost one because I’ve found this part quite confusing and would rather deal with the Untrusted Cert thing than have none at all… I’ve tried following the official guides but there is no mention of where the challenge phrase is given from what I could find.
EFAULT] Certificate request for final
order failed:
Authorization for identifier Identifier(typ=IdentifierType(dns),
value='RED.ddns.net') failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01
Error information:
- Type: urn:ietf:params:acme:error:dns
- Details: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.RED.ddns.net - check that a DNS record exists for
this domain
Authorization for identifier Identifier(typ=IdentifierType(dns),
value='www.RED.ddns.net') failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01
Error information:
- Type: urn:ietf:params:acme:error:dns
- Details: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.www.RED.ddns.net - check that a DNS record exists for
this domain
The
certificate is self-signed. Users will receive a warning when accessing
this site unless the certificate is manually added as a trusted
certificate to their web browser. You can fix this error by buying a trusted SSL certificate
None
of the common names in the certificate match the name that was entered
(RED.ddns.net). You may receive an error when accessing this site in a
web browser. Learn more about name mismatch errors.
Common name: localhost
SANs: localhost
Organization: iXsystems
Location: Maryville, Tennessee, US
Valid from February 28, 2024 to March 31, 2025
Serial Number: 860848886 (0x334f82f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: localhost
With that said, I think I somehow may have signed one or more correctly by accident lol, and it seems perhaps the localhost cert may be causing issues for the correctly signed ones.
I can access my apps via forwarded ports but I’d like to get rid of the ‘The website’s owner couldn’t be verified - Proceed (Accept the risk)’ thing… I was also getting I think it was SSL_too long…
In the first image the full red is the exact name, lighter is in caps, and lightest has a misspell, blue is just personal info.
In any case, I love my TrueNAS server so much and would love to make better use of it!
Kind regards to all and appreciate any assistance!
OS Version:TrueNAS-SCALE-24.10.1
Product:System Product Name
Model:Intel(R) Core™ i7-3770K CPU @ 3.50GHz
Memory:31 GiB
System Serial:System Serial Number
Theme: ix-dark
GUI SSL Certificate: truenas_default
Web Interface IPv4 Address: 0.0.0.0
Web Interface IPv6 Address: ::
Web Interface HTTP Port: 81
Web Interface HTTPS Port: 444
HTTPS Protocols: TLSv1.2, TLSv1.3
Web Interface HTTP → HTTPS Redirect: Disabled
Usage collection: Enabled
Show Console Messages: Disabled