error ordering SSL

[maudy5]

Hello, I set up a subdomain and added the proxmox ip in the A record. I am trying to order an SSL certificate through proxmox and I get a TASK ERROR. The link sends me to a message about invalid dns, http-01, and no valid A records and AAAA records found. I double checked that the A record is set to the ip, but I don't know an AAAA address to add in the dns.

Is this an easy fix?
And how do you not enter the port in the web browser to access proxmox so it looks like a clean subdomain? Connecting to the proxmox uses a 192 168.... ip when connecting within the network, but a different one when on an external network (ip given by zerotier)

 

[oguz]

hi,

I am trying to order an SSL certificate through proxmox and I get a TASK ERROR. The link sends me to a message about invalid dns, http-01, and no valid A records and AAAA records found. I double checked that the A record is set to the ip, but I don't know an AAAA address to add in the dns.

please show the error message you receive.

Is this an easy fix?

probably

And how do you not enter the port in the web browser to access proxmox so it looks like a clean subdomain? Connecting to the proxmox uses a 192 168.... ip when connecting within the network, but a different one when on an external network (ip given by zerotier)

depending on your exact network setup, you can do port forwarding (from your router), or you could set up an nginx reverse proxy [0]

hope this helps!

[0]: https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

 

[maudy5]

I managed to have some success with the Nginx proxy and was able to connect with the browser risk warning. I tried the acme client on proxmox again and it showed the below. Would it be the same to try certbot commands in the cli to add an SSL that way? I am also wondering if people are using a subdomain with cert for internal network access or if just entering the ip:8006, or 2 subdomains can be used for an internal and external network.

On a side note I have also been trying to install Jellyfin but can't because I am missing directory /dev/dri
I've looked in a lot of places with no mention of how to get this folder installed. Has anyone has luck?

 

[aaron]

"Failed to initialize http daemon"
Do you have something already listening on port 80 on the Proxmox VE host or do you forward it to a guest?

 

[maudy5]

I ran this command: netstat -tulpn | grep :80

and the output was:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 23202/nginx: master
tcp6 0 0 :::8006 :::* LISTEN 1614/pveproxy

Is that normal?

 

[aaron]

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 23202/nginx: master

Is that normal?

Looks like there is an NGINX webserver installed locally on the Proxmox VE server. It is not part of a default installation, but you might have some reason for it to be there? Probably as a reverse proxy or something?

If you cannot remove the NGINX, you could try to use the DNS challenge for the certificates, if your DNS provider is listed.

 

[maudy5]

Just did a reinstall and nothing is listening on port 80 now. Is there a suggestion on what to put in for the subdomain's A record? I tried a few options, the local gateway at 192.168.x.x, and the ipv4 of the router I found in my wifi settings but they don't work. If I turn on Zerotier, it adds an internal IP but I think that IP can only be connected through from a zerotier client, so an ssl wont work with zerotier enabled, I believe.
It's probably a newb solution but I can't get a basic connect with the subdomains outside of the network and I'm guessing that's why the SSL won't register.

 

[maudy5]

I figured it out. For the subdomain use the ip of the main router.
Port forward 80 and 443 from router 1 to router 2.
Port forward 80 and 443 from router 2 to nginx proxy manager.

And from there nginx or proxmox can get the SSL.