Cert is applied and DNS setup to work correctly internally.
CF Cert gets applied but still get warning, figured I'd wait / verify cache all that and still not trusted.
Others I've done work fine...
The difference from what I can see is the local host dns names are different -
Test lab setup with a fqdn on the hosts and cluster - this one:
single host: pve.location.lan
ssl cert: pve.location.domain.com
This cert is setup with the correct domain and it works and resolves over the tunnel but still not trusted.
Only difference from the other one I have working is R3 originally now R11 vs R10
Know I'm missing something easy... stumped -
Was thinking of possibly just inspecting the cert via openssl debug
openssl s_client -connect pve.location.domain.com:8006
output looks the same as the good one.
Next I'll work on just putting a traeffic / nginx rprox in front of it to clean it up, unless someone sees an obvious error....
----- Update -----
Found my error cert was fine - but was using a shortened name for my resolution in tunnels - thus causing the cert error...
Dumb mistake
resolving via
pve.location.dom.com
vs
pve.location.domain.com
CF Cert gets applied but still get warning, figured I'd wait / verify cache all that and still not trusted.
Others I've done work fine...
The difference from what I can see is the local host dns names are different -
Test lab setup with a fqdn on the hosts and cluster - this one:
single host: pve.location.lan
ssl cert: pve.location.domain.com
This cert is setup with the correct domain and it works and resolves over the tunnel but still not trusted.
Only difference from the other one I have working is R3 originally now R11 vs R10
Know I'm missing something easy... stumped -
Was thinking of possibly just inspecting the cert via openssl debug
openssl s_client -connect pve.location.domain.com:8006
output looks the same as the good one.
Next I'll work on just putting a traeffic / nginx rprox in front of it to clean it up, unless someone sees an obvious error....
----- Update -----
Found my error cert was fine - but was using a shortened name for my resolution in tunnels - thus causing the cert error...
Dumb mistake
resolving via
pve.location.dom.com
vs
pve.location.domain.com
Last edited: