I set up SSL certificates for my internal services behind Traefik, but I was having some issues obtaining the certificates. I ended up having to add this line in my Docker compose file to bypass PiHole which is controlling the internal hostnames for my domain:
- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
After adding that, I was able to successfully pull a cert. The issue is, I have a firewall set up that blocks DNS requests from everywhere except my DNS servers (PiHole), so I had to pause that rule temporarily to get the request to go through.
Wondering what I can do here (if anything) to resolve this without having to disable my firewall rules regularly.
Create a new rule on the firewall to allow DNS requests to cloudflare from that host only.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption
[Thread #470 for this sub, first seen 31st Jan 2024, 14:55] [FAQ] [Full list] [Contact] [Source code]
I would start by testing if you can resolve acme-v02.api.letsencrypt.org from the PiHole and if not, see what you need to unblock that.
Did some more testing to get some details. The error I am getting from Traefik is that Cloudflare cannot create the record because it already exists (PiHole already has the entries). If I delete the records from PiHole, Traefik can then create the TXT records in Cloudflare.
deleted by creator