Certbot
-
@alex-olynyk remove roseradiology.com from your local DNS complerely, then try again after flushing DNS. I bet it works.
-
@aaronstuder removed and flushed but no change
-
@alex.olynyk Did you remove all records, or just the owncloud one? You have to remove the whole domain.
-
Unless I completely misunderstood something in the beginning, the OP indicated that he had roseradiology.com on his internal DNS as well. So working from that, I gave the above response.
Now that we see that he does not have that already in place, I would agree, avoid it if at all possible - but you have to make sure things work first.
This means making sure his firewall/router supports hairpin routing.
It works as follows:
an internal client makes a request for the IP to OC.roseradiology.com, which is responded to from the internet DNS server with an IP on his firewall (assuming the OP is using NATing).
The client then tries to connect to that IP, which is on the outside of his firewall.
The firewall gets a packet and realizes that it has a rule that says this packet needs to go back inside the network to the designated internal IP (cisco PIX firewalls can NOT do this). Assuming this works - the traffic is sent back inside the network
and all is fine. -
@aaronstuder
removed domain -
@Dashrender things do work if I use 2 different URL's
-
@alex.olynyk said in Certbot:
@Dashrender things do work if I use 2 different URL's
How does file sharing work that way?
-
dont know. havent put into production yet
-
@alex.olynyk said in Certbot:
dont know. havent put into production yet
LOL, so how do you know that things will work
The links that are generated by the system will only work to one or the other group (internal or external) is the expectation. -
honestly dont know, this has been placed in my lap to get working
-
OK @alex-olynyk did add roseradiology.com, but not in the correct place. As such, it never worked as desired.
-
@alex-olynyk
now that you've removed that, what do you get when you ping owncloud.roseradiology.com? -
-
is that IP address on your firewall?
-
@Dashrender yes, it works from the outside. Our FW is managed by Windstream so unsure what you are asking
-
@alex.olynyk said in Certbot:
@Dashrender yes, it works from the outside. Our FW is managed by Windstream so unsure what you are asking
You're firewall is manged by Windstream? huh - didn't know they did that.
You need to call them and ask them to turn on hairpin routing in the firewall/router/cablemodem/router, whatever it is.
If they tell you that they can't, then you will have to use Split Horizon DNS to solve this problem.
-
@Dashrender which means create a DNS zone called roseradiology.com and add records for my public servers?
-
@alex.olynyk said in Certbot:
@Dashrender which means create a DNS zone called roseradiology.com
yes
and add records for my public servers?
no
You'll add a brand new zone to your DNS servers (make it AD integrated) and then add in all the records that exist in the internet based one, but you'll change the IP from external live IPs to the IPs that are used by those services inside your network.
So for ownCloud you'll do:
A record Owncloud : 192.168.128.10
-
@Dashrender our mail server is hosted POP so that's accessed via mail.roseradiology.com
no internal IP address for that -
@alex.olynyk said in Certbot:
@Dashrender our mail server is hosted POP so that's accessed via mail.roseradiology.com
no internal IP address for thatThen for that one you will still use the external IP, but you WILL have to put in a record in your local DNS.
I have lost track of how many times you have been told this is the correct answer.
