I set up SSL certificates for my internal services behind Traefik, but I was having some issues obtaining the certificates. I ended up having to add this line in my Docker compose file to bypass PiHole which is controlling the internal hostnames for my domain:

- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53

After adding that, I was able to successfully pull a cert. The issue is, I have a firewall set up that blocks DNS requests from everywhere except my DNS servers (PiHole), so I had to pause that rule temporarily to get the request to go through.

Wondering what I can do here (if anything) to resolve this without having to disable my firewall rules regularly.

  • MangoPenguin
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    Create a new rule on the firewall to allow DNS requests to cloudflare from that host only.

    • WASTECH@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      That is what I ended up doing temporarily, but I think I will just make it temporarily permanent. I could likely set up another Docker container to run a DNS server connected to a DoH resolver, and use that container as the DNS server for Traefik, but that’s a lot of work.