Issue with Traefik SSL and PiHole

I set up SSL certificates for my internal services behind Traefik, but I was having some issues obtaining the certificates. I ended up having to add this line in my Docker compose file to bypass PiHole which is controlling the internal hostnames for my domain:

- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53

After adding that, I was able to successfully pull a cert. The issue is, I have a firewall set up that blocks DNS requests from everywhere except my DNS servers (PiHole), so I had to pause that rule temporarily to get the request to go through.

Wondering what I can do here (if anything) to resolve this without having to disable my firewall rules regularly.

MangoPenguin,
@MangoPenguin@lemmy.blahaj.zone avatar

Create a new rule on the firewall to allow DNS requests to cloudflare from that host only.

WASTECH,
@WASTECH@lemmy.world avatar

That is what I ended up doing temporarily, but I think I will just make it temporarily permanent. I could likely set up another Docker container to run a DNS server connected to a DoH resolver, and use that container as the DNS server for Traefik, but that’s a lot of work.

theit8514,

I would start by testing if you can resolve acme-v02.api.letsencrypt.org from the PiHole and if not, see what you need to unblock that.

theit8514,

discourse.pi-hole.net/t/…/4

WASTECH,
@WASTECH@lemmy.world avatar

Did some more testing to get some details. The error I am getting from Traefik is that Cloudflare cannot create the record because it already exists (PiHole already has the entries). If I delete the records from PiHole, Traefik can then create the TXT records in Cloudflare.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • selfhosted@lemmy.world
  • InstantRegret
  • ethstaker
  • cubers
  • khanakhh
  • Durango
  • rosin
  • tacticalgear
  • magazineikmin
  • thenastyranch
  • DreamBathrooms
  • Youngstown
  • mdbf
  • slotface
  • kavyap
  • JUstTest
  • cisconetworking
  • modclub
  • osvaldo12
  • normalnudes
  • everett
  • GTA5RPClips
  • ngwrru68w68
  • Leos
  • anitta
  • megavids
  • tester
  • provamag3
  • lostlight
  • All magazines
    •