AdGuardHome
AdGuardHome copied to clipboard
AdguardTeam
Unable to make DoT work with wildcard SSL
Prerequisites
-
[X] I have checked the Wiki and Discussions and found no answer
-
[X] I have searched other issues and found no duplicates
-
[X] I want to report a bug and not ask a question
Operating system type
Linux, Other (please mention the version in the description)
CPU architecture
64-bit ARM
Installation
Docker
Setup
On one machine
AdGuard Home version
v0.107.16
Description
What did you do?
Hello, I have few questions related to DoT setup with wildcard SSL certificate. I couldn't find any answers related to this on reddit, gitub issues or in the wiki.
I have Adguard Home DNS setup in a docker and nginx proxy handles DoH and frontend. I would like to have client identification on DoT, as per the documentation I need to have wildcard certificate. I created SSL certificates for *.secure.example.com and secure.example.com. I also added wildcard DNS in cloudflare so that any *.secure.example.com domains will resolve to the AGH server's IP address. But when I enter myphone.secure.example.com as a private DNS server in my Android phone, it does not work. If I ping myphone.secure.example.com I get a proper response but DoT does not work.
Expected result
DoT should work when using wildcard SSL.
Actual result
DoT is not working with wildcard domain name.
Screenshots (if applicable)
Yes, I have the same problem, I can ping through, but can't connect to the dot.
@sliverstring I got the issue. They have implemented the wildcard DoT feature in edge channel and not present in the latest stable version. Try running the edge tag from https://hub.docker.com/r/adguard/adguardhome/tags
Prerequisites
- [x] I have checked the Wiki and Discussions and found no answer
- [x] I have searched other issues and found no duplicates
- [x] I want to report a bug and not ask a question
Operating system type
Linux, Other (please mention the version in the description)
CPU architecture
64-bit ARM
Installation
Docker
Setup
On one machine
AdGuard Home version
v0.107.16
Description
What did you do?
Hello, I have few questions related to DoT setup with wildcard SSL certificate. I couldn't find any answers related to this on reddit, gitub issues or in the wiki.
I have Adguard Home DNS setup in a docker and nginx proxy handles DoH and frontend. I would like to have client identification on DoT, as per the documentation I need to have wildcard certificate. I created SSL certificates for
*.secure.example.comandsecure.example.com. I also added wildcard DNS in cloudflare so that any*.secure.example.comdomains will resolve to the AGH server's IP address. But when I entermyphone.secure.example.comas a private DNS server in my Android phone, it does not work. If I pingmyphone.secure.example.comI get a proper response but DoT does not work.Expected result
DoT should work when using wildcard SSL.
Actual result
DoT is not working with wildcard domain name.
Screenshots (if applicable)
How did you add wildcard DNS in cloudflare? I didn't know they had this feature.
Setup Wildcard cert for DuckDNS with certbot_dns_duckdns. Working well on lastest Edge version. Here the command:
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "*.example.duckdns.org" \
-d "example.duckdns.org"
@L8X they introduced wildcard dns this year I guess, take a look at https://developers.cloudflare.com/dns/manage-dns-records/reference/wildcard-dns-records/