[Solved] Problem in renewind SSL certs

Hi all,
Well another issue with SSL renews.
This box as been working for almost 2 years, behind a NATed fw, so let’s not begin by saving it’s not supported and all that …

Box is on Ubuntu 18.04, with all latest updates and on 0.51.
Lastest renewal was on 30 Oct 2020, without any issues, and so far, I haven’t changed a thing.

So far, what I can see is, for some strange reason, the renewal PY module is only reporting the INTERNAL IP address of the box.

Running the ‘setup.sh’ and the mailinabox CLI , all report the correct IP’s, External and Internal.
Running the /root/mailinabox/management/ssl_certificates.py, reports the internal IP, of course, that’s not the ones in the DNS setup.
I’m not using the DNS box, but instead the Cloudflare.

I’ve made a backup of the SSL directory and recreated it and run the mailinabox CLI.
it created a Self-signed, but even with that, I cant create the new certs.
Box keeps reporting the internal IP.

What can I do to troubleshoot this issue?
Regards
JG

can you screenshot what error you see?

the script doesn’t report any local IP, other than the IP resolved by the domain. Did you see The domain name does not resolve to this machine: <ip-address> (A).?

what happens when you nslookup yourboxdomain ?

@daveteu, thank you for your reply.

That’s correct, it replies with the " domain name does not resolve …" But the IP is the internal one of the server and not External/Public one.

nxlookup reports also the internal IP, it shouldn’t do.

Humm, seems that looks like it’s ‘hardcoded’ somewhere …
MY DNS resolver on the interface is the 1.1.1.1 … not any internal DNS servers.
But nslookup queries the internal server NSC DNS …

You need to self troubleshoot to see whether it’s cloudflare or your box dns problem first.

This is done by checking from another machine or your computer, to see what IP the domain resolve to. If it’s resolving to your “internal ip” (i assume it’s your VPC IP address) as well, then you need to look at your cloudflare.

You may also private message me your domain, i can do a lookup from my end as well.

@daveteu, it’s on the box itself.
DNS is being resolved correctly on other systems.

I’ll message you though.
This is very ‘strange’ almost, as I said it seems ‘hardcoded’ …

@daveteu , well problem as been found …

I must have changed the named config DNS fwd’s …
Not sure why I have done that.
I must document better these changes.
Thanks for the support.
Regards.
JG

2 Likes