-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Copying unifi-core-direct.crt
and unifi-core-direct.key
is causing DNS for my domain to resolve to UDM console login
#56
Comments
Hi, thanks for your efforts. I'd like to have a look into this first, but won't be able to check this over the next days. I found one hint pointing in the direction of Still, it's not clear for me what a certificate could possibly have to do with DNS resolution ;) but if it works for you, it works for you! |
OK, did a quick check and hope nothing breaks: For me, only the @jonathann92 so yes, I'm happy if you create a PR on that as this looks like something not required to work properly. |
@alxwolf the direct.crt created for me after I went to the console in my browser. Try checking if the direct.crt is created after that.
im not sure what it has to do with either. I was thinking about submitting a request to the community but that would take a while. Did you find similar behavior where the UDM was resolving all queries to @bfayers I saw PR #41 updated the permissions of the direct.key to 644. I’m not sure how the direct.key is used but it seems to have affected evostreams and RTSP. Do you know what the direct .crt and .key are used for? Could I also ask you to test this on your UDM? |
I can't understand how a cert could, would or should affect DNS resolution (and it doesn't affect mine -- are you using a wildcard cert? I'm not.) As for the permissions of the keys from my PR, I simply copied the permissions that unifi use for the default, self signed ones. without those permissions it'd break evostreams and thus the rtsp feeds out of the UDM for use by other things. I will say I don't think not replacing unifi's default self signed keys there would cause any issues -- so long as the webui still gets the LE cert I don't mind! |
Agree. Merged the PR so the |
Honestly I don’t understand why it would either. I can try playing around later with 2 different domains and use one with the regular and the second with the direct cert. I am using a wildcard cert so I’m passing this to the .env file |
Issue
When I use the ubios-cert.sh script to generate and deploy a cert for
mydomain.com
, I noticed that sometime after 10 - 30 minutes that all my DNS queries will point to the default network's gateway's IP address. This is resulting in my browser going to the unifi console login. This is happening for any wildcard*.mydomain.com
as well.I set the DNS settings to Auto for my
Internet -> Primary (WAN1)
network and all my internal networks as well.What I found that resolved the issue for me
In the ubios-cert.sh file I commented out the lines that created the unifi-core-direct.crt and unifi-core-direct.key files. When the unifi-core service restarted I noticed that the
unifi-core-direct.crt
andunifi-core-direct.key
were automatically created anyways.I noticed that if I remove them and restart the unifi-core service, the
unifi-core-direct.crt
's subject is changed to<string of hex characters>.id.ui.direct
. I inspected the cert by usingopenssl x509 -noout -text -in unifi-core-direct.crt
The lines that I commented out:
Question
Is it okay if I make a PR to remove these lines? Or should I raise this issue up to the unifi community forums?
UDM Info
Model: UDM Pro
UniFi OS UDM Pro: v3.0.20
Network: 7.4.156
The text was updated successfully, but these errors were encountered: