Community
Good day,
I just want to ask if Axigen and Lets Encrypt support DDNS domains? rather than creating a self signed certificate in which all browsers will show warning everytime you open webadmin, webmail unless to install it as trusted certificate.
I am not using my Axigen mail server to be broadcast on my DNS for my mailers domain.
Regards,
Jay
Hello Jay,
If by DDNS you are referring to Dynamic DNS that there is no need for a special setup other than for a “normal” domain.
All you need is to follow our documentation available here (please pay attention to enabling the WebMail listener on port 80 as this is the one used to validate the ownership of the requested SSL certificate hostname).
HTH,
Ioan
Hi Loan,
Understood, But my axigen server does not have a DNS Entry that is why I am using DDNS. Because the current location where the Axigen reside is on a Dynamic IP.
Regards,
Jay
Hello Jay,
Than this is something which should be fixed on your side (like a DDNS client configured on your server / router).
If you need some hints from our side please let us know which DDNS service are you using and if your Axigen server is on a Linux machine (please let us know the exact type and version of the OS) as we could provide some help on for this type of OS.
BR,
Ioan
Thanks loan,
I do have all setup DDNS client configured already.
Then the last step will be the port forwarding on the router for the ports i needed.
Like
HTTP on port 80 and HTTPS on port 443?
So it means if I use NOIP as my provider for DDNS and my hostname will be “xxxx.ddns.me” then I can create directly from axigen a new cerificate for “xxxx.ddns.me” is that correct?
Regards,
Jay
Hello Jay,
Yes, all should be fine if all of the above are checked on your side.
If you still have problems please check the logs for any hints of why it is not working - and share them here in case the issue is still unclear.
BR,
Ioan
I use ZoneEdit for my DDNS and it works fine. As long as Let’s Encrypt can find your current IP address and connect to the ports, it works. (I just renewed my Let’s Encrypt certificate this morning.)
Thanks all, I will try it and give feedback afterwards.
Hi,
Unfortunately I have issue with the ISP itself blocking the port 80 in this case I cannot use the HTTP Challenge.
Letsencrypt cannot access my server.
Any other suggestions?
How to change from HTTP Challenge to DNS Challenge?
Regards,
Jay
Hello Jay,
If you whish to use DNS Challenge (which for obvious reasons is not supported by Axigen) than you should use an external ACME client that support it and, when the certificate is updated, update the certificate on Axigen side and restart the Axigen service.
HTH,
Ioan
Update: I used Certbot for my DNS Challenge. I successfully created certificates but unfortunately Axigen don’t accept them.
Error:
2020-12-31 12:23:57 +0400 02 Axigen WEBADMIN:00003122: SSL load certificate error:0906D06C:PEM routines:PEM_read_bio:no start line
2020-12-31 12:23:57 +0400 02 Axigen WEBADMIN:00003122: SSL load certificate error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
My certicates as follow:
privkey.pem : the private key for your certificate.
fullchain.pem: the certificate file used in most server software.
chain.pem : used for OCSP stapling in Nginx >=1.3.7.
cert.pem : will break many server configurations, and should not be used
without reading further documentation (see link below).
Regards,
Jay
Hello Jay,
Axigen requires that the “cert” file to include both the private key and public certificate.
My suggestion is to merge privkey.pem with fullchain.pem (like cat privkey.pem fullchain.pem >> lets-encrypt-cert.pem) and use that file into Axigen listener(s) (it should have read access for axigen user).
HTH,
Ioan