Comments (7)
Hi, thanks for your efforts.
I'd like to have a look into this first, but won't be able to check this over the next days.
I found one hint pointing in the direction of -direct
being the certificate used by UI itself for access via unifi.ui.com
.
Still, it's not clear for me what a certificate could possibly have to do with DNS resolution ;) but if it works for you, it works for you!
from ubios-cert.
OK, did a quick check and hope nothing breaks:
For me, only the -direct.key
file gets recreated, not -direct.crt
, after service restart and device reboot. But, everything (checked so far) works fine.
@jonathann92 so yes, I'm happy if you create a PR on that as this looks like something not required to work properly.
from ubios-cert.
@alxwolf the direct.crt created for me after I went to the console in my browser. Try checking if the direct.crt is created after that.
Still, it's not clear for me what a certificate could possibly have to do with DNS resolution
im not sure what it has to do with either. I was thinking about submitting a request to the community but that would take a while.
Did you find similar behavior where the UDM was resolving all queries to mydomain.com
to the gateway when copying over the direct .crt and .key?
@bfayers I saw PR #41 updated the permissions of the direct.key to 644. I’m not sure how the direct.key is used but it seems to have affected evostreams and RTSP. Do you know what the direct .crt and .key are used for? Could I also ask you to test this on your UDM?
from ubios-cert.
I opened #57. Let's try to wait and see if bfayers
responds and is able to test before we merge. I don't want to break someone else's functionality.
from ubios-cert.
@alxwolf the direct.crt created for me after I went to the console in my browser. Try checking if the direct.crt is created after that.
Still, it's not clear for me what a certificate could possibly have to do with DNS resolution
im not sure what it has to do with either. I was thinking about submitting a request to the community but that would take a while.
Did you find similar behavior where the UDM was resolving all queries to
mydomain.com
to the gateway when copying over the direct .crt and .key?@bfayers I saw PR #41 updated the permissions of the direct.key to 644. I’m not sure how the direct.key is used but it seems to have affected evostreams and RTSP. Do you know what the direct .crt and .key are used for? Could I also ask you to test this on your UDM?
I can't understand how a cert could, would or should affect DNS resolution (and it doesn't affect mine -- are you using a wildcard cert? I'm not.)
As for the permissions of the keys from my PR, I simply copied the permissions that unifi use for the default, self signed ones. without those permissions it'd break evostreams and thus the rtsp feeds out of the UDM for use by other things.
I will say I don't think not replacing unifi's default self signed keys there would cause any issues -- so long as the webui still gets the LE cert I don't mind!
from ubios-cert.
I will say I don't think not replacing unifi's default self signed keys there would cause any issues -- so long as the webui still gets the LE cert I don't mind!
Agree. Merged the PR so the -direct
certs are no longer be touched. Let's see if this breaks anything (I doubt it...) - we will know latest in 60 days after next renewal...
from ubios-cert.
Honestly I don’t understand why it would either. I can try playing around later with 2 different domains and use one with the regular and the second with the direct cert.
I am using a wildcard cert so I’m passing this to the .env file *.mydomain.com,mydomain.com
from ubios-cert.
Related Issues (20)
- Cron job now requires the user to be specified HOT 3
- UDM pro upgraded to 2.x uses /data not /mnt/data HOT 3
- /mnt/data still hardcoded in ubios-cert.sh and 99-ubios-cert.sh HOT 2
- Script issues - support for UDMPro v2.4.23 HOT 2
- Issue with wildcard domains HOT 1
- Intermediate Chain Certificate for Guest Portal HOT 12
- Cloudflare not registrering - api not applied correctly HOT 1
- Add OVH as a DNS provider HOT 2
- No such file or directory when running cd ${DATA_DIR}/ubios-cert HOT 7
- Captive Portal HOT 3
- Can't open /data/unifi-core/config/unifi-core.crt for reading, No such file or directory HOT 2
- Curl Error HOT 2
- Email Notification HOT 2
- UNVR Support HOT 6
- Guest portal cert doesn't seem to be updating. HOT 3
- missing keytool? HOT 2
- Minor error in README.MD? HOT 3
- FW 3.2.7 breaks RADIUS certificates HOT 25
- FW 3.2.7 breaks custom web certificates HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ubios-cert.