HELP with SSL/CERT
Hi, i have installed pterodactyl panel and i'm facing some problems related to using an alias ip.
39 Replies
For example i have here an web hosting page
my alias is "uk.felipefogaca.dev" setup with node alrady
also my node domain is this
when trying to connect it
goes with SSL protocol error
but if i use the vps ip + port, goes alright
i have only two dns setup, one for panel and one for node
both with certificates done in the vps
ps.: the panel and node are installed in the same machine
ps.: i tried to get some help with ptero members in their discord and they have told me to go cloudflare discord for this
I see this:
if it's unproxied blurring the IPs is useless as anyone can dns query to get them anyway
and also unproxied means CF isn't in the middle/not the issue with ssl
For me, the issue I see is that on the
uk subdomain it's trying to use the panel certificate
oh I didn't specify the port, https://uk.felipefogaca.dev:25569/ I just get connection refused
regardless this would be an issue with your origin since it's unproxied, CF isn't in the middle, double check your configsthank you so much for the response
actually for some reason my panel is with CF in the middle
connected with SSL and everything
but the node isnt collaborating hahah
the panel subdomain doesn't have proxy enabled/cf in the middle
nor
uk
you can tell by the "DNS only" proxy status, or from the end user point of view, if you do a dns lookup and see two CF IPs (ex: 104.x,172.x), or look at response headers and look for server: Cloudflare
possible that you used to have them proxied and just now unproxied and your DNS Cache has you still going to Cloudflare though, if you had them proxied recently
ive already flushed my dns cache and still nothing
"still nothing" in what way? What are you looking for?
Your origin has an actual misconfiguration and is serving the wrong tls certificate for port 443. For port 25569, it doesn't respond at all
If you're seeing Cloudflare in the middle, clearing dns cache (and switching from your ISP's default resolver, they ignore cache ttl sometimes) could help get that issue out of the way
i did a complete reinstall and re-certificate to make sure that isnt that the problem
i still got the same problem with the panel installed again
ive asked for someone that knows pterodactyl
and he answered me this:
"Automatic rewrites that are transforming all requests to https, regardless of the actual destination (TCP Port : 25565) the browser is being sent to HTTPS. Neither 443 or 80 are exposed and no SSL Certificate is being specified."
i am using TLS on flexible and doesnt do much
i don't have any rules setup related to the domain
just fresh recent bought domain from CF
dns records still the same
all pointed to the VPS
None of those settings in CF matter as long as your dns records are dns-only and not proxied
not automatic https rewrites, not encryption mode, etc
Your origin, directly, is serving the wrong certificate for
uk, it's serving panel
That is an origin configuration error, in nginx it'd be a misconfiguration of the ssl cert. Not sure what pterodactyl uses but regardless it's something on the origin's endbut both got their certs now
That's for 80/443 at least. For the port 22569, it just doesn't respond. Cloudflare proxied wouldn't even work for 25569 because it's not a supported edge port
on 443/https I still see this
even directly to the IP:25569 I just see this:
http://179.61.226.215:25565/
should work like
http://uk.felipefogaca.dev:25565
also they are dockerized
message from a friend:
that's a different port https://discord.com/channels/595317990191398933/1242856081013739620/1242856416121847908
above you shared 25569
that's 25565
yeah because after the panel reinstall
i had to create another instance
ah ok, that was certainly some of the confusion. I see this error now
so the panel reallocate another port by automatic
The reason why
http://179.61.226.215:25565/ works and
http://uk.felipefogaca.dev:25565/ doesn't is because all
dev domains are forced HTTPS (secure). So you're constantly and forced redirected to https, which won't work with your origin which only supports http/plaintexti didnt know that
damn
If you use a headless client like Insomnia (a rest api tool) which doesn't respect dev forced https (called hsts preloading), you can see it does actually work on the domain
but browsers will always force https for all
dev domainsso technically to fix this error
i need to change my domain extension
"dev"
no lol, just get a proper ssl certificate like from certbot/let's encrypt for free, and then setup your origin with that
you already have one for
uk do you not? You just need to configure your hastebin setup to use that. You could throw nginx in front and have it reverse proxy your containergot it, thank you for your assistance!
i didnt know some extensions force ssl by itself
shouldve know that
all the google ones do, forced hsts preloading