So, I’ve tried solving these problems on my own, and it’s just over my head. My situation is as follows:
-Hosting at home (eeePC)
-ISP blocks incoming port 80
What I want to do:
-obtain a letsencrypt cert
--in order to run certain apps that don't like self-signed certs
--less friction for family and friends when sharing nextcloud links
What I’ve done/tried:
-Tried setting up ‘algo’ VPN on a free amazon ec2 instance, thinking I could use it to proxy? my site. I worked on it for two days, and couldn’t get it working.
-Bought a new domain name from ionos
-Made an account on duckdns
-Spent a day or two trying to map new domain to my Yunohost server… couldn’t get it working.
I am feeling pretty frustrated by the whole situation, and honestly pretty down on myself at this point. I’ve been running Yunohost for 2 or 3 years now, and really enjoying it. I’m looking to do a couple new things now, and can’t figure it out… even though I feel like it shouldn’t be so hard
I’m not a guy with a lot of money, and I really would rather be able to do this myself, but I just can’t get my mind around the solutions, and also I don’t want to break my server that I depend on! If you can help me, or recommend someone who can, let me know!
I still have the domain, (it only cost $1 for the first year:)). I was going to try to do the DNS challenge, but somehow I never got the domain ‘attached’ (pointed?) to my server. I think what I really got stuck at, was getting the dynamic dns service set up. I tried to follow directions here and elsewhere… but every registrar and ddns service is slightly different. I switched some configs from one to the other, and deleted some… I can’t remember exactly what now.
Configuring ddns on my server was where I completely failed. I ran into permissions problems with the ddns configs, and really didn’t want to mess with changing permissions.
The last 2-3 years, have been basically smooth. I had some help getting started, but I’ve reinstalled a couple of times by myself. I’ve had a self-signed cert the whole time, because of the port 80 issue. I guess a lot of ISPs in the US do this for some reason
Yunohost is great, and it has helped me replace a ton of google stuff: I sync calendar, contacts, photos, notes, etc with nextcloud. I use libresonic instead of google music. I’m running pihole. I’d like to do more with my server, but some apps just won’t work with a self-signed certificate.
My feeling is that for someone with the relevant knowledge, this job should not take more than an hour. I am willing to pay $50 USD. If you have a good reputation here (maybe one of the admins can vouch for you), I am willing to pay up front, provided you are confident that you can solve the problems. If you are outside of the US, we may have to be creative with money transfer, but I’m sure we can work it out. The sooner I can get this done, the better. Thanks to all for your consideration.
It’s been a few days, but I think the main problem was configuring the dynamic dns service to/with the registrar. It really wasn’t clear to me which fields need to be changed/removed on which service: registrar or ddns provider. Also I was unable to figure out how to set up the ddns client on my server. Beyond that, I’m sure I will have trouble figuring out the dns challenge.
I’d love to get all this working by myself, but I’ve already kind of burned out my brain on it. I can’t mess with it for at least a couple of weeks, so if nobody takes up my offer, then I’ll eventually try again.
Just bumping this thread, because I’m still looking for help with this problem. I’m away from home for a few more weeks (somehow lost ssh connection to my server), so I can’t work on this right now, even if I wanted to. In the meantime, I’m still running into problems around having a self-signed cert (can’t use NC bookmarks app on android).
If someone wants to help, and feels like $50 isn’t enough, please message me with what you think is a fair price for me to consider. As I said, I can’t fix ssh access for a few weeks anyway, but would love to have some help then. Thanks for reading
My ISP blocks incoming connections on port 80. This is why I can’t get a letsencrypt cert the normal way. I can’t do DNS challenge because I have a nohost.me domain.
I bought another domain, thinking I could point it at my server, and edit the DNS records, but I couldn’t figure it out by myself
I don’t know what happened to my SSH connection. Before I left on this long trip, I set up SSH keys, and disabled password login. It was working at first, but now it doesn’t. I don’t know why. I just get ‘connection refused’. Nmap says the port I use (53) is closed.
Well, I have no idea about dynamic DNS, but I think I can help you with the DNS records… I think… I have domains at IONOS too (former 1&1). And it wasn’t too complicated… you just need to create new A records with the domain name pointing to the IP address. I could make a screenshot if you still need it.
Unfortunately, I cannot change ISP. In my area, I am already using the best of two bad options. The only way for me to unblock the ports is to purchase ‘business’ internet from my ISP, which would lower my speed and is ridiculously expensive (3 year contract, $100 installation fee, and $100/month). I did look into running a VPN on an Amazon VPS, but I really got overwhelmed.
It’s hard to be very specific right now as I’ve been away from the problem for awhile, but it seems like each registrar had a different configuration for the records. I didn’t find an article that addressed my specific situation, and I’m not knowledgeable enough to infer the correct settings. The other part of this problem was (I think) setting up dynamic dns for the new domain.
I’m pretty sure I set SSH to 53, because my router monopolizes 22 for itself, and refuses to forward it to anything else. Besides that, it was definitely working
I don’t know. That sounds like a nice solution. I think that means that I don’t have to worry about dynamic dns for the new domain (since the nohost one is already configured)? Would I even need SSH access to my server to do that?
You also need no SSH access to set the DNS records for your domain purchased through 1&1 IONOS. You just need access to the control center of IONOS: https://login.ionos.com/ There you navigate to your domain options where you can set the DNS records for all domain names you own.
Yes, but since I have a dynamic IP address, I need to setup a dynamic dns service on my server to report to ionos, right? Or can I just tell my ionos domain to point to my nohost.me domain? And then figure out the acme challenge? Sorry if I seem totally lost, haha. I knew more about this stuff a month ago, but I’m not sure I really understood it
Oh yeah that’s a whole different story Sorry, I can’t help you with dynamic DNS. I have only ever done static IPs before. but that’s super easy. So easy that you might want to consider using a $5 per month cloud server. That’s how I do all my Yunohost servers and it’s really quick and easy.
No worries, thanks anyways I am confused about something though… Yunohost currently manages my dynamic IP for my nohost.me domain. If I simply point my new domain at the nohost.me one (DNS redirect?), then I don’t need to setup another dynamic dns updater right? I just need to somehow have letsencrypt issue a cert to my new domain? Will that certificate actually apply to my server? I’m very confused, haha.
Thanks, I will check it out when I get back home. I was trying something similar, I think: dynu.com