Re: on to letsencrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/05/2021 15:31, Jack Craig wrote:

seems t be working better, how many holes do you see at this point??


Since this now works....

[egreshko@meimei ~]$ host ws.linuxlighthouse.com
ws.linuxlighthouse.com has address 108.220.213.121
ws.linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com.

I'd say you're very close.  People outside of your network can now query just fine.

As for holes.....

1.  If you are going to host an email server then you have some changes to make.
Normally email addresses are "domain" addresses as opposed to "host" addreses.
So, you'd normally want your email address to be e.g. "jack@xxxxxxxxxxxxxxxxxxx".
But you don't have an MX record for your domain.  You have it for a host.

[egreshko@meimei ~]$ host ws.linuxlighthouse.com
ws.linuxlighthouse.com has address 108.220.213.121
ws.linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com.

You'd really want these returns  (I've, of course, made those up)

[egreshko@meimei ~]$ host linuxlighthouse.com
linuxlighthouse.com has address 108.220.213.121
linuxlighthouse.com mail is handled by 10 ws.linuxlighthouse.com.

and

[egreshko@meimei ~]$ host ws.linuxlighthouse.com
ws.linuxlighthouse.com has address 108.220.213.121

2.  You now want to fix your named.conf to have "recursion no;"  The default is "yes".
You don't want your DNS server acting as a server every domain.  If someone queries
your server directly you want it to return (using cnn.com as the example).

Host cnn.com not found: 5(REFUSED)

3.  And, I think you already know this, your web server's cert is wrong.  The security
report is

This server could not prove that it is linuxlighthouse.com; its security certificate is from ws.linuxlighthouse.com. This may be caused by a misconfiguration or an attacker intercepting your connection.




--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux