Brusch Co Uk
| Record\nType | subdomain | Destination | Type |
|---|---|---|---|
| MX | @ | mx00.ionos.co.uk | |
| MX | @ | mx01.ionos.co.uk | |
| TXT | @ | “v=spf1 include:_spf-eu.ionos.com ~all” | |
| CNAME | _domainconnect | _domainconnect.ionos.com | Domain Connect |
| CNAME | s1-ionos._domainkey | s1.dkim.ionos.com | |
| CNAME | s2-ionos._domainkey | s2.dkim.ionos.com | |
| CNAME | s42582890._domainkey | s42582890.dkim.ionos.com | |
| CNAME | app1 | bazdev.ydns.eu | - |
| CNAME | autodiscover | adsredir.ionos.info | |
| A | baz | 213.171.203.63 | - |
| MX | baz | mx00.ionos.co.uk | |
| MX | baz | mx01.ionos.co.uk | |
| TXT | baz | “v=spf1 include:_spf-eu.ionos.com ~all” | |
| CNAME | autodiscover.baz | adsredir.ionos.info | |
| A | bazone | 213.171.203.63 | - |
| MX | bazone | mx00.ionos.co.uk | |
| MX | bazone | mx01.ionos.co.uk | |
| TXT | bazone | “v=spf1 include:_spf-eu.ionos.com ~all” | |
| CNAME | autodiscover.bazone | adsredir.ionos.info | |
| CNAME | bd1 | bazdev.ydns.eu | - |
| CNAME | bd2 | bazone.brusch.co.uk | - |
| CNAME | dev | bazdev.ydns.eu | - |
| CNAME | docs | bazdev.ydns.eu | - |
| CNAME | family | bazone.brusch.co.uk | - |
| A | karen | 213.171.203.63 | - |
| MX | karen | mx00.ionos.co.uk | - |
| MX | karen | mx01.ionos.co.uk | - |
| CNAME | m1eight | bazdev.ydns.eu | - |
| CNAME | m1five | bazdev.ydns.eu | - |
| CNAME | m1four | bazdev.ydns.eu | - |
| CNAME | m1metal | bazdev.ydns.eu | - |
| CNAME | m1nine | bazdev.ydns.eu | - |
| CNAME | m1one | bazdev.ydns.eu | - |
| CNAME | m1port | bazdev.ydns.eu | - |
| CNAME | m1seven | bazdev.ydns.eu | - |
| CNAME | m1six | bazdev.ydns.eu | - |
| CNAME | m1sso | bazdev.ydns.eu | - |
| CNAME | m1three | bazdev.ydns.eu | - |
| CNAME | m1true | bazdev.ydns.eu | - |
| CNAME | m1two | bazdev.ydns.eu | - |
| CNAME | metal1 | bazdev.ydns.eu | - |
| CNAME | mgmt1 | bazdev.ydns.eu | - |
| CNAME | mm | bazdev.ydns.eu | - |
| CNAME | mmfam | bazone.brusch.co.uk | - |
| CNAME | nc | bazone.brusch.co.uk | - |
| CNAME | nc1 | bazdev.ydns.eu | - |
| CNAME | ncfam | bazone.brusch.co.uk | - |
| CNAME | onlyods | bazdev.ydns.eu | - |
| CNAME | onlyofficeserver | bazone.brusch.co.uk | - |
| CNAME | panel | bazdev.ydns.eu | - |
| CNAME | pi1 | bazdev.ydns.eu | - |
| CNAME | port1 | bazdev.ydns.eu | - |
| CNAME | portainer | bazone.brusch.co.uk | - |
| CNAME | sso | bazdev.ydns.eu | - |
| CNAME | true1 | bazdev.ydns.eu | - |
dev.brusch.co.uk
- Created a wildcard DNS entry in Ionos by creating CNAME record for *.dev to point to bazdev.ydns.eu
- The renewal of this certificate is handled by certbot on the Nginx Proxy Manager on docker1 (running on metal1).
- Ensure metal1 is powered up
ssh docker1docker exec -it nginxproxymgr-app-1 bash- Created wildcard certificate with certbot command
certbot -d *.dev.brusch.co.uk --manual --preferred-challenges dns certonly. It will need to be renewed manually by repeating that command, which includes copying the acme-challenge TXT into the DNS server. It was originally executed within the NPM docker host. - Create/ update a custom SSL Certificate in Nginx Proxy Manager using privkey_x_.pem and fullchain_x_.pem as Certificate Key and Certificate respectively.
Also *.pi1.brusch.co.uk and *.shed.brusch.co.uk
Same procedure followed for those, on NPM on pi1. The commands are
docker exec -it nginxproxymgr-app-1 bash
certbot -d *.pi1.brusch.co.uk,*.shed.brusch.co.uk --manual --preferred-challenges dns certonlyThen I cat’ed the fiels to save them locally. The next steps are:
- log into NPM (in this case on pi1)
- select SSL Certificates -> Add SSL Certificate -> Custom
- provide name and upload privkey.pem and cert.pem
- apply certificate to relevant hosts.
Lessons Learned
- One certificate refused to renew because there was a host which used one of the domains in the certificate, but was configured with another SSL certificate on another domain (multiple domain names for the same host). Once the extra domain was removed and the correct SSL certificate configured the SSL cert renewed successfully.