[HELP] Default Website certificate error

[alexkiddddd]

Hi there, I have the default website configured to redirect to another website if zoraxy is hit with a unknown host but when I put my ip or an unknown address that hits zoraxy it shows me a certificate error, only when I accept the certificate it makes the redirection.

I am using zoraxy on docker and apart from that everything works great!

[tobychui]

Hey @alexkiddddd

You will need to upload a valid certificate to the fallback certificate section in order to use default site with https. If nothing is uploaded there, it will use the default build-in self-signed certificate. This certificate should contains CN fields that covers all the possible hostnames that might reach your server.

For a more "correct" approach, you can also purchase a certificate that covers something like *.example.com and upload it to the certificate store in the TLS / SSL tab.

[alexkiddddd]

Thanks for the quick answer! I only have the lets encrypt certificate, I had used nginx proxy manager and the redirect function didn't need any additional certificate, is there any way to achieve the same with zoraxy?

[tobychui]

@alexkiddddd I guess NPM do that in HTTP instead of HTTPS (i.e. your browser request the HTTP site and nginx reply with redirection to a new site with HTTPS protocol in the URL. Zoraxy do it the other way round, you connect to HTTP, got response from server asking for switching to HTTPS then redirect to the target URL, so the redirection cant be spoofed)

You can use the ACME tool to get a wildcard certificate that matches your domains, for example, *.example.com, and put it in the TLS / SSL certificate store (if you use the internal ACME tool it should be automatically placed there, or you might need to upload it manually if you use 3rd party DNS challenge tools). Note that the Zoraxy DNS challenger currently is a bit buggy so it might not work with all DNS service provider in the list.

[alexkiddddd]

So I went down a rabbit hole, the ddns I use doesn't support wildcard certificates, i have registered a ddns on desec.io and they support wildcard, the default website section on zoraxy works but now I can't create ssl certificates for my subdomains because i have to create a dns entry for * but I can't get it to work. I already have a A record pointing to my ip and I have created a CNAME record with *.mydomain.dedyn.io pointing to mydomain.dedyn.io but zoraxy can't create the certificate. What am I doing wrong?

Thanks

EDIT: I have bought a domain from OVH to ease my pain but now I am struggling with the DNS challenge on zoraxy, do I have to create some sort of API?

EDIT 2: I have successfuly installed the wildcard certificate on zoraxy but the default website doesn't use it, also, when I add proxy rules they will not use the wildcard certificate but instead try to create a new certificate. What am I doing wrong?

Sorry for the wall of text!