Adguard cant access certs please help (i know why but any solution)

Question

Adguard cant access certs please help (i know why but any solution)

blair287 opened this issue 4 months ago · 4 comments

Problem/Motivation

(Why the issue was filed)

First I know that the ssl files are now stored in the addon_config folder and not the ssl folder and yes I know you have said on other issues to use letsencrypt but that won't work whilst NPM is working.

So please just hear us out as obviously there are many users who were doing it this way that now are in need of a solution.

I use NPM to proxy the traffic from my dns.xxxxxx.xx.xx address to my HA machine on port 853 before the update NPM made the cert and I added the path to the live cert on adguard and that worked for years.

Now adguard won't accept the addon_config file path just claims it doesn't exist.

I can't run let's encrypt as the ports are in use by NPM.

I've tried a shell command to copy the certs to ssl folder but it won't as says ssl folder is read only.

So only solution so far is to manually copy and replace files every time they renew this doesn't scream home automation to me more like home manual work required.

So please can a solution be found for users who might not have the know how to overcome this issue instead of saying NPM shouldn't be used for it if the solution given also can't work as that's not helping anyone.

Thanks

Expected behavior

(What you expected to happen)

Actual behavior

(What actually happened)

Steps to reproduce

(How can someone else make/see it happen)

Proposed changes

(If you have a proposed change, workaround or fix,
describe the rationale behind it)

Answer 1 · 2024-03-24T14:16:02.000Z

Agreed, I have encountered the same problem.

Answer 2 · 2024-03-30T19:54:46.000Z

Just for reference, the other issue was #518
I realized I'm affected as well.
Not sure why the old behavior as been changed, is it intentional or an oversight ?

Answer 3 · 2024-04-01T15:56:33.000Z

So it is intentional #519 (comment)
From my understanding the addon no longer takes the responsibility to make the certificates available outside the reverse proxy (technical limitation with self-containment ?).
What seems to be suggested is to let NPM handle the decryption (SSL termination ?) and forward the unencrypted traffic to Adguard which would not need SSL certificates as a consequence.

So the question would be how to configure Adguard for unencrypted DoH/DoT if that makes sense ?

This is just me thinking out loud, my understanding might just be wrong though.

Answer 4 · 2024-05-02T08:16:30.000Z

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!