-
|
Hi, I've somehow stumbled into a situation where I'm unable to securely connect to my nodes and endpoints as the certificates are valid for e.g talos-tak-sg7 but not talos-tak-sg7.lan, which is what my local DNS has configured for that node. Adding talos-tak-sg7 to my hosts allows me to work with it but I'd much prefer relying on my DNS. How should I go about repairing my nodes to have the correct certSANs? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
If the hostname the node sees itself is different from what you see it, you need to use |
Beta Was this translation helpful? Give feedback.
-
|
Would it be more practical to change the hostname on the nodes to include .lan to keep it consistent with the rest of my network? |
Beta Was this translation helpful? Give feedback.
-
|
Probably yes, but it depends on how your DNS works and so on. |
Beta Was this translation helpful? Give feedback.
-
|
Currently I just have a script running on the router that appends .lan to leases with the hostname, though I'd much prefer using pi-hole. I'm not terribly experienced with DNS configuration. How would I go about changing the node hostnames? |
Beta Was this translation helpful? Give feedback.
-
|
You're asking questions I can't answer, as I don't know anything about the way your machines get hostnames. Please open a specific discussion with all the context. I answered your initial question. |
Beta Was this translation helpful? Give feedback.
If the hostname the node sees itself is different from what you see it, you need to use
.machine.certSANsto append that special hostname. But a proper way is of course to keep the hostname (as seen externally) to the hostname the machine sees, then there will be no issue whatsoever.