Closed MatsG23 closed 2 years ago
same here. It's really weird. I’m using zerossl certificates and I have tried using tcping on my android 11 phone, it told me that my AGH server tcp 853 port is open but I cannot use private DNS on that. Browser shows "hostname_not_resolved" but I can still using other else public DoT server such as DNSPOD public dns (tls://dot.pub) so that it should not be the issuse by internet provider. I don't know what to do now.
@MatsG23, @catsimple, are you sure that the domain names you use for your AGH installations can be resolved? And that port 853 is open?
@MatsG23, @catsimple, are you sure that the domain names you use for your AGH installations can be resolved? And that port 853 is open?
thanks for your reply, I solved it. After checking the detailed log, I found that the upstream I specified for my AGH installation server (DNSPOD PUBLIC DNS:119.29.29.29) was refusing my require(i/o time out by remote). I changed the upstream server for my domain then all problems solved.
@MatsG23, @catsimple, are you sure that the domain names you use for your AGH installations can be resolved? And that port 853 is open?
I have suddenly the same problem. I have a cloud server running 1.107.7. I can access my webpanel via https (for example https://dns.mydomain.com). When I enter the same address in Private DNS on Android I get a "can not connect". Port 853 (tcp/udp) is open. The only thing i changed is that i upgraded to 1.107.7.
Update: when i connect in Edge to https://dns.mydomain.com/dns-query everything works fine.
@MatsG23, @catsimple, are you sure that the domain names you use for your AGH installations can be resolved? And that port 853 is open?
I have suddenly the same problem. I have a cloud server running 1.107.7. I can access my webpanel via https (for example https://dns.mydomain.com). When I enter the same address in Private DNS on Android I get a "can not connect". Port 853 (tcp/udp) is open. The only thing i changed is that i upgraded to 1.107.7.
Update: when i connect in Edge to https://dns.mydomain.com/dns-query everything works fine.
Check your certificates, Let's Encrypt cause some problems on Android, https://github.com/AdguardTeam/AdGuardHome/issues/3689, use zerossl instead.
@MatsG23, @catsimple, are you sure that the domain names you use for your AGH installations can be resolved? And that port 853 is open?
I have suddenly the same problem. I have a cloud server running 1.107.7. I can access my webpanel via https (for example https://dns.mydomain.com). When I enter the same address in Private DNS on Android I get a "can not connect". Port 853 (tcp/udp) is open. The only thing i changed is that i upgraded to 1.107.7. Update: when i connect in Edge to https://dns.mydomain.com/dns-query everything works fine.
Check your certificates, Let's Encrypt cause some problems on Android, #3689, use zerossl instead.
I use Letsencrypt for a year without problems. Happy to switch to ZeroSSL but can't get that properly working.
I manualy made a certificate and uploaded it to the server. I get the following error (replaced domain wth example):
Certificate chain is invalid. Subject: CN=dns.example.com Issuer: CN=ZeroSSL RSA Domain Secure Site CA,O=ZeroSSL,C=AT Expires: 2022-09-07 01:59:59 Hostnames: dns.example.com
and later on: This is a valid RSA private key. Your certificate does not verify: x509: certificate signed by unknown authority
@MatsG23,@catsimple,您确定可以解析您用于 AGH 安装的域名吗?那个端口853是开放的?
我突然有同样的问题。我有一个运行 1.107.7 的云服务器。我可以通过 https 访问我的网络面板(例如https://dns.mydomain.com)。当我在 Android 上的私有 DNS 中输入相同的地址时,我得到“无法连接”。端口 853 (tcp/udp) 已打开。我唯一改变的是我升级到 1.107.7。 更新:当我在 Edge 中连接到https://dns.mydomain.com/dns-query时,一切正常。
检查您的证书,让我们加密在 Android 上会导致一些问题,#3689,请改用 zerossl。
我使用 Letsencrypt 一年没有问题。很高兴切换到 ZeroSSL,但无法正常工作。
我手动制作了证书并将其上传到服务器。我收到以下错误(用示例替换域):
证书链无效。 主题:CN=dns.example.com 颁发者:CN=ZeroSSL RSA 域安全站点 CA,O=ZeroSSL,C=AT 到期:2022-09-07 01:59:59 主机名:dns.example.com
稍后: 这是一个有效的 RSA 私钥。 您的证书未验证:x509:证书由未知机构签名
What tool did you use to generate the certificates? I use acme.sh and works fine. Making sure your certificate is a fullchain certicate which contains root, intermediate and user three parts. You can also use method blow for using let's encrypt certificate. https://github.com/AdguardTeam/AdGuardHome/issues/3689#issuecomment-931843667
I made the certificates from the zerossl site directly. Will try to use acme.sh. For letsencrypt i used certbot with fullchain. The chain and certificated is ok by adguard but on Android i cannot connect. This is what i get when using lets encrypt
Certificate chain is valid Subject: CN=dns.example.com Issuer: CN=R3,O=Let's Encrypt,C=US Expires: 2022-09-06 12:44:46 Hostnames: dns.example.org
UPDATE: I really have no clue to migrate from letsencrypt to zerossl :-(
UPDATE 2: After 2 days of no connection suddenly it's working again with Let'sEncrypt. Did not change anything and have no clue why it's working again.
I have switched to NextDNS. It is easier to maintain for me (in terms of infrastructure). If someone continues to have this issue, please open a new issue.
Issue Details
Expected Behavior
When I go to the "Private DNS" setting and put my domain which is linked to the cloud server in, Android notices that a connection is not possible.
Actual Behavior
The DNS-over-TLS server should be usable, also because I did not use a custom port.
Additional Information
I activated DNS-over-TLS at the encryption settings, set the domain, used the default ports for the DNS services and entered the paths to the certificates (status: valid).