I have created an EC2 machine with n8n docker installation and everything works like a charm besides the SSL Cert, At one point of the guide it requests to create an A Record of the subdomain, Now here i just created a DNS Record that points that points to the internal AWS ip. At login to the n8n browser its telling me that the website is not secure.
Now i dont want to expose my n8n instance with an external IP, And its currently using AWS’s security groups to do everything(access to internet).
Is there any solution for this? besides setting and external IP & adding a “real” A record ?
Also error from Traefik is as follows:
Level=error msg=“Unable to obtain ACME certificate for domains "n8n.mydomain.cc": unable to generate a certificate for the domains [n8n.mydomain.cc]: error: one or more domains had a problem:\n[n8n.mydomain.cc] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for n8n.mydomain.cc - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for n8n.mydomain.cc - check that a DNS record exists for this domain\n” providerName=mytlschallenge.acme ACME CA=“https://acme-v02.api.letsencrypt.org/directory” routerName=n8n@docker rule=“Host(n8n.mydomain.cc)”
Hi @Skrymor, you could use a tunnel solution in this case. I know quite a few users are using Cloudflare tunnels, @RedPacketSec suggested them over here for example.
This way, Cloudflare would handle SSL/TLS termination and only Cloudflare IPs are used. You don’t need to use traefik or any other reverse proxy in this case, and also wouldn’t have to open ports 80 or 443 on your machine directly.
Thank you for the answer, Unfortunately i am not using Cloudflare and cannot migrate to it.
I did some research yesterday and maybe there is an option using DNS Challenge?
using this guide - Traefik Docker DNS Challenge Documentation - Traefik
Yes, you can of course use an reverse proxy instead of Cloudflare.
I am using caddy for example, which would support the DNS challenge just fine. If you run into any trouble configuring Traefik in this way you might want to check directly with their community for advice.