It looks like I need to add some extra steps to get my new DNS in Unbound works with HTTPS. Let me show you how to do it.
First let’s generate some certificates:
- Create your own root CA with:
$ openssl genrsa -des3 -out myCA.key 2048
- Generate the root CA certificate:
$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
- Create CSR:
$ openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
- Request new certificate:
$ openssl x509 -req -in mydomain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out mydomain.pem -days 1825 -sha256
- Move your certificate to
/etc/ssl
forlder
$ mv *.pem /etc/ssl/
- Install nghttp2
tdnf install nghttp2
- Enable DoH by edditing /etc/unbound/unboung.conf and add this line:
tls-cert-bundle: "/etc/ssl/mydomain.pem"
- Restart unbound
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Join my VMware Knowledge Base Group: https://bit.ly/3w54tbc
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://bit.ly/3vY16CT