So you tried to provision a SSL certificate from Let’s Encrypt and got this error message “Sorry, an error occurred in processing your SSL certificate. The error is: Your router or DNS server has DNS rebinding protection enabled, preventing alkdfjhh20u9eewljlns.unraid.net 192.168.1.8 resolution.” Well good news for you, a workaround exists. Now while this does primarily apply to my setup at home, it is universal in the sense that as long as you configure your router to hand out the correct DNS Server IP and also your Unraid server is using the correct DNS Server IP then it should work.

How to fix DNS Rebinding in UniFi

I straight up don’t know how. At the time of writing it doesn’t seem possible to do this in UniFi OS or a UniFi router like the USG, UDM, or UDM Pro. But there does exist a couple of ways to avoid rebinding issues anyway.

Keep in mind we will be violating some security protocols here, to get this done. I’m sure there are more advanced ways but I’m not at that skill level yet.

Use PiHole

In my opinion the easiest way to get around the issue is to just use PiHole as your DNS server at home. You can use any other DNS container/server you like but this is the way I got around the problem.

Assumptions

1. You have already deployed PiHole as a container within your Unraid setup. If not here is guide you can follow.

2. This applies to Unraid 6.8+

Step 1

You will need to get your Unraid server hash. Keep this hash private!

To do this go to Settings > Management Access > Provision

Provisioning should fail, which is what we want. After it fails you should see something like this.

Copy and paste the highlighted URL into a text file or any text editor, we will need this later.

Step 2

Make sure Unraid is using PiHole as the DNS. You will want to make sure that it is the ONLY DNS server listed. After we provision you can add back as many DNS servers you’d like.

To do this go to Settings > Network Settings

Ensure that the only IPv4 DNS server is your PiHole DNS Servers’ IP. You will need to stop the array to make changes. After making the changes it is a very good idea to reboot the server, yes I know it sucks but it will save you effort later. I had to reboot for some odd reason.

Step 3

Ensure your router is only handing out the PiHole DNS IP to your clients, again this temporary and we can change back to however you like after provisioning a certificate.

In UniFi OS go to Settings > Networks > LAN and set the DHCP Name Server to your PiHole DNS only.

Optional:

While we are looking at UniFi, let’s go ahead and use Cloudflare as the DNS for the UDM Pro / UDM / USG.

Settings > Networks > WAN change the DNS to 1.1.1.1 and 1.0.0.1

Step 4

Make PiHole look like the picture below. Do not forget to Uncheck “Never forward non-FQDNs”

Version Depicted:

• PiHole 5.2.1

• Web Interface 5.2.1

• FTL 5.3.2

Step 5

Remember that Unraid Hash we got a little while ago. It’s time to deploy it.

Go to Local DNS > DNS Records and add your hash in Domain and Unraid server IP Address

Note for people who use "My Servers” you will need to permanently leave this entry here.

It would be a good idea to update and restart your PiHole container to make sure the changes actually stick.

Step 6

You should now be ready to provision that Let’s Encrypt SSL Certificate.

Settings > Management Access > Provision

Step 7

Grab a [INSERT CHOICE OF BEVERAGE] we are done baby!

Conclusion

In theory this should work for other things like Plex. Some routers allow the user to just enter in an exception like in the case for routers using DD-WRT or OpenWRT. But in my specific use case this is not possible. Also, you do not have to use to PiHole you can use any service you like. In my opinion PiHole is easy and has loads of support from the community.

Questions?

Ask below and I will do my best to answer them but you should know I am far from an expert!

What if I don’t have Unraid?

Well you can simply use any Operating System you wish to deploy PiHole on to make this happen. Whether that be through a container or as a VM. The possibilities are limitless. I am using Unraid because I already own it and it’s flexible enough to support this.

You can install PiHole on the UDM Pro?

That was a questatment, I know. Apparently the UDM Pro is capable of running containers. While I have not followed this route it can be done through a series of steps. Here is a link.

https://github.com/boostchicken/udm-utilities

Also with these tools, you can choose from a myriad of other DNS services aside from PiHole. Best of luck to you and your dear ol’ momma.