Is their certain setting I need to enable to get letsencrypt dnschallenges to work using pihole with a cloudflare backend? It fails every time unless I change to quad 1s in resolv.conf and bypass pihole altogether.
Use the Cloudfare option instead of Google in this example:
Maybe I misspoke. I am not trying to create certs for pihole. I am trying to create to certs from traefik. The issue is when the dns is set to pihole it timesout/fails. I have a natting rule that reguardless of which dns is asked for it will always push the request to pihole and would like to leave that unmodified. For traefik to pull certs I have to undo the nat rule + change resolv.conf to 1.1.1.1.
There is nothing in principle that should cause this to fail. Do you have some screenshots or (even better) lines from /var/log/pihole/pihole.log showing us what is going wrong when you try the dnschallenge ?
I think the issue is i have "mydomain.com" in my custom A records for my internal reverse proxy with use of the custom cnames. With this being setup _acme-challenge.mydomain.com will not resolve because it thinks its local. Any work around with this?
when i dig the _acme-challenge.mydomain.com i get NODATA in the pihole logs.
EDIT: This is not the issue. I think its my iptables I cant figure it out