Aliasses no longer editable in web GUI after upgrade from 20.7.8_4 to 21.1

[Fright]

yes. and you need to enable it and "Save"
or if you try to access GUI by name that does not match the settings in System: Settings: General try adding this name to the System: Settings: Administration->Alternate hostnames

[gdur]

Hi Fright,
You are making impressive long days and thanks a lot for offering all these suggestions.
For now I'm stuck because I have forced too many renewals ending up with "too many certificates already issued for exact set of domains".
Sadly none of your suggestions led to a solution but only result, once accepting an acceptation, into an insecure connection. So I need to dive into this somewhat deeper. I now think that this behavior, as it seem to be a DNS issue, may be occurs because the public advertised FQDN (external IP address) is in conflict with the internal published FQDN (internal IP address (LAN) using a local DNS).
Could this be the case?

[Fright]

I have forced too many renewals ending up with "too many certificates already issued for exact set of domains".

if you have already received a certificate without a must-staple, then there is no need to do it anymore )

Sadly none of your suggestions led to a solution but only result, once accepting an acceptation, into an insecure connection.

more details please? did you enable "Disable DNS Rebinding Checks"? did you add  Alternate Hostnames (if the server name in the browser is different from the hostname in System: Settings: General)? What is the result now when trying to access from the browser by name?

as it seem to be a DNS issue, may be occurs because the public advertised FQDN (external IP address) is in conflict with the internal published FQDN (internal IP address (LAN) using a local DNS).

this is possible and depends on the DNS settings. if internal DNS-servers are used by the opnsense as forwarders, then, of course, receiving a response with a private address from the forwarder is a sign of DNS-Rebinding attack

[tryllz]

I've upgraded my system this morning to version 21.1 and just discovered that aliases are no longer editable.
As a work around I've made the needed changes in config.xml and pushed the apply button in the web interface. Still need to find out if that works as the change involves to allow access concerning a specific external IP address.

In addition:
Adding a new alias doesn't work either...

I believe you are talking about the same issue I'm facing via Chromium Edge browser. This works fine in Chrome.

https://forum.opnsense.org/index.php?topic=22051.msg104550#msg104550

[gdur]

@ Fright,
I herewith can confirm that it was indeed a local DNS conflicting issue. I've changed the local record to the public IP address and that solved the problem.
Thanks again for all your input

[Fright]

@gdur
not a perfect solution imho but glad it works )

[gdur]

@ Fright,
I totally agree but I'm afraid I need to spend more time to figure out what the appropriate DNS settings should be in the General settings. My first guess is that I should define an external DNS server (let's say 8.8.8.8) at the first position and than as a secondary my local DNS server (which is now the only one defined). Or maybe just select " Allow DNS server list to be overridden by DHCP/PPP on WAN"?

For now at least it works without complaining.

[Fright]

@gdur
schemes and solutions depend on internal services and client settings. if the internal network is small and there are no special requirements for the DNS (AD or some), then it is quite possible to do with the use of the Unbound available on Opnsense and abandon the internal servers. If internal servers are necessary or more convenient, then I would prefer to use only internal servers, and the unbound would be designated as a forwarder for internal servers (the unbound itself can be configured for forwarding or recursion).
after choosing a scheme a solution for the DNS Rebinding issue can be offered.
unless, of course, this is a simple mismatch of the hostname in the OPN config and the hostname in http request