So my traefik box died a few weeks ago and I finally have the the parts for a new server. But after putting everything togther and mirroring the previous install. I tried for days to get traefik the ssl certificate from cloudfare to handshake. I then wiped everything clean and started fresh and couldn’t get unsecure http to resolve. THis is when I remembered I had changed my router from the stock netgear firmware to dd-wrt. The router was not looping wan ip addresses back to the lan and so nothing was resolving. I was also having problems getting dhcp working on the router, but I didn’t spend much time on it as I already had pihole on the network so I just set pihole up as dhcp.
So here is my question after all that background info:
I have one box with traefik as my reverse proxy and I have a public dns server pointing to my home network. I use wildcard subdomains on that domain and I get my certificates through cloudfare. If I have pihole rerouting dns requests to my traefik server internally via a dnsmasq wildcard record, is that going to cause issue with certificate resolution on my local network, since the local ip address returned won’t match cloudfares dns record? And if so how do I set it up so that doesn’t happen? I am pretty sure it shouldnt affect wan requests since the ip address will match the dns record from cloudfare. I just want to ask now before I spend another weekend banging my head against the wall trying to do something that is impossible. The key points are that the working solution can’t require any special configuration for local clients. I have things like bitwarden and nextcloud that other members of my family use on their device, so it needs to just work as they will not be able to know how to reconfigure every time they get a new device.