So the MTU of Tailscale is actually 1280, but is the connection even going through the VPN or rather through my VPS, when Uptime-Kuma is trying to connect to my local domain?

Thanks, since I access my home network and server through the public IPv4 of a VPS via Tailscale this could actually be the issue. I’ll look into it, when I find the time.

Not sure how this helps, but here you go.

Yeah, I suspect it’s simply an issue on the side of DuckDNS. :/

Yeah, it works fine through my browser. Sometimes the websites load a little longer. I feel like it’s an issue with DuckDNS as it’s seemingly random when it works and when not.

IPv6 doesn’t work:

docker exec -it Uptime-Kuma curl -6 proxmox.datenprolet.duckdns.org
curl: (6) Could not resolve host: proxmox.datenprolet.duckdns.org

Besides that the issue has disappeares since last night. I automatically restart all containers at night and moved from uptime-kuma:1 to uptime-kuma:latest. That shouldn’t make a difference, but maybe it did?

And it’s not a typo in my config, but in my post. But good catch. ;)

It’s HTTPS, what else should it be, when I monitor a domain?

What do you mean by tracker? I’m monitoring local domains, that point to local services and their respective web interfaces like Proxmox or Nextcloud. The local domains have a wildcard SSL certificate via DuckDNS.

Well, I’m monitoring the GUI of Proxmox on which I run a Debian VM which itself runs Uptime-Kuma and Nextcloud in Docker, so yes that’s on the same hardware.

Yep

Yes, Uptime-Kuma is running on the same domain as the other services, except the Nginx-Proxy-Manager, which runs on a VPS which I access via WireGuard. And yes, I’m using Docker. I tried curl’ing one of the domains from the Uptime-Kuma container and got the folllowing error: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to service.datenprolet.duckdns.org:443. So thanks, now I have an idea about what I should investigate.

Removed by mod

Why the VPN and not a normal domain?

I should have added that I am also using Pi-hole and Unbound. This seems to be the issue. I now added the following to my unbound.conf but it’s still not working unfortunately. Where domain.duckdns.org is my domain by DuckDNS and the IP points to the Nginx Proxy Manager.

local-zone: "domain.duckdns.org." static
local-data: "domain.duckdns.org. IN A 192.168.178.123"

Thanks but no local proxy host is working.

Ah I see. As I’ve said the proxy is working for my domain and is available from the internet. So that shouldn’t be an issue…

This is the output of the openssl command:

# openssl s_client -connect 127.0.0.1:443 -showcerts

CONNECTED(00000003)
80DB1D0BDC7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1586:SSL alert number 112
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

# openssl s_client -connect 127.0.0.1:80 -showcerts

CONNECTED(00000003)
809B89C5DB7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

NPM should serve as both, but only issuing SSL certificates for my local network is the issue. Have you taken a look at the tutorial I’ve linked in the original post?

And what do you mean with the port I’ve exposed? Exposed where? NPM uses port 81.

See this answer.

So I’ve followed the tutorial, added a wildcard certificate and tried to add a proxy host using the DuckDNS domain to point to NPM itself. When I open the mydomain.duckdns.org I get an error that I can’t connect to the site.

Besides that NPM is working and I easily set up my actual domain and it’s resolving to devices in my home network. For example cloud.myactualdomain.com is resolving to my Nextcloud running on a Raspi with a local IP with a valid SSL certificate. So NPM and the WireGuard tunnel are generally working as intended.

On which system should I try the openssl command and what’s the port?

KMag doesn’t work on Wayland.

Why to you think Israel’s goal would be ethnic cleansing, that doesn’t make sense!?