When I try and connect remotely, it states it does not see my DVR and to confirm port 8089 is open. When I go to my Publicip:8089 I can access the DVR and also when I go to my.channelsdvr.net it works but there is an SSL error. The cert expired 12/1/2019 - I believe this is the issue.
Does the Log tab of your DVR show any errors
Yes lots of
TLS handshake error from x:x: remote error: tls: unknown certificate
Certificate renew keeps failing. I think its because you have hard coded DNS? I have port 53 outbound blocked for everything but my DNS filter.
Yes. We have had too many issues with people custom DNS servers incorrectly returning responses required for TLS certificates to be generated and have opted to connect directly to the authoritative servers that perform the validation.
Got it but it seems you're using more than one authoritative server (173.245.58.91 & 173.245.59.191). Is there a range I can white-list or is it only those IPs? Additionally, is the hard coded DNS only used for cert generation?
Yes only those and only used to generate certs
We also send DNS requests to 1.1.1.1 as part of the certificate generation.