ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Certbot

    IT Discussion
    8
    138
    28.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • alex.olynykA
      alex.olynyk
      last edited by

      0_1464101876197_Capture.PNG
      Ummm...this looks funky. I entered my domain name but whats with all the gobleegook?

      travisdh1T 1 Reply Last reply Reply Quote 1
      • travisdh1T
        travisdh1 @alex.olynyk
        last edited by

        @alex.olynyk The client download might have been corrupted, try removing and installing it maybe. That or the system reported a language that certbot doesn't support.

        1 Reply Last reply Reply Quote 0
        • alex.olynykA
          alex.olynyk
          last edited by

          thanks. if i go to https://owncloud.roseradiology.com/owncloud it says the cert isnt trusted and i have to add it to the root authority. Sorry brand new to this.

          travisdh1T 1 Reply Last reply Reply Quote 0
          • travisdh1T
            travisdh1 @alex.olynyk
            last edited by travisdh1

            @alex.olynyk What OS/webserver are you using for this?

            In CentOS I had to go manually put the correct links to the certs in /etc/httpd/conf.d/ssl.conf.

            I changed the following paths/files.

            SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
            SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
            

            Those are all links to the actual files, so when you use the client to update the cert(s), nothing needs to change settings wise for the web server.

            Also, don't forget to check out the server settings at ssllabs.com.

            A alex.olynykA 2 Replies Last reply Reply Quote 1
            • A
              Alex Sage @travisdh1
              last edited by

              @travisdh1 This is super helpful! Thanks!

              1 Reply Last reply Reply Quote 0
              • A
                Alex Sage
                last edited by Alex Sage

                I suggest you put a nginx reserve proxy in front of OwnCloud.

                You can change that ugly URL from https://owncloud.roseradiology.com/owncloud to https://owncloud.roseradiology.com.

                You can find everything you need here (including SSL setup):

                http://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy/

                Thanks @JaredBusch! 🙂

                travisdh1T 1 Reply Last reply Reply Quote 0
                • alex.olynykA
                  alex.olynyk @travisdh1
                  last edited by

                  @travisdh1 CentOS7 with Apache, and thank you.

                  travisdh1T 1 Reply Last reply Reply Quote 0
                  • travisdh1T
                    travisdh1 @alex.olynyk
                    last edited by

                    @alex.olynyk said in Certbot:

                    @travisdh1 CentOS7 with Apache, and thank you.

                    I guessed right for once, plus it's the only one I COULD have helped with 😉

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @travisdh1
                      last edited by

                      @travisdh1 said in Certbot:

                      @alex.olynyk said in Certbot:

                      @travisdh1 CentOS7 with Apache, and thank you.

                      I guessed right for once, plus it's the only one I COULD have helped with 😉

                      It is ownCloud. Almost certainly what it would be.

                      1 Reply Last reply Reply Quote 1
                      • travisdh1T
                        travisdh1 @Alex Sage
                        last edited by

                        @aaronstuder I'm going to retry getting it running with PHP7 before doing the reverse proxy thing. One of these days I'll stop messing with it and actually use it.

                        1 Reply Last reply Reply Quote 1
                        • alex.olynykA
                          alex.olynyk
                          last edited by

                          0_1464181474784_Capture.PNG
                          I uncommented ServerName in ssl.conf and replaced example .com with my domain name.
                          I still get a mismatch. Its finding localhost.localdomain somewhere. I also edited etc/hosts with my domain name. What am i doing wrong?

                          travisdh1T 1 Reply Last reply Reply Quote 0
                          • travisdh1T
                            travisdh1 @alex.olynyk
                            last edited by

                            @alex.olynyk Did it find your domain name when you ran certbot-auto? Sounds like apache/httpd might not be configured correctly.

                            1 Reply Last reply Reply Quote 0
                            • alex.olynykA
                              alex.olynyk
                              last edited by

                              It did this time. And now I have the green padlock! Yes! Thank you!

                              A 1 Reply Last reply Reply Quote 1
                              • A
                                Alex Sage @alex.olynyk
                                last edited by

                                @alex.olynyk Now all you need to do it get your sub-domain setup 😉

                                1 Reply Last reply Reply Quote 1
                                • wirestyle22W
                                  wirestyle22
                                  last edited by wirestyle22

                                  I'm using two guides:

                                  JB's 8.2 OwnCloud Guide
                                  Certbot

                                  JB's guide worked perfectly and my server is still functioning as intended after my upgrade to 9.0. I'm kind of unsure of how to get this working--Certbot that is. I followed the Certbot guides and it was kicking back errors a few weeks ago. My question is: Is there anything else I should do to prepare for certbot or is this supposed to work out of box essentially? The Digital Ocean guide requires you to do a lot more but I'm not sure if Certbot is taking care of those aspects or not.

                                  A 1 Reply Last reply Reply Quote 1
                                  • A
                                    Alex Sage @wirestyle22
                                    last edited by

                                    @wirestyle22 What webserver will you be using?

                                    wirestyle22W 1 Reply Last reply Reply Quote 0
                                    • wirestyle22W
                                      wirestyle22 @Alex Sage
                                      last edited by wirestyle22

                                      @aaronstuder said in Certbot:

                                      @wirestyle22 What webserver will you be using?

                                      Vultr Hosted -- Apache on CentOS 7

                                      travisdh1T 1 Reply Last reply Reply Quote 0
                                      • travisdh1T
                                        travisdh1 @wirestyle22
                                        last edited by

                                        @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                                        SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                                        SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                                        SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                                        

                                        The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                                        wirestyle22W 1 Reply Last reply Reply Quote 0
                                        • wirestyle22W
                                          wirestyle22 @travisdh1
                                          last edited by wirestyle22

                                          @travisdh1 said in Certbot:

                                          @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                                          SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                                          SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                                          SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                                          

                                          The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                                          So this should automate everything and its just not editing things 100% properly--meaning I can follow the CertBot guide and just edit what you listed? If I hit the limit what error would it kick back?

                                          travisdh1T 1 Reply Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1 @wirestyle22
                                            last edited by

                                            @wirestyle22 said in Certbot:

                                            @travisdh1 said in Certbot:

                                            @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                                            SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                                            SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                                            SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                                            

                                            The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                                            So this should automate everything and its just not editing things 100% properly--meaning I can follow the CertBot guide and just edit what you listed? If I hit the limit what error would it kick back?

                                            I purposely hit the limit a couple weeks back, and I don't remember what it complained about if anything. The ONLY thing it does not do correctly is assign a global certificate for the server. You may be able to comment out those lines in ssl.conf and have everything just work because it does add the configurations in %DOMAINNAME%.conf file(s). I fixed it the other way tho.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 1 / 7
                                            • First post
                                              Last post