ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Certbot

    Scheduled Pinned Locked Moved IT Discussion
    138 Posts 8 Posters 29.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1 @Alex Sage
      last edited by

      @aaronstuder I'm going to retry getting it running with PHP7 before doing the reverse proxy thing. One of these days I'll stop messing with it and actually use it.

      1 Reply Last reply Reply Quote 1
      • alex.olynykA
        alex.olynyk
        last edited by

        0_1464181474784_Capture.PNG
        I uncommented ServerName in ssl.conf and replaced example .com with my domain name.
        I still get a mismatch. Its finding localhost.localdomain somewhere. I also edited etc/hosts with my domain name. What am i doing wrong?

        travisdh1T 1 Reply Last reply Reply Quote 0
        • travisdh1T
          travisdh1 @alex.olynyk
          last edited by

          @alex.olynyk Did it find your domain name when you ran certbot-auto? Sounds like apache/httpd might not be configured correctly.

          1 Reply Last reply Reply Quote 0
          • alex.olynykA
            alex.olynyk
            last edited by

            It did this time. And now I have the green padlock! Yes! Thank you!

            A 1 Reply Last reply Reply Quote 1
            • A
              Alex Sage @alex.olynyk
              last edited by

              @alex.olynyk Now all you need to do it get your sub-domain setup 😉

              1 Reply Last reply Reply Quote 1
              • wirestyle22W
                wirestyle22
                last edited by wirestyle22

                I'm using two guides:

                JB's 8.2 OwnCloud Guide
                Certbot

                JB's guide worked perfectly and my server is still functioning as intended after my upgrade to 9.0. I'm kind of unsure of how to get this working--Certbot that is. I followed the Certbot guides and it was kicking back errors a few weeks ago. My question is: Is there anything else I should do to prepare for certbot or is this supposed to work out of box essentially? The Digital Ocean guide requires you to do a lot more but I'm not sure if Certbot is taking care of those aspects or not.

                A 1 Reply Last reply Reply Quote 1
                • A
                  Alex Sage @wirestyle22
                  last edited by

                  @wirestyle22 What webserver will you be using?

                  wirestyle22W 1 Reply Last reply Reply Quote 0
                  • wirestyle22W
                    wirestyle22 @Alex Sage
                    last edited by wirestyle22

                    @aaronstuder said in Certbot:

                    @wirestyle22 What webserver will you be using?

                    Vultr Hosted -- Apache on CentOS 7

                    travisdh1T 1 Reply Last reply Reply Quote 0
                    • travisdh1T
                      travisdh1 @wirestyle22
                      last edited by

                      @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                      SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                      SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                      SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                      

                      The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                      wirestyle22W 1 Reply Last reply Reply Quote 0
                      • wirestyle22W
                        wirestyle22 @travisdh1
                        last edited by wirestyle22

                        @travisdh1 said in Certbot:

                        @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                        SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                        SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                        SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                        

                        The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                        So this should automate everything and its just not editing things 100% properly--meaning I can follow the CertBot guide and just edit what you listed? If I hit the limit what error would it kick back?

                        travisdh1T 1 Reply Last reply Reply Quote 0
                        • travisdh1T
                          travisdh1 @wirestyle22
                          last edited by

                          @wirestyle22 said in Certbot:

                          @travisdh1 said in Certbot:

                          @wirestyle22 I've found that certbot updates the configuration files for domains/subdomains, but does not update the ssl.conf file. So you need to make sure the cert files in /etc/httpd/conf.d/ssl.conf point to the correct keys.

                          SSLCertificateFile /etc/letsencrypt/live/%DOMAINNAME/cert.pem
                          SSLCertificateKeyFile /etc/letsencrypt/live/%DOMAINNAME/privkey.pem
                          SSLCertificateChainFile /etc/letsencrypt/live/%DOMAINNAME/fullchain.pem
                          

                          The other thing you can easily do is run out of activations. They give you ~5 per week, so if you have problems and re-issue instead of re-install in the certbot script, you just run out and have to wait a week.

                          So this should automate everything and its just not editing things 100% properly--meaning I can follow the CertBot guide and just edit what you listed? If I hit the limit what error would it kick back?

                          I purposely hit the limit a couple weeks back, and I don't remember what it complained about if anything. The ONLY thing it does not do correctly is assign a global certificate for the server. You may be able to comment out those lines in ssl.conf and have everything just work because it does add the configurations in %DOMAINNAME%.conf file(s). I fixed it the other way tho.

                          1 Reply Last reply Reply Quote 0
                          • alex.olynykA
                            alex.olynyk
                            last edited by

                            is there any reason for me to also encrypt my internal URL for ownCloud?

                            JaredBuschJ travisdh1T 2 Replies Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @alex.olynyk
                              last edited by

                              @alex.olynyk said in Certbot:

                              is there any reason for me to also encrypt my internal URL for ownCloud?

                              why do you have 2 URLS for people to remember?

                              All my stuff is always on oc.domain.com to make it easy for people to use.

                              1 Reply Last reply Reply Quote 0
                              • travisdh1T
                                travisdh1 @alex.olynyk
                                last edited by

                                @alex.olynyk said in Certbot:

                                is there any reason for me to also encrypt my internal URL for ownCloud?

                                Why bother would be what I'd say. If someone's tapping your internal network, you have more problems. Using OwnCloud is a way to get moving to a LANLess "network".

                                1 Reply Last reply Reply Quote 0
                                • alex.olynykA
                                  alex.olynyk
                                  last edited by

                                  because owncloud.roseradiology.com does not work from inside the network

                                  JaredBuschJ A 2 Replies Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @alex.olynyk
                                    last edited by

                                    @alex.olynyk said in Certbot:

                                    because owncloud.roseradiology.com does not work from inside the network

                                    I know, I have told you how to fix it before.

                                    1 Reply Last reply Reply Quote 4
                                    • alex.olynykA
                                      alex.olynyk
                                      last edited by

                                      Yes, I know. I have gone through my earlier threads and notes and am checking everything again.

                                      1 Reply Last reply Reply Quote 1
                                      • A
                                        Alex Sage @alex.olynyk
                                        last edited by Alex Sage

                                        @alex.olynyk said in Certbot:

                                        because owncloud.roseradiology.com does not work from inside the network

                                        I am confused. If it works outside the network, why doesn't it work from inside the network? Does your internal DNS server forward requests to public DNS servers? I have to assume the pubic DNS servers are correct, since it works. Did you setup a record for owncloud.roseradiology.com internally? I would just let it forward the request to the public DNS servers, and resolve it there.

                                        1 Reply Last reply Reply Quote 0
                                        • wirestyle22W
                                          wirestyle22
                                          last edited by wirestyle22

                                          Is this correct apart from the failed authorization?

                                          0_1464196376969_1.jpg

                                          0_1464196382602_2.jpg

                                          0_1464196496521_3.jpg

                                          1 Reply Last reply Reply Quote 0
                                          • alex.olynykA
                                            alex.olynyk
                                            last edited by

                                            I setup a CNAME internally because i gave owncloud a different name internally. owncloud.rose.internal

                                            StrongBadS A 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 1 / 7
                                            • First post
                                              Last post