Certificate help - AutoSSL

I'm not sure what to do to fix this issue here. I'm running bitwarden on a server in my house.

I also have a webhost and a site for a business. I used to log onto my webhost's cPanel and download the new certificates that had been installed with AutoSSL every time they were renewed.

There may have been a better way but I didn't know it if there was. For my bitwarden server I have a subdomain.

I have the IP of the subdomain set to my public IP address.

AutoSSL has always worked properly until about 6 months ago. When it stopped working I opened a ticket. The host replied that I needed to have the IP address of the subdomain set to the IP address of the host. If I do that, bitwarden can't work because it's being hosted in my house.

I can't use the normal Certbot process because my ISP blocks ports.

Is there something I can do to fix this?

Thanks in advance.

This process isn't working anymore. I have always had

1 Like

I'm still looking for a solution for this.

Should I just get a certificate and install it (I think I should be able to do this with cPanel tools) instead of trying to rely on AutoSSL? The only way I'm able to get this to work is to visit the Zone Editor and change the IP address to that of the server, wait 20 to 30 minutes, run AutoSSL, if it was successful copy the certificates, then change the IP back to mine in Zone Editor.

This would be after I've updated the certificates on my server.

Thanks in advance.

1 Like

Could you run an ACME Client (like Certbot) on your BitWarden or local system using the DNS Challenge?

If your DNS provider has an update API that is supported with your chosen ACME Client you can even automate that. Otherwise you could use a manual DNS Challenge so you'd have to act to get a fresh cert every 60 days or so. But, your current process is very manual so this isn't much different.

Had you provided more answers to the form you were shown we could give more specific advice. And, sorry that no one picked up earlier.

That all said, wasn't much of this covered in your previous thread? What is different now that a DNS Challenge would not work?

4 Likes

Blockquote
Thanks for responding.

I didn't intend to circumvent a form. As far as I remember there wasn't a form to complete. Maybe I removed it by accident.

I forgot about posting that from my previous attempts at getting this working when I was using different domain names. I read over the thread you quoted. The methods I tried then didn't work. That's why I've still been trying to find a solution for this. Once that is less manual and less prone to being forgotten.

I'm still pretty certain that any ACME Clients would need ports 80 and 443 open. Without a business account (so they say) Spectrum will not open ports or all me to use 80 or 443.

How would I find out about this? You also mentioned a manual DNS Challenge. This would be where I have to change a TXT record?

Thanks in advance.

1 Like

Port 80 needs to be open inbound for HTTP Challenge. And port 443 for the less common TLS-ALPN Challenge.

But, the DNS Challenge operates solely with your DNS system. For background see: Challenge Types - Let's Encrypt

I suggested the DNS Challenge as an option given your restrictions with HTTP(S) access from the public internet.

Who is your DNS provider? What domain name are you using for this cert? (we could lookup your provider and tell you).

Automating DNS Challenge is easiest if your DNS provider offers an API but there is an advanced option of using acme-dns too (you run a mini-DNS system on port 53). Different clients support different DNS API. Certbot has fewer "out of the box" whereas lego and acme.sh support many.

For Certbot:
https://eff-certbot.readthedocs.io/en/latest/using.html#dns-plugins

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.