Create certificate but is not working

lcluna86 · May 7, 2020, 5:28pm

My domain is: https://symloging.cloudns.cl/

is for onlyoffice document server

i used certbot

i have this msg

this CA Root certificate is not trusted

:

rg305 · May 7, 2020, 5:36pm

The issue described is misleading.
[yes, the “CA root” is not trusted and a problem - but NOT as you would think]
See: https://www.ssllabs.com/ssltest/analyze.html?d=symloging.cloudns.cl&ignoreMismatch=on

The site isn’t using the correct cert.
It is using a self-signed cert for: office.symloging.com
The “CA root” for the self-signed cert is itself.
So, yes, that “CA root” will never be trusted.
But that can’t be fixed.
The “fix” is to use the correct signed cert.

lcluna86 · May 7, 2020, 5:58pm

i used this

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install certbot

sudo certbot certonly --standalone

followed this steps https://certbot.eff.org/lets-encrypt/ubuntubionic-other

rg305 · May 7, 2020, 6:11pm

The --standalone parameter will only get the cert.
It is then up to you to use the cert.

If you issue:
certbot certificates
you can see what certs you have.

lcluna86 · May 7, 2020, 6:15pm

certificates

so i must do it without --standalone

because i have the webserver in a docker out of the docker there is nothing

rg305 · May 7, 2020, 6:23pm

If the web server and certbot are in the same docker instance, then you can treat it like you would any other system with certbot and a web server:
Cerbot gets and renews the certs.
The web server hosts sites (via HTTP and/or HTTPS).

So, you already have two good certs.
Now, do you have the two corresponding HTTP sites to enable with TLS(HTTPS)?

lcluna86 · May 7, 2020, 6:29pm

maybe the problem is i am doin certbot out of the docker

rg305 · May 7, 2020, 6:42pm

I don’t see how you could (unless you have multiple IPs or shutdown the first container while getting the certs).
If I read that correctly, the first container has both port 80 and port 443.

Anywho, if they are on separate systems, then you will need to either:

find a common “shared” path for them to both reach the cert files.
move the certbot program function into the container that has the web server.

system · June 6, 2020, 6:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.