Domain Certificates for FreeNAS jail apps

SandiaSlice · 2015-12-11 00:38:23 UTC

Hi,

I’m brand new to certificate management so please forgive me if my issues and questions make me sound ignorant.

I have set up a personal home server using FreeNAS which is a port of FreeBSD, i believe. The build is FreeNAS-9.3-STABLE-201412090314.

I currently have 7 application jails successfully running. one of these have https set up already, but I’ll be honest and say that I just followed some “cookbook” instructions to set up the openssl in the jail. The jail app with SSL is ownCloud – my family’s personal cloud storage solution. The ownCloud install was done using NGINX, PHP-FPM, and MySQL per this walkthrough: https://forums.freenas.org/index.php?threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/

I currently pay DynDNS.org for a domain that is always synced to my router’s IP. Let’s call it “CostonDomain.net” (for example).

Currently I can go to https: //CostonDomain.net:12808 to access my FreeNAS server’s web GUI, and I can go to https: //CostonDomain.net/owncloud to access my ownCloud server. This works because I configured my router to forward port 443 to the ownCloud server’s IP on my home network and I have port 12808 being forwarded to the FreeNAS WebGUI IP with FreeNAS configured to “listen” for https traffic on that same port.

What I’d like to do is to install the same domain verification certificate from Let’sEncrypt on both of these so whenever I try to access either the FreeNAS GUI or my ownCloud server from outside my home network using https: //CostonDomain.net… I won’t get the browser’s domain not valid error screen.

Is this possible? If so, How do I go about obtaining the cerificate? I’m hoping someone reading this is familiar with FreeNAS systems and jails.

I’ve already tried multiple times to follow the tutorials at Let’sEncrypt, but I am doing something wrong.

Again, please forgive my ignorance.

SDC

serverco · 2015-12-11 09:06:22 UTC

Yes, perfectly possible although it has a good few steps in it - and I’m not aware of a good “cookbook” set of instructions to help you with this.

Since there are only a very limited number of people involved ( I’m assuming just close family accessing your owncloud legitimately). why not just tell your browser that you want to trust the existing certificate, and you shouldn’t get aked again ( on that browser).

SandiaSlice · 2015-12-11 13:04:27 UTC

@serverco,

Thank you for your reply. We use owncloud somewhat like Google drive and occasionally send one time links to folders or files to various people or entities, so it would be nice for them not to have to see and deal with the warning screen and “push through it.” And I don’t want to give each and every one of them instructions to trust my cert.

Also, I’ve tried what you recommended, and it doesn’t seem to always work depending on what platform and what browser is being used. Sometimes, also, adding the certificate in the trusted works, but only for a short time and them something reverts.

If I can figure out how to use Let’sEncrypt, it would be preferable.

I’ll keep on looking in to it, and push back here when I’ve figured it out.

Thanks, Sean

serverco · 2015-12-11 13:33:24 UTC

Hi Sean,

The easiest may be to use one of the alternative clients - particular one of the web based ones, to obtain an SSL certificate, then just place that on the NAS replacing the existing self signed cert. That would need manually updating every couple of months, but would at least get you started. It would also enable you to go through the stages of finding out where on the NAs to upload the cert to etc.

lneib · 2018-11-07 21:46:39 UTC

Did you ever get this to work? I am currently in the process of building a FeeeNas Server with the Owncloud plugin and I am almost at the point of needing to get my SSL installed. Any help would be very useful