Https saying not secure when using plex, cockpit, and filebrowser

Are you sure you didn’t create it in /etc/apache2/sites-enabled the first time? Don’t end up with duplicates, that will result in confusing behavior.

Location is documented at https://cockpit-project.org/guide/latest/cockpit.conf.5.html

Yes

1 Like

You’re completely right I knew it had to be a tiny mistake on my side. It’s in sites-enabled not sites-available

I also do not have a file called cockpit.conf inside of /etc/cockpit/. I just have 2 folders called ws-certs.d and machines.d. I did sudo vim /etc/cockpit/cockpit.conf to make a new file and included

I restarted apache2 and cockpit and it works perfectly after clearing my browser cache. I have no idea how you’re so knowledgeable about all of this SSL stuff but it’s absolutely crazy and as someone who wants to major in cybersecurity I need to be doing what you’re doing to learn.

2 Likes

Also this is my last question I’m gonna try doing things with plex on my own using the advice you gave way earlier so this isn’t about that, but I can still access http://cockpit.shinytreecko.com which doesn’t use SSL. https://cockpit.shinytreecko.com is working perfectly though and I am about to delete the port forwarding rule for 9090 on my router so I can’t use shinytreecko.com:9090 without SSL but I want to see if I can get this to work before doing that. I tried changing

to AllowUnencrypted = false then restarting apache2 and cockpit which caused the same redirect issue. I changed it back and ran sudo certbot-auto install --cert-name cockpit.shinytreecko.com -i apache, then I ran sudo certbot-auto --apache -d cockpit.shinytreecko.com and pressed 2 each time to make it force redirects to https then restarted both services. It still lets me use http://cockpit.shinytreecko.com. This is okay and I am so happy with all of the help you have given and if you do not want to help with this piece I understand that I have asked for a whole lot.

I would have expected that running the following should cause Apache to redirect HTTP to HTTPS for the Cockpit domain:

sudo certbot-auto install --cert-name cockpit.shinytreecko.com -i apache --redirect

If it doesn’t, that’s probably Certbot doing the wrong thing again.

But you can mimic what Certbot does by hand. In your cockpit.conf, you’d add inside the virtualhost tag the following:

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =cockpit.shinytreecko.com
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
1 Like

It might also be this command, which I have literally never seen anybody use but thats what the help topic says:

sudo certbot-auto enhance --redirect --cert-name cockpit.shinytreecko.com -i apache -n

But it looks like you got it working on your own already :slight_smile: .

1 Like

It was certbot doing the right thing but putting it in the wrong place.


This was the contents of /etc/apache2/sites-enabled/cockpit.conf. I moved all of this

RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           ws://192.168.1.90:9090/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           http://192.168.1.90:9090/$1 [P,L]

below everything that certbot added so that it wasn’t in between RewriteEngine On and the lines certbot added. This fixed it and it now redirects thank you so much for all of your help and this has been a really great learning opportunity which has also increased the amount of patience I have with computers. I almost feel like I need to try plex by myself while I’m on a roll instead of waiting until I feel like trying then getting confused and posting on a forum full of smarter people :smile:!

1 Like

I just had to say that just before bed, you gave me a good laugh! That’s exactly what computers. :laughing: Happy to see you got things under control.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.