Inputting the Webroot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jonaswerner.duckdns.org

I ran this command: sudo certbot certonly --webroot

It produced this output: Input the webroot for jonaswerner.duckdns.org: (Enter 'c' to cancel):

My web server is (include version): I run casaOS v0.4.4.1

The operating system my web server runs on is (include version): Raspberry PI OS Lite (32bit)

My hosting provider, if applicable, is: local

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CasaOS (see above)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

I dont get what this webroot thing is please help me outrun this issue or please help me install webroot on my machine.

WindowsTerminal_BfazJmKOfU1022×151 7.57 KB

Please see:

https://eff-certbot.readthedocs.io/en/stable/using.html#webroot

Are you sure CasaOS doesn't have some built-in mechanism to get a cert? Their docs are nearly nonexistent, so you might want to check on their Discord.

I will ask there

It looks like that might use nginx as the web server:

image796×242 57.3 KB

And where do I get the webroot now? What does it look like?

If it is using nginx, then it would be within the nginx config.
You can show it the entire nginx config with:
nginx -T

OR, if needed, use sudo:
sudo nginx -T

If nginx is being used, one might think the --nginx plugin might work, but looking at the screenshot above and reading "Docker", this probably won't work.

Docker makes handling this kinds of things a little bit more difficult. Perhaps it's even wise to ask someone with more experience to do it for you.

I fought with nginx and certbot within containers. I haven't found a sensible way to make it work.

My solution for containerised everything ended up being scrap nginx+certbot and just use Caddy.

It seems pointless to separate things [with containers] that need to be working together.

If you want to make it properly you need certbot to issue commands against the docker socket, and that's a whole another can of worms because the certbot image uses busybox and there's no curl (but there's python, and requests); and having a container accessing the docker socket widens your attack surface enormously.

So, yeah, if you do it, tell me. But don't do it.

Quite fond of Caddy myself. But I still suspect CasaOS has some built-in cert management, even if their docs on the subject (as on almost everything else) are non-existent.

Edit: Yes, it does, in the form of Nginx Proxy Manager. Or, alternatively, using Cloudflare tunnels, but that would require you to be using Cloudflare. But the mechanics of installing and using that would be best addressed in the support channels for CasaOS, which AFAICT consists of a Discord server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.