Need help regarding adding a ssl certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://ns3360098.ip-37-187-97.eu/

I ran this command: sudo certbot certonly

It produced this output: Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version): caddy

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: kimsufi

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

So, i bought a server from kimsufi and i installed ubuntu 16.04 and i used this script: https://github.com/salakis/ssss to make it into a seedbox, so it installed let’s encrypt certificate to my domain: https://ns3360098.ip-37-187-97.eu/, no problems there. But then i installed https://wiki.znc.in/ZNC and used port 15109 and when i go to https://ns3360098.ip-37-187-97.eu:15109, it shows no valid certificate, now i know that the certificate required for ZNC is in home/znc-admin/.znc/znc.pem, so i tried to install certbot and create a certificate but it couldn’t because it needed port 80 which i assume caddy is using.

Any help would be appreciated, thanks!


#2

@mholt, do you have a suggested thing that Caddy users should do in this situation? Maybe webroot?

@sritub, you’re right that Caddy is using port 80. You have at least three options (in order from best to worse, in my opinion):

(1) Just use the Caddy-obtained certificate for ZNC. (The certificate isn’t specific to a port number!) You could either reconfigure ZNC to refer to the existing Caddy certificate or copy (or, better, symlink) the Caddy certificate to the location that ZNC expects.

(2) Use --webroot and tell Certbot a location where it can place static files in order for Caddy to serve them.

(3) Shut down Caddy temporarily and then use --standalone (but in this case, you’ll need to provide --pre-hook and --post-hook options to shut down and restart Caddy if you want Certbot to be able to renew the certificate automatically, since Caddy would need to be started and stopped every time for the certificate renewal process).


#3

I use ZNC with Let’s Encrypt so I thought I might chime in.

ZNC requires “haproxy”-style combined certificate format, so you need to concatenate the certificate and the intermediate to the private key.

Since Caddy’s default (assets directory) on-disk storage stores the private key and certificate separately, it might be tricky to get to the format you need.

Since Caddy does support hooks, in your site config you can do something like:

on certrenew /path/to/update-znc-certificate.sh

That does the combined certificate file generation and symlinks it into the ZNC directory.

Since ZNC doesn’t require a service restart to use new certificates, it shouldn’t cause any service interruptions.


#4

Caddy manages the certificates for you – the point is that with Caddy, you don’t need external tools like bash scripts or CertBot. I guess I don’t understand why you’re trying to do it manually…


#5

Can Caddy terminate TLS for IRC? (tcp/6697) ? Two years ago it couldn’t but maybe things have changed.


#6

Yes: https://caddyserver.com/docs/net


#7

Thanks a lot for all your replies, I’ve reinstalled server with another script and I don’t need this anymore. Thanks.


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.