Newbie help with loading cert into freenas

Han2 · December 6, 2019, 11:46am

My domain is: han-nas.tk

I ran this command: danb35 deploy-freenas

It produced this output: Certifcates, but but when loaded it says not safe

My web server is (include version): Freenas

The operating system my web server runs on is (include version): freenas

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

First of all, i am all new to Nas and security certificates…

I have tried to load lets encrypt certificates on my freenas using the danb35 freenas-deploy.

i worked all fine until the last command and i got the error:
[Thu Dec 5 12:23:01 PST 2019] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File “/root/deploy-freenas/deploy_freenas.py”, line 59, in
with open(PRIVATEKEY_PATH, ‘r’) as file:
FileNotFoundError: [Errno 2] No such file or directory: ‘/root/.acme.sh/freenas.local/freenas.local.key’
[Thu Dec 5 12:23:01 PST 2019] Reload error for :

After this i moved the certificates and load the han-nas.tk.key and han-nas.tk.cer in to Freenas manually… But now the certificates show up as “Invalid”

what is my next step?

And if i get this certificate to work on my freenas, does that mean the Nextcloud Jail i am running is secure with it aswell?

JuergenAuer · December 6, 2019, 1:28pm

Hi @Han2

checking your domain there are some problems - but not certificate problems - https://check-your-website.server-daten.de/?q=han-nas.tk

You use Cloudflare, so the Cloudflare certificate is used.

You have some wrong redirects (check the list of the online check), but

https://www.han-nas.tk/index.php/login

works.

You have created 5 identical certificates:

Issuer	not before	not after	Domain names	LE-Duplicate	next LE
Let's Encrypt Authority X3	2019-12-05	2020-03-04	han-nas.tk - 1 entries	duplicate nr. 5	next Letsencrypt certificate: 2019-12-12 18:59:30
Let's Encrypt Authority X3	2019-12-05	2020-03-04	han-nas.tk - 1 entries	duplicate nr. 4
Let's Encrypt Authority X3	2019-12-05	2020-03-04	han-nas.tk - 1 entries	duplicate nr. 3
Let's Encrypt Authority X3	2019-12-05	2020-03-04	han-nas.tk - 1 entries	duplicate nr. 2
Let's Encrypt Authority X3	2019-12-05	2020-03-04	han-nas.tk - 1 entries	duplicate nr. 1

So don't create a new certificate, there is a rate limit.

Han2 · December 6, 2019, 4:06pm

Ok, so i have just registered the adress and set it up with cloudflare… then i used the let’s encrypt script… i guess that is not right way…

Could you set me in the right direction how to set it up. As i atm have not alot of knowlegde where to start looking…

JuergenAuer · December 6, 2019, 4:09pm

You have a working configuration.

I don’t see a problem.

Read

PS: Where do you see an invalid certificate?

PPS: Other port? Other subdomain?

danb35 · December 7, 2019, 5:36am

Your questions would be much better asked on the thread for my script, rather than here:

danb35 · December 8, 2019, 12:41am

No, my script doesn't do anything with Nextcloud--that needs to be secured separately. I have another script that installs a Nextcloud jail from scratch, including managing the certificates. Check the resources section of the FreeNAS forums for that one.

system · January 7, 2020, 12:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.