Rookie needs help - SSL certificate for ownCloud

Hello!

I am running my own mailserver as well as ownCloud on a shared server. Especially the ownCloud calendar is giving me grief since the various Android calendar apps have trouble accepting my self-signed certificate.

While this might mean I am not a total Rookie, I find the instructions given to generate an SSL-certificate somewhat intimidating now that I am mainly used to installing server apps via Installatron and not much else.

While my hosting provider is not on the list of supported providers, it does offer the possibility to generate a “Free & automatic certificate from Let’s Encrypt”.

Does anyone know what I must do next? Thanks in advance!

The fields available in the server’s SSL menu are as follows:

2 Letter Country Code
State/Province
City
Company
Company Division
Common Name
www.mydomainname.com
Email
Key Size (bits)
Certificate Type
Paste a pre-generated certificate and key
Paste a pre-generated certificate and key

Click Here to paste a CA Root Certificate

Hi @dfsjk3,

Did you try that option from the hosting provider? Is it an option in a control panel or something?

Yes, this is an option under the “SSL Certificates” section of the control panel. If I select “Free & automatic certificate from Let’s Encrypt” I get the following:

Common Name	

www.mydomain.com
Email
Key Size (bits): 4096
Certificate Type: SHA256

Selected: 2 Max: 20

Let’s Encrypt Certificate Entries
Select
mydomains.com
webmail.mydomain.com

Paste a pre-generated certificate and key

[empty field]

Paste a pre-generated certificate and key

[empty field]

If I go through with it, the following error message appears:

Cannot Execute Your Request
Getting challenge for [mydomain.com] from acme-server…
User let’s encrypt key has been found, but not registered. Registering…
Account registration error. Response: HTTP/1.1 100 Continue
Expires: Fri, 17 Nov 2017 09:56:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 267
Replay-Nonce:
Expires: Fri, 17 Nov 2017 09:56:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 17 Nov 2017 09:56:15 GMT
Connection: close

{
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]”,
“status”: 400
}.

Blockquote

The URL of the subscriber agreement was recently changed. It’s supposed to be discovered automatically, but unfortunately some software - including, apparently, your host’s control panel - had hard-coded the old URL and consequently broke. They need to fix this by updating their acme client or plugin. You should ask then to do so.

My hosting provider uses Installatron. Will the software at some point be automatically updated?

You’ll have to ask your hosting provider that, I think.

Right, I shall ask them. Am I right in assuming that there is no need to register with Let’s Encrypt or enter anything into the “pre-generated certificate” field?

You don’t have to register. Your hosting provider is trying to do so automatically for you, but failing because of the aforementioned bug. When they fix that it should just work.

I’d guess the pre-generated certificate field is for usr with other CAs, so probably not relevant here.

Thanks for your replies thus far! Just to clarify things: I own two domain names, each having a number of sub-domains.

The hosting provider has in the meantime run an update. If I try to apply for a certificate, I now get the following error:

_Cannot Execute Your Request
Getting challenge for subdomain1.mygagadomain.com from acme-server…
User let’s encrypt key has been found, but not registered. Registering…
Account has been registered.
Getting challenge for mydomain.com from acme-server…
Error: http://subdomain1.mygagadomain.com/.well-known/acme-challenge/letsencrypt_1511092595 is not reachable. Aborting the script.
dig output for subdomain1.mygagadomain.com:
Please make sure /.well-known alias is setup in WWW server.
_

Is this still a hosting provider issue or am I doing something wrong?

I’m not sure. It seems they have indeed fixed the original issue. That last line of the error message seems to suggest that there is some special configuration they are expecting - the “/.well-known alias” mentioned. The /.well-known path is indeed used by one of the challenges, but neither Let’s Encrypt nor the ACME spec requires it to specifically be an alias, so that particular detail is probably a requirement of the ACME client your hosting provider is using. There might be something about it in their documentation?

They are a rather small provider and are not providing any documentation. Is it possible to configure this ACME-client through the control panel?

I’m afraid I really have no idea. It seems likely, though. Perhaps there’s some documentation for the control panel itself? Or perhaps this is an option you can find by poking around a bit?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.