I am running my own mailserver as well as ownCloud on a shared server. Especially the ownCloud calendar is giving me grief since the various Android calendar apps have trouble accepting my self-signed certificate.
While this might mean I am not a total Rookie, I find the instructions given to generate an SSL-certificate somewhat intimidating now that I am mainly used to installing server apps via Installatron and not much else.
While my hosting provider is not on the list of supported providers, it does offer the possibility to generate a “Free & automatic certificate from Let’s Encrypt”.
Does anyone know what I must do next? Thanks in advance!
The fields available in the server’s SSL menu are as follows:
2 Letter Country Code
State/Province
City
Company
Company Division
Common Name www.mydomainname.com
Email
Key Size (bits)
Certificate Type
Paste a pre-generated certificate and key
Paste a pre-generated certificate and key
Yes, this is an option under the "SSL Certificates" section of the control panel. If I select "Free & automatic certificate from Let's Encrypt" I get the following:
If I go through with it, the following error message appears:
Cannot Execute Your Request
Getting challenge for [mydomain.com] from acme-server...
User let's encrypt key has been found, but not registered. Registering...
Account registration error. Response: HTTP/1.1 100 Continue
Expires: Fri, 17 Nov 2017 09:56:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 267
Replay-Nonce:
Expires: Fri, 17 Nov 2017 09:56:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 17 Nov 2017 09:56:15 GMT
Connection: close
The URL of the subscriber agreement was recently changed. It’s supposed to be discovered automatically, but unfortunately some software - including, apparently, your host’s control panel - had hard-coded the old URL and consequently broke. They need to fix this by updating their acme client or plugin. You should ask then to do so.
Right, I shall ask them. Am I right in assuming that there is no need to register with Let’s Encrypt or enter anything into the “pre-generated certificate” field?
You don’t have to register. Your hosting provider is trying to do so automatically for you, but failing because of the aforementioned bug. When they fix that it should just work.
I’d guess the pre-generated certificate field is for usr with other CAs, so probably not relevant here.
I’m not sure. It seems they have indeed fixed the original issue. That last line of the error message seems to suggest that there is some special configuration they are expecting - the “/.well-known alias” mentioned. The /.well-known path is indeed used by one of the challenges, but neither Let’s Encrypt nor the ACME spec requires it to specifically be an alias, so that particular detail is probably a requirement of the ACME client your hosting provider is using. There might be something about it in their documentation?
I’m afraid I really have no idea. It seems likely, though. Perhaps there’s some documentation for the control panel itself? Or perhaps this is an option you can find by poking around a bit?