Simply need SSL cert for web browser

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ezhik.duckdns.org

I ran this command: sudo cerbot certificates

It produced this output:

Found the following certs:
Certificate Name: ezhik.duckdns.org
Domains: ezhik.duckdns.org
Expiry Date: 2019-05-28 08:35:33+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ezhik.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ezhik.duckdns.org/privkey.pem

So I have a simple requirement. I have server running on my Raspberry Pi which is a Unifi controller for my home WiFi network. It connects via https:ezhik.duckdns.org:8443 and all is OK, except for the warning on the browser when connecting that there is no valid certificate.

I wanted to get a cert to remove the error message and have acquired the certs as shown above, but I didn’t get an SSL cert to import into web browser. Having done a lot of searching I’m just getting nowhere.

Is there a simple way for me to now obtain an SSL cert to import into browsers, or is there an other way to approach this?

Thank you for any advice.

#2

Yes, you did; it’s in /etc/letsencrypt/live/ezhik.duckdns.org/. But because it’s a trusted certificate, you shouldn’t ever have to do this. If you’re getting an error connecting to the Unifi controller, it’s because you haven’t configured the controller software to use the cert you’ve obtained. Here’s a guide on how to do that:
https://crosstalksolutions.com/lets-encrypt-unifi/

#3

To expand on @danb35: the certificate is now stored on the computer on which you ran your certbot command. Unfortunately, you’re not telling us your exact setup. Does your R. Pi run some kind of webserver? Which exact command did you use to get the certificate in the first place? Did you install the certificate correctly or did you expect gnomes to do it for you? :wink:

#4

Hi @btb

your port 8443 uses

CN=UniFi, OU=UniFi, O=ubnt.com, L=San Jose, S=CA, C=US
	15.03.2018
	12.03.2028
expires in 3301 days	

that’s a self signed certificate.

Your port 8443 must use that certificate.

Then you have redirects to port 443:

 https://ezhik.duckdns.org:8443/
81.141.220.180
	302
	https://ezhik.duckdns.org/manage
	2.186
	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

So your port 443 must use the same certificate. There is a timeout, so I don’t see which certificate port 443 uses.

#5

Thank you all for the replies.

As I don’t really know what a lot of this means I’ll take time to read and digest. It seams that the link to the guide to configure the Unfi controller is the way to go. I’ll attempt to understand that and see how I get on.

Again, thank you for all the replies, even though I’m in a little over my head at the moment I’ll try to learn and take it all in.

1 Like
closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.