Total noob Out of his Depth! Certificate for Ubuntu/Apache


#1

I thought it would be fun to replace / compliment my Synology Nas with a home built NAS server

I’m running Ubuntu Server 16.x, with Owncloud 9.x and Ajenti Management interface.

All the above is working, but trying to get SSL setup, external access etc.

I’ve gone round in circles a little, but I’m trying to ‘start’ with getting a certificate. I’ve followed the excellent instructions for installing using auto ( sudo letsencrypt --apache ) but it complains it doesn’t get a response from port 443

It appears that either my ISP or my router is blocking port 443. 80 is fine (as are the myriad of other ports I’m forwarding), and can access 443 internally, just not externally. (I always intended to end up on a different port anyway, it’s just for LE that’s it’s causing me an issue!)

I’ve seen documentation saying that you can have it use port 80 instead - but this looks to be at the expense of the auto -setup taking care of things.
Is that the case, or am i mis-understanding?

If I do need to go ‘manual’, where’s the best place to start? If it helps (?) my Syno Nas uses a LE certificate - is it possible/easier to export that one & recycle it? They can be on the same sub domain if required (I did have it this way initially, but LE didn’t seem to like this for registering a new one, so have created a new subdomain just for this app)

Sorry if the above didn’t make sense at times - hopefully I’m not completely beyond help :slight_smile:


#2

You need to use certonly mode then manually install the certificate, replace --apache with certonly --webroot -w /var/www/html
Then you’ll need to edit the https vhost to use the LE cert instead of the default self-signed one (fullchain.pem and privkey.pem in /etc/letsencypt/live/domain.tld/).


#3

Huge thanks @cool110

That helped a lot, from there I was able to get them linked to the virtual hosts file. I’ve updated the port to use, and voila - that magical green icon! Phew!

Now just to get auto-renewal working :smiley:


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.