Transfer cert from raspberry to windows

My domain is: https://nvbgm.nl and https://nvbgm1.nl

My web server is (include version): Local pc window 10 and raspberry

The operating system my web server runs on Windows 10 is Local pc

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.8.0

I run Domoticz on a Raspberry P4 certificated with LetsEncrypt
Al runs verry smooth but i want to change it to a Windows 10 pc.
I have all ready instalt Certbot on the window pc and want to get a certification on it for both domain names nvbgm.nl and nvbgm1.nl and ofcource the www.xx
Can anyone help me on what to do next?

You should really use a Windows acme client instead of certbot.

4 Likes

The simplest solution is to route the HTTP connections directly to the Windows PC.
There you can use a Windows ACME client [not certbot(for Windows)] to obtain the certs via HTTP-01 authentication.
That said, simplest is generally not the most secure option.

If you still plan on serving content from the Pi, then you may have to share the HTTP(S) ports.
The is normally done by placing one [or all] of the web servers behind a reverse proxy.
[I would use `nginx` for that task]

5 Likes

I note that the developers don't recommend connecting this to the internet:

I would suggest using tailscale to get a private VPN to access your system remotely.

2 Likes

Hey guys,
I uninstalled certsbot again and started working with win-acme.
Very easy application but I don't get a certificate.
Could it be that I am behind a VPN?
I get this message.

Plugin Manual generated source nvbgm.nl with 4 identifiers
Plugin Single created 1 order
[nvbgm.nl] Authorizing...
[nvbgm.nl] Authorizing using http-01 validation (SelfHosting)
[nvbgm.nl] Authorization result: invalid
[nvbgm.nl] {"type":"urn:ietf:params:acme:error:connection","detail":"22.22.22.222: Fetching http://nvbgm.nl/.well-known/acme-challenge /x5n0OTT4AwdfWdggT5D38e3CTxbxGH2eJ3Ob_QYhY: Connection refused","status":400,"instance":null}
[nvbgm.nl] Deactivating pending authorization
[nvbgm1.nl] Deactivating pending authorization
[www.nvbgm.nl] Deactivating pending authorization
[www.nvbgm1.nl] Deactivating pending authorization

Create certificate failed, retry? (y/n*)

This looks like something wrong with your config for port 80. HTTPS (port 443) for your domain works fine but HTTP (port 80) does not. HTTP is needed for the HTTP Challenge

curl -I https://nvbgm.nl
HTTP/1.1 200 OK
Content-Length: 73943
(other headers omitted)

curl -I http://nvbgm.nl
curl: (7) Failed to connect to nvbgm.nl port 80 after 102 ms: 
Connection refused
4 Likes

Please explain.

3 Likes

For HTTP validation to work http requests to your server TCP port 80 need to work or at least reach your machine (not just HTTPS, TCP 443). Fix that and I would expect everything else will start working again.

As you previously used your raspberry pi I would assume you had some sort of routing setup to forward external port 80 requests through to the IP of that device, so make sure you're now sending them through to the windows machine instead, and that windows firewall has both TCP port 80 and TCP port 443 open.

5 Likes

Thanks i did set the firewall settings correct and it seem to work now .

4 Likes