Transmission and letsencrypt

Hi,

I have got the certbot to work on my subdomain.domain.com and it works very well. It redirects HTTP to HTTPS quickly.

However, I am having trouble getting Transmission (torrent app) that is under the same domain with port 9091 to be SSL secured. I thought that the certbot can work on all directories under the secured subdomain.

SSL works on subdomain.domain.com :white_check_mark:
No SSL on subdomain.domain.com:9091/transmission/web :negative_squared_cross_mark:

I have a VPS, running ubuntu 20.XX. I have root access.

Any help or guides to get this to work would be great.

1 Like

The main function of certbot is to get a certificate. If you "just" get a certificate, nothing really happens by itself with the services you want to have secured, like your webserver or Transmission.

Now, certbot actually does know how to install the certificate for two webservers, Apache and nginx. But it does not know how to install the certificate into Transmission, so you need to do that manually. Please refer to the Transmission documentation on how to install the certificate issued by certbot into Transmission.

5 Likes

Thank you for your knowledgeable reply. I am new to ssl so your guidance is very helpful indeed. I will consult transmission documentation on how to provide SSL.

1 Like

Just remember that a client like a webbrowser connects to a service, such as Apache or Transmission. Most of time, a TLS certificate needs to be installed on all of those services. Note that a certificate like that of Let's Encrypt isn't limited to HTTPS, but could also be used to secure other services (like e-mail protocols such as SMTP or IMAP). In that case, the certificate would need to be installed into those services too.

To make things a little bit more difficult, it's possible to use just one service and let that service internally redirect to different internal services based on some kind of information. For example, you could add transmission.domain.com into your certificate and make a separate VirtualHost in Apache which would be configured to internally redirect all data to localhost:9091, your Transmission. In that case, your certificate would only be needed in Apache and not in Transmission, because the webbrowser would connect only to Apache on the standard HTTPS port 443 and Apache would know (because of the separate hostname) to internally pass the data stream through to Transmission.

But if you don't really need the extra options Apache could offer and you don't mind typing the port 9091 explicitly in the address bar of your browser, there's not really any need for that.

2 Likes

I can tell you that: Transmission does not support tls/ssl.

You need to tell transmission to listen on localhost only, and then use a reverse proxy from another port (even 443 on a /transmission path)

2 Likes

Or just another subdomain, that's also fine to separate the different "streams" so to say.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.