What do i need for a certificate for sabnzbd on raspberry?


#1

Hey guys,

sorry for asking this stupid question but i am not that 100% confident about certificates and stuff like letsencrypt. I already have sabnzbd on my raspberry (raspbian jessie) and i wanted generate a certificate for sabnzd now.

But to be honest, i am not sure which form i need to use? Is it standalone, webroot or manual?

Also i have a dynamic ddns.net domain as well, but i don´t think i need this? Or is it better/easier to point it to my dynamic adress?

And can i use this certificate for everything on my raspberry? How could i use this certificate for a NAS additionally?

Sorry for all that questions :frowning:


#2

DDNS.net addresses have an issue right now: https://github.com/letsencrypt/letsencrypt/issues/1607#issuecomment-162106898 so you need to wait a bit.


#3

Sorry for asking, is it also possible to setup a webserver on my pi which is behind this dynamic dns? or would it be the same because it is behind ddns.net?


#4

If you’re going to use a dynamic dns provider that’s not on the public suffix list yet (like ddns.net), you’ll probably run into the rate limit. You can wait till they get added or try one of the providers that are already on the list. From a quick glance over the list, here are a two: duckdns.org, DynDNS.com. You could also get a free .tk domain and add a CNAME pointing to your ddns.net domain (CloudFlare would be a free DNS provider for this, as an example) - that would avoid the rate limit as well.


#5

I am also having a domain where i can create subdomains and point to a specific folder.

Would it be possible to request a certificate for that? And if so, which exact path i have to use in my request?


#6

Like the www one just use sub.domain.tld.


#7

Ok this is the command i´ve tried to use:

./letsencrypt-auto certonly --webroot -w /var/www/digitalnaive -d digitalnaive.de -d rm.digitalnaive.de -w /var/www/thing -d thing.is -d m.thing.is
Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo /home/pi/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/digitalnaive -d digitalnaive.de -d rm.digitalnaive.de -w /var/www/thing -d thing.is -d m.thing.is
The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(’/var/www/thing does not exist or is not a directory’,)

And you also see an error. What did i do wrong?


#8

Why not split them in 2 commands, each for one domain?


#9

Sorry i am not 100% certain with what i am doing. So i am more a newbie and don´t doing such things on purpose :wink:

What do you mean with “each for one domain”?

My goal is to create a certificate for rm.digitalnaive.de

And i understood that i can create it with my raspberry and than i pick that certificate files and copy it onto my webspace where rm.digitalnaive.de is pointing to. Is this correct?

Can you may tell me which command should be the right one than? And in which path i can find the files after it is created on my raspberry.


#10

Perhaps @digitalnaive wants just one certificate for all his domains?

But the error message is quite clear, not? “/var/www/thing does not exist or is not a directory”… Does that directory exist? It should be the web root for the domains thing.is and m.thing.is, on that very server.


#11

[quote=“digitalnaive, post:9, topic:6121”]
What do you mean with “each for one domain”?

My goal is to create a certificate for rm.digitalnaive.de
[/quote]Then why include m.thing.is and m.thing.is in the command line?


#12

I just grabed the webroot example in the “how it works” Guide. Thats the reason. I don´t understand for 100% what it means in detail and i tried to just exchange the domains with mine.

Now i just used the command like this:

./letsencrypt-auto certonly --webroot -w /var/www/digitalnaive -d digitalnaive.de -d rm.digitalnaive.de
Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo /home/pi/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/digitalnaive -d digitalnaive.de -d rm.digitalnaive.de
The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(’/var/www/digitalnaive does not exist or is not a directory’,)

but still get an error. Do i have to create a folder in this var directory?


#13

The webroot plugin expects you to run a webserver which is serving files from the directory (root) which you give with the -w syntax. This webserver needs to be accessible from the world wide web (i.e.: the ACME server of Let’s Encrypt).

So I don’t know if your sabnzbd is capable of hosting ‘random’ files (not so random ofcourse, as the Let’s Encrypt client is providing those files ;)) from a certain directory and presenting them to the WWW?

If that’s not the case, but you do have a webserver running behind digitalnaive.de, you can always try --manual.

I recommend you read some more first instead of just trying :smile: And if you insist on trying, try with the --server https://acme-staging.api.letsencrypt.org/directory option: this results in not working certificates, issued by the fake “Happy hacker” CA, but this way you won’t get in trouble by running into the rate limits for your domain.


#14

Guys i really appreciate your help, but i am a newbie who is willed to learn and still don´t understand everything what he is reading.

Maybe you can help me coming from another angle. I thought that this letsencrypt ssl certificate tool is generating a file which in includes facts about the owner and stuff like that.

But now i figured out that you are talking about webservers and directories all the time, thats a little confusing for me. So does that mean every letsencrypt command like manual, standalone or webroot is pointing to a web directory where it needs to get access to?

My first thoughts were that i just create a file localy on my raspberry and i can tell my sabnzb programm the path to it and than i will have ssl. But it seems completely different?


#15

[quote=“digitalnaive, post:1, topic:6121”]
sabnzbd
[/quote]Does this http://wiki.sabnzbd.org/howto-apache help?
The letsencrypt client wants the webroot as configured in your Apache’s httpd.conf file or in the nginx conf.d directory.
Do you have any of these? Use locate I guess.

/LE: Did this not help: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 at all?


#16

Ok what you don´t know is that i just mentioned sab as a possible tool to use ssl. As i said, i only understood the process in that way that it will create one file which i just can use for everything laying in the directory of my raspberry or webserver itself after i copied it there.

But it seems i am completely wrong and have to start from another point to understand this better, if i am able to understand it really in the end.


#17

Sorry for that stupid question, but i think it would help me a lot.

I have installed apache2 on my raspberry -> what is now the domain name of this webserver? i´d like to use this domain name to insert it in my request ./letsencrypt-auto certonly -w /var/www/html/

Because i understood that i will than have this “webserver” on my raspberry which can be used as the server for the certificate. Correct?


#18

So Sabnzbd has some web server already?

What does sudo netstat -tupan | grep :80 say?


#19

I may have misunderstood, but, you need to purchase a domain name (or already own one) which you can use on the webserver.


#20

He’s waiting for the DDNS thing to be approved, so it’s not a hard problem.
In the mean time it’s useful to have the script running free of other issues.