It produced this output: privkey.pem : the private key for your certificate. fullchain.pem: the certificate file used in most server software. chain.pem : used for OCSP stapling in Nginx >=1.3.7. cert.pem : will break many server configurations, and should not be used
without reading further documentation (see link below).
The operating system my web server runs on is (include version):
ubuntu 22
Hello
I want to download my Bundle file which the extension is .crt .
how can I download it ?
i used cerbot command to generate ssl for my domain
And note that if you're dealing with these files directly, you're almost certainly doing things in the most convoluted and difficult way possible. Ideally, your control panel has a button that just gets a certificate for you. If your hosting provider is malicious enough to not provide that to you as an included service, if you can run PHP scripts you might be able to use CertSage.
1- I setup a v2ray vpn on OVH server.
2- I want to tunnel from second server to OVH server by my country CDN provider.
3- I add A RECORD on my cdn provider and point it to OVH server.
4- because I installed lets encrypt ssl on OVH server , I dont want to use CDN's ssl by default.
5- so I must import my server ssl files to That CDN provider.
6- cdn provider needs this ssl files:
Certificate File (.crt)
Private Key File (.key)
Bundle File (.crt)
Let me see if I understand you...
You want to use a CDN [to bypass some restriction].
But you don't want to use the CDN cert [to ensure your privacy].
You are willing to manually upload a file [every 60-90 days] to main this privacy.
You have to provide the CDN your cert and private key to build this private VPN.
Once you provide anyone your private key, they can decrypt your session.
So, to me, it makes no security difference which cert the CDN uses.
But it would be simpler/automated if you used the CDN cert.
That said...
I think you might be able to tunnel securely through a "potentially insecure" tunnel.
I mean that you could encrypt the conversation from your IP to your VPN through an intermediate HTTPS connection provided by that CDN.
Hello Thanks
yes Exactly.
because my country limited all VPNs with foreign-vps location , we must use our country CDN to hide foreign-vps IP and we called this as Tunnel.
when I want to use CND's ssl , our vpn didn't work.
because on VPN panel configuration , I must enter the path of public and private key to provide https for VPN panel adress.
look at this image:
You should not be using the same cert in both locations.
The CDN will have its' own cert.
Your panel/VPN will have its' own cert.
The solution I proposed is not something you can find on a very primitive menu.
At a minimum, it would require using a proxy [to create the "insecure tunnel"] at both "ends".
And then you can use the "proxy path" to reach the VPN.
In a secure implementation, the CDN is essentially only used to create a private route over the Internet. to connect A to B through C(DN) [when A is not able to reach B directly].
The route through A-C-B would have to be forced (via proxy) when anything A (or behind A) is trying to reach anything B (or beyond B) [that is not A to B].
