My YunoHost server
Hardware: Raspberry Pi at home
YunoHost version: 11.1.18
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Description of my issue
I am trying to configure my server to use Let’sEncrypt certificates that I created with the help of acme.sh https://github.com/acmesh-official/acme.sh
The situation:
-
VPN Arena, which I paid for already, does not allow opening port 80. Frustrating.
-
I found a way to use ONLY port 443 to get Let’sEncrypt certificates, by following the instructions here: https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api and here: https://jmorahan.net/articles/lets-encrypt-without-port-80/
Here’s what I want to do, and what I’ve tried
I would like to use these certs to allow https traffic to my server.
However I am very new to all this and I don’t actually know what I need to do with these certs to get things working. I assume I need to either add the .pem files to some appropriate folders (where?) or maybe the VPN blocks something that I haven’t learned about. I am really stumped, because it seems so close to working.
I tried editing /etc/nginx/nginx.conf as outlined in the first example on this site https://nginx.org/en/docs/http/configuring_https_servers.html and nginx refused to restart:
Apr 26 19:59:10 example.site nginx[48167]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/example.site:48
Apr 26 19:59:10 example.site nginx[48167]: nginx: [warn] duplicate value "TLSv1.3" in /etc/nginx/conf.d/example.site.conf:48
Apr 26 19:59:10 example.site nginx[48167]: nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/nginx/conf.d/example.site.conf:49
Apr 26 19:59:10 example.site systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 26 19:59:10 example.site systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
So, I edited out the parts causing the issues and nginx was able to reload.
From my server’s command line, I ran:
./ssl-cert-check -s example.site -p 443 -i
and got:
Host Issuer Status Expires Days
----------------------------------- ----------------- -------- ----------- ----
example.site:443 Let's Encrypt Valid Jul 25 2023 90
Good sign, right?
However when I run the exact same command from my desktop, I get
Host Issuer Status Expires Days
----------------------------------- ----------------- -------- ----------- ----
Could not read certificate from /var/tmp/cert.lDJaCk
Unable to load certificate
Could not read certificate from /var/tmp/cert.lDJaCk
Unable to load certificate
Could not read certificate from /var/tmp/cert.lDJaCk
Unable to load certificate
Could not read certificate from /var/tmp/cert.lDJaCk
Unable to load certificate
example.site:443 Expired 0 0 -2460061
Just to clarify, I have edited out my site name here, and the DNS resolves (I think) when I check from a tool in the browser. I haven’t edited any apache2 configs yet. Typing either the IP address or the URL into Firefox results in
Secure Connection Failed
An error occurred during a connection to example.site. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…
And if I use any of the ‘SSL checker’ websites, I get errors e.g. “Assessment failed: No secure protocols supported” from https://www.ssllabs.com/ssltest/
Really hoping someone has any insight at all on how (or if) I can get this working. Thanks for reading if you made it this far 