SSL certificate manually

hey !

Architecture

  • I use yunohost (in a lxc) behind a reverse proxy (also in a lxc),
  • the hardware is a dedicated pc at home behind a livebox.
  • I have proxmox doing dhcp with all containers.

The problem

Since the livebox is a little shitty, I can’t access my server through the URL if I’m at home behind the livebox. So I want to access yunohost sso through my local network so the livebox doesn’t bother me.

What I’m trying

Because I can’t access the sso with the local ip address of yunohost (see here), I have to use a local DNS.
I add this line YunohostLocalIp domainUrl in /etc/hosts of my personnal computeur. So now I can reach yunohost containeur without being stopped by the livebox BUT i have ssl issues.
Firefox want a ssl certificate because I have this option on the nginx configuration of the reverse proxy add_header Strict-Transport-Security "max-age=31536000;". So I can’t add an exeption in firefox.

Finaly

I think I just need to add a ssl certificate in the yunohost containeur manualy.
I tried to took the ssl certificate for my yunohostdomain in my reverse proxy and put it in the yunohost containeur/etc/yunohost/certs/mydomain/ but it doesn’t word.

Any idee why ?

I think I have to make yunohost understand to use the certificates I give him but I don’t know how.

Update : When i connect to the yunohost admin interface in local with the local ip adress of the container, yunohost is saying I’m using a valid ssl certificate. But I still have a firefox error message saying Your connection is not secure when I try to reach the sso with the url I don’t understand why.

I desactivate the HSTS header in firefox as explain here so I can access my server, but it could be nice to know why giving the certificates to yunohost didn’t work.

Hey! Could you explain further how it did not work? It sounds like you have many layers in this setup (quite not standard at all ;)) and perhaps it is important from which layer you request the certificate (so that certbot can complete the work). Hope it’s clear!

It did not work because I was having some ssl error. I’ve retry with HSTS activated and now it seems to work perfectly :slight_smile: Maybe yunohost take some time to take into account the ssl certificate I gave manually.