My YunoHost server
Hardware: VPS bought online: Strato - Debian 10
YunoHost version: 4.2.8.3 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Dear YUNO Host community,
I could really use your help. I’m trying to set up a custom certificate so I followed the steps from the documentation but I can’t seem to get it working. This is my first time working with all this.
My process:
- I have a made backup of the self-signed-certificate with all files that were originally working on the server. (This turned out to be a very smart move as I had to restore the original to access my instance - thank you instructions)
- I have the (entity) certificate, intermediate certificate and root certificate on the server; all in
.crt
format. I combine these usingcat
and output ascrt.pem
→ Now I have 1 file with the 3 certificates combined. - I have the private key and convert from
jks
topem
usingsslopen
as indicated in the instructions and I verify that the output format looks like it’s expected (example in docs). - both files go in the
DOMAIN.TLD
folder. - I set the right permissions.
- When I try to restart the webserver I get a
failed to restart
notice.
Since this does not work as expected I decided to inspect the original files and I notice that the enitity certificate (first one at the top in the created crt.pem
file) is different in my crt.pem
compared to the self-signed crt.pem
created by yunohost.
- the crt I get from the service provider looks like the encrypted version of the human readable format yunohost has for the self singed certificate, so after a lot of research I discover how to convert the
(encrypted) crt
to the samex509 -text
format.
Now that my crt.pem
looks the same as the original I hoped it would have done the trick but unfortunately not.
The webserver is still not restarting (obviously due to an error in the files) and I have done everything I could think of.
I would have used the Let’s Encrypt certificate option the portal offers but my Service Provider does not give the option to set the CA record
(I have called them about it) - so that’s not an viable approach either.
Does anyone have any ideas what could be the issue and/or how to better understand what goes wrong? I tried looking at the journalctl
to get details from the nginx service but I don’t see much.
Looking forward to some pointers and fixing this last bit of setting up YUNO Host, I really love it already so can’t wait to blaze ahead.
Kind regards, Paul