My YunoHost server
Hardware: VPS bought online: Strato - Debian 10
YunoHost version: 188.8.131.52 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Dear YUNO Host community,
I could really use your help. I’m trying to set up a custom certificate so I followed the steps from the documentation but I can’t seem to get it working. This is my first time working with all this.
- I have a made backup of the self-signed-certificate with all files that were originally working on the server. (This turned out to be a very smart move as I had to restore the original to access my instance - thank you instructions)
- I have the (entity) certificate, intermediate certificate and root certificate on the server; all in
.crtformat. I combine these using
catand output as
crt.pem→ Now I have 1 file with the 3 certificates combined.
- I have the private key and convert from
sslopenas indicated in the instructions and I verify that the output format looks like it’s expected (example in docs).
- both files go in the
- I set the right permissions.
- When I try to restart the webserver I get a
failed to restartnotice.
Since this does not work as expected I decided to inspect the original files and I notice that the enitity certificate (first one at the top in the created
crt.pem file) is different in my
crt.pem compared to the self-signed
crt.pem created by yunohost.
- the crt I get from the service provider looks like the encrypted version of the human readable format yunohost has for the self singed certificate, so after a lot of research I discover how to convert the
(encrypted) crtto the same
Now that my
crt.pem looks the same as the original I hoped it would have done the trick but unfortunately not.
The webserver is still not restarting (obviously due to an error in the files) and I have done everything I could think of.
I would have used the Let’s Encrypt certificate option the portal offers but my Service Provider does not give the option to set the
CA record (I have called them about it) - so that’s not an viable approach either.
Does anyone have any ideas what could be the issue and/or how to better understand what goes wrong? I tried looking at the
journalctl to get details from the nginx service but I don’t see much.
Looking forward to some pointers and fixing this last bit of setting up YUNO Host, I really love it already so can’t wait to blaze ahead.
Kind regards, Paul