YunoHost exclusively in local network (ssl/cert/https problem)

Discuss Advanced use case
#1

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: the last one
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi, I’m triying to make work bitwarden and nextcloud without a domain (just some random domain like “yolo.server”). I don’t want to connect this apps to internet, just use for local network, so my problem is that I can’t connect the ios apps to this services, they show me an ssl error. I’m noob in this topic so I was reading a lot and I couldn’t get this work. Based on what I read, maybe I need a self-signing cert, I try this but no results.

What can I do with this kind of setup?

Thanks!

#2

Self-signed certificates are by default created when you add a new domain to YunoHost, there should no need for the tutorial you linked to.

I do not know how iOS handles this, but you should be able to tell your devices to trust those self-signed certificates. According to this, you need to download and trust the certification authority generated by your YunoHost server.

To do so, as root, let’s try emailing the certificate to yourself (put your own email address in there):

echo "Here is your YunoHost server's CA certificate" | mail -s "YunoHost CA certificate" yourmail@server.tld -A /etc/yunohost/certs/yunohost.org/ca.pem

Open the certificate from your iOS devices mail app, you should be asked if you want to install it in your device: (I am quoting the tutorial linked above)

Then navigate to “General” > “About” > “Certificate Trust Settings”. In the section “Enable Full Trust for Root Certificates”, enable your root certificate.

:crossed_fingers:

#3

Hey thanks for reply. Sadly it didn’t work, maybe the cert generated by yuno is not compatible with the requierements of Apple? In the link I mentioned before, they compile the cert with certain parameters and the expiry is < 850. However, the file ca.pem has more days. Somebode tried setting bitwarden/nexcloud etc just in localnetwork? Thanks.