Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Using my own certificates

Using my own certificates

Scheduled Pinned Locked Moved Solved Support
certificateswildcard
8 Posts 3 Posters 1.7k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      E Offline
      eivlil01
      wrote on last edited by girish
      #1

      Hello,

      I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)

      Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.

      Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?

      girishG 1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        If you open the domain's configure dialog in the Cloudron dashboard, then you can open the advanced section and choose "Custom Wildcard Certificate" in the dropdown. After that you should be able to upload your custom certs right below.

        Out of curiosity, what was the reason why LetsEncrypt didn't work?

        1 Reply Last reply
        0
        • E Offline
          E Offline
          eivlil01
          wrote on last edited by
          #3

          Ok, but then they won't self-update and need to be manually re-uploaded every month. I'd like to place a symlink to my self-updating ones from certbot.

          I'll try to explain why I found the need to set this up. I have a cloudron running on a local network behind a VPN. Employees log into the VPN and work on various things. To make things more convenient and safe I wanted the certs to be signed, so I looked into let's encrypt.

          Ports 80 and 443 should be blocked to the outside. I also might be a little picky I also don't want to leak too much info about the apps to the DNS, hence I'd like a single wildcard entry in the public DNS.

          The various DNS and certificate providers available in Cloudron couldn't give me this. They either required forwarding 80/443 or made one entry in the DNS for each app.

          1 Reply Last reply
          0
          • E eivlil01

            Hello,

            I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)

            Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.

            Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?

            girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by girish
            #4

            @eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?

            In that case, the copy script can put the certs under /home/yellowtent/boxdata/certs. It's important that you name them as <appdomain>.user.cert and <appdomain>.user.key and then systemctl reload nginx.

            E 1 Reply Last reply
            0
            • girishG girish

              @eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?

              In that case, the copy script can put the certs under /home/yellowtent/boxdata/certs. It's important that you name them as <appdomain>.user.cert and <appdomain>.user.key and then systemctl reload nginx.

              E Offline
              E Offline
              eivlil01
              wrote on last edited by
              #5

              @girish Thanks!

              I have certbot running on the cloudron server. Is that bad?

              girishG 1 Reply Last reply
              0
              • E eivlil01

                @girish Thanks!

                I have certbot running on the cloudron server. Is that bad?

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #6

                @eivlil01 said in Using my own certificates:

                I have certbot running on the cloudron server. Is that bad?

                I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.

                As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.

                E 1 Reply Last reply
                0
                • girishG girish

                  @eivlil01 said in Using my own certificates:

                  I have certbot running on the cloudron server. Is that bad?

                  I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.

                  As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.

                  E Offline
                  E Offline
                  eivlil01
                  wrote on last edited by eivlil01
                  #7

                  @girish I'm using the DNS based challenge, but for a wildcard entry.

                  Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

                  girishG 1 Reply Last reply
                  0
                  • E eivlil01

                    @girish I'm using the DNS based challenge, but for a wildcard entry.

                    Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    @eivlil01 said in Using my own certificates:

                    @girish I'm using the DNS based challenge, but for a wildcard entry.

                    Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

                    Ah, I see what you are saying now. So you have a wildcard DNS entry pointing to the server but also use DNS automation to get wildcard certs. Indeed, Cloudron does not support that.

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search