Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Using my own certificates

    Support
    certificates wildcard
    3
    8
    487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eivlil01 last edited by girish

      Hello,

      I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)

      Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.

      Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?

      girish 1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        If you open the domain's configure dialog in the Cloudron dashboard, then you can open the advanced section and choose "Custom Wildcard Certificate" in the dropdown. After that you should be able to upload your custom certs right below.

        Out of curiosity, what was the reason why LetsEncrypt didn't work?

        1 Reply Last reply Reply Quote 0
        • E
          eivlil01 last edited by

          Ok, but then they won't self-update and need to be manually re-uploaded every month. I'd like to place a symlink to my self-updating ones from certbot.

          I'll try to explain why I found the need to set this up. I have a cloudron running on a local network behind a VPN. Employees log into the VPN and work on various things. To make things more convenient and safe I wanted the certs to be signed, so I looked into let's encrypt.

          Ports 80 and 443 should be blocked to the outside. I also might be a little picky I also don't want to leak too much info about the apps to the DNS, hence I'd like a single wildcard entry in the public DNS.

          The various DNS and certificate providers available in Cloudron couldn't give me this. They either required forwarding 80/443 or made one entry in the DNS for each app.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @eivlil01 last edited by girish

            @eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?

            In that case, the copy script can put the certs under /home/yellowtent/boxdata/certs. It's important that you name them as <appdomain>.user.cert and <appdomain>.user.key and then systemctl reload nginx.

            E 1 Reply Last reply Reply Quote 0
            • E
              eivlil01 @girish last edited by

              @girish Thanks!

              I have certbot running on the cloudron server. Is that bad?

              girish 1 Reply Last reply Reply Quote 0
              • girish
                girish Staff @eivlil01 last edited by

                @eivlil01 said in Using my own certificates:

                I have certbot running on the cloudron server. Is that bad?

                I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.

                As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.

                E 1 Reply Last reply Reply Quote 0
                • E
                  eivlil01 @girish last edited by eivlil01

                  @girish I'm using the DNS based challenge, but for a wildcard entry.

                  Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

                  girish 1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @eivlil01 last edited by

                    @eivlil01 said in Using my own certificates:

                    @girish I'm using the DNS based challenge, but for a wildcard entry.

                    Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

                    Ah, I see what you are saying now. So you have a wildcard DNS entry pointing to the server but also use DNS automation to get wildcard certs. Indeed, Cloudron does not support that.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Powered by NodeBB