Using my own certificates
-
Hello,
I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)
Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.
Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?
-
If you open the domain's configure dialog in the Cloudron dashboard, then you can open the advanced section and choose "Custom Wildcard Certificate" in the dropdown. After that you should be able to upload your custom certs right below.
Out of curiosity, what was the reason why LetsEncrypt didn't work?
-
Ok, but then they won't self-update and need to be manually re-uploaded every month. I'd like to place a symlink to my self-updating ones from certbot.
I'll try to explain why I found the need to set this up. I have a cloudron running on a local network behind a VPN. Employees log into the VPN and work on various things. To make things more convenient and safe I wanted the certs to be signed, so I looked into let's encrypt.
Ports 80 and 443 should be blocked to the outside. I also might be a little picky I also don't want to leak too much info about the apps to the DNS, hence I'd like a single wildcard entry in the public DNS.
The various DNS and certificate providers available in Cloudron couldn't give me this. They either required forwarding 80/443 or made one entry in the DNS for each app.
-
Hello,
I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)
Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.
Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?
@eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?
In that case, the copy script can put the certs under
/home/yellowtent/boxdata/certs. It's important that you name them as<appdomain>.user.certand<appdomain>.user.keyand thensystemctl reload nginx. -
@eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?
In that case, the copy script can put the certs under
/home/yellowtent/boxdata/certs. It's important that you name them as<appdomain>.user.certand<appdomain>.user.keyand thensystemctl reload nginx. -
@eivlil01 said in Using my own certificates:
I have certbot running on the cloudron server. Is that bad?
I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.
As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.
-
@eivlil01 said in Using my own certificates:
I have certbot running on the cloudron server. Is that bad?
I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.
As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.
-
@girish I'm using the DNS based challenge, but for a wildcard entry.
Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.
@eivlil01 said in Using my own certificates:
@girish I'm using the DNS based challenge, but for a wildcard entry.
Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.
Ah, I see what you are saying now. So you have a wildcard DNS entry pointing to the server but also use DNS automation to get wildcard certs. Indeed, Cloudron does not support that.
