Using my own certificates

eivlil01

Hello,

I am using the Wildcard DNS provider with Custom wildcard certificates. (Cloudron did not provide a suitable combo of DNS provider and Let's encrypt certificate functionality.)

Now, I would like to point Cloudron to a set of certificates that i have set up to refresh using certbot.

Where does cloudron find its certificates, and is it possible to put a symlink to mine there instead?

nebulon

If you open the domain's configure dialog in the Cloudron dashboard, then you can open the advanced section and choose "Custom Wildcard Certificate" in the dropdown. After that you should be able to upload your custom certs right below.

Out of curiosity, what was the reason why LetsEncrypt didn't work?

eivlil01

Ok, but then they won't self-update and need to be manually re-uploaded every month. I'd like to place a symlink to my self-updating ones from certbot.

I'll try to explain why I found the need to set this up. I have a cloudron running on a local network behind a VPN. Employees log into the VPN and work on various things. To make things more convenient and safe I wanted the certs to be signed, so I looked into let's encrypt.

Ports 80 and 443 should be blocked to the outside. I also might be a little picky I also don't want to leak too much info about the apps to the DNS, hence I'd like a single wildcard entry in the public DNS.

The various DNS and certificate providers available in Cloudron couldn't give me this. They either required forwarding 80/443 or made one entry in the DNS for each app.

girish

@eivlil01 I assume you have certbot running elsewhere (and not on the Cloudron server) and then you copy over certs or something?

In that case, the copy script can put the certs under /home/yellowtent/boxdata/certs. It's important that you name them as <appdomain>.user.cert and <appdomain>.user.key and then systemctl reload nginx.

eivlil01

@girish Thanks!

I have certbot running on the cloudron server. Is that bad?

girish

@eivlil01 said in Using my own certificates:

I have certbot running on the cloudron server. Is that bad?

I am confused how certbot can work but Cloudron cannot. Is this because you open port 80 temporarily when you run certbot manually (or something like that)? certbot and Cloudron cert code use the same mechanism to get certs.

As for running certbot on Cloudron itself, I don't have much experience with certbot but if it works it's probably OK.

eivlil01

@girish I'm using the DNS based challenge, but for a wildcard entry.

Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

girish

@eivlil01 said in Using my own certificates:

@girish I'm using the DNS based challenge, but for a wildcard entry.

Cloudron only supports http based challenge for wildcards, or DNS based challenge but then it creates one entry per app.

Ah, I see what you are saying now. So you have a wildcard DNS entry pointing to the server but also use DNS automation to get wildcard certs. Indeed, Cloudron does not support that.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Solved Using my own certificates