Option to generate and download certificates

BrutalBirdie

@adison said in app request:

another problem with cloudron is it doesn't give you like the pem or the certificate

Cloudron gives you all certs in /home/yellowtent/platformdata/nginx/cert/ you can use them for something else.

@adison said in app request:

in case you want to use it with another server that cant be added to cloudron for whatever reason.

This sentence confuses me a lot.
Do you want to use your own cert with Cloudron?
That feature exists, when setting up or editing a domain in Advanced settings… you can upload your own cert and key.

Are you looking for a central cert management toll?
I am a bit confused by all this.
Also instead of certbot maybe look at acme.sh and acmemgr.sh

If could clarify your use case a little more and help me understand I might be able to give better reply.

nebulon

@adison not sure if this is applicable for you, but you could also add an application proxy within Cloudron for external applications, not hosted on Cloudron itself. This would take care of domain setup and certificates just like for other Cloudron apps.

adison

my usecase is that i want to generate certificates, but unfortunately it takes a long time on the normal command line. wile it is true cloudron can do it, the main problem is that it cant generate certificates that cannot use cloudron, in other words, certificates you can use outside of cloudron. and as for app proxies, i don't know how to do that. but my point is, it would be nice to have some kind of acme application that can generate certificates for you without having to use the command line.

timconsidine

I'm also confused.
I thought the certificate is based on the domain, so if the app is elsewhere, how does doing it on Cloudron help, unless there is some proxy process.
Cloudron system is for managing apps on Cloudron, should it really be extended to managing external apps ?
But maybe there's a clever app which could do this.
Happy to be educated, but at this point I don't understand the use case clearly, or how it could be implemented.

adison

pretty sure there is, as PFSense accpomplished it using an acme package and LetsEncrypt

girish

@adison App Proxy is essentially what I think you want. Please see https://docs.cloudron.io/apps/#app-proxy . With App Proxy, Cloudron manages the certs entirely . Let's Encrypt certs are only valid for 3 months and on Cloudron it's renewed every 2 months, so this is quite a pain for you to remember this every 2 months to manually download cert and install it somewhere else. With App Proxy, Cloudron will maintain the cert entirely.

adison

hmmmm, interesting...

adison

i'm trying that, but it just keeps saying "starting" and not starting

adison

it doesnt show any errors in the event log, it just shows it was installed

nebulon

Whats the upstream URI you have provided if this is ok to share publicly here?

adison

its fine, its blocked to the public anyway and requires IP port WhiteListing. https://3.224.106.140:443

girish

@adison Can you try if curl -k https://3.224.106.140:443 works from Cloudron server?

The logs should be improved , agreed...

adison

@jdaviescoates i just tryed that, it says empty reply

adison

ok wrong person, i ment to ping @girish

adison

i ran it with the k flag and it returns absolutely nothing...

girish

@adison right. So, that is what the proxy sees as well. Something is wrong with the upstream app . You can pass "-v" to curl for verbose output, maybe something in the output helps.

adison

@girish there are no errors, just an empty reply.
though when i put "https" in front of it, it says certificate error, cant get local certificate issuer