Install Let's Encrypt on your seedbox

ssl
merged-into-quickbox
official-package
letsencrypt

#1

Option to install Let's Encrypt
Letsencrypt SSL Options
Cloudflare - Unable to access Deluge (and Plex)
We were unable to find a vhost
Couchpotato redirect to Dashboard
Let's encrypte - renewal certificate
Fresh install on hetzner box. LetsEncrypt wont work
Error 503 on everything
#2

here is let’s encrypt.


with my fav channel on youtube.


#3

After following the instructions and being prompted to choose a configuration file I’m lost in the last instruction. It calls to change the documentroot in 000-default-le-sssl.conf but one doesnt exist in /etc/apache2/sites-available or sites-enabled. Just default-ssl and 000-default. Help? Thank you!


#4

i see the same thing on my end


#5

Thanks for this documentation - it seems to work for my box. Is there a reason why we cannot include this into the core?


#6

I think certbot is actually easier and it’s sponsored by the EFF. It doesn’t get much simpler than certbot…just select which web server and OS you’re running and it gives you a few lines of code to copy-paste. Check it out: https://certbot.eff.org/


#7

Seems nice! I will try it at next certificate renewal


#8

Feel free to submit a pull request with the addition and we will gladly give it a review and possible add. :wink:


#9

do we need to set something for CSF for auto renewal?


#10

Did you see my post above? Check out: https://certbot.eff.org/ . Hope that helps you!!


#11

No CSF uses symlinks (points to original LE cert). I was having permission issues with Deluge and ZNC so had to make a copy of the cert within their dirs.


#12

Got error setting this up


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: A
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for xxx.me
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxx.me (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for xxx.me

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to [email protected].

  • The following errors were reported by the server:

    Domain: xxx.me
    Type: unknownHost
    Detail: No valid IP addresses found for xxx.me

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

I’m using kimsufi and I setup cloudflare

this is setting I got from here

I setup domain with cloudflare


#13

I would advise you to fix your LetsEncrypt certificate on your current nameserver, before moving it to CloudFlare. And also from the pictures you’ve attached I’m failing to see that you’ve pointed your nameservers to Cloudflare. Thats a must if you want CF to handle all traffic


#14

The installation failed when I choose 000-default… so I had to choose default-ssl.conf and manually change the crt and key file paths in order to make it work.
I assume that there is something within that string that I should change because of this, right? Do I just enter
sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/default-ssl.conf && service apache2 restart
and get away with it?


#15

oh I see, so you saying just remove cloudflare from domain and only keep

Kimsufi <-> Domain and do it that way 1st then later on add Cloudflare Kimsufi <-> Cloudflare <-> Domain

done… now I have removed and fixed my domain with my kimsufi DNS … lets see if that works and loads up the page/dashboard


#16

If you have the site being handled by the CloudFlare edge nodes (Cloud Icon Orange on the domain) then Lets Encrypt tries using the CloudFlare IP and not your Server IP. Please set the icon to grey before attempting to install your certificate.


#17

Hello all,

Using JMSolo + SavageCore guide, Letsencrypt is working on my quickbox setup.
Only little hiccup is when I click on the Plex link on the left side, it returns:

Not Found
The requested URL /web/ was not found on this server.
Apache/2.4.18 (Ubuntu) Server at $myserver$ Port 443

I’ll see if I can find where the problem is and post here if I find it.

Thanks


#18

this is due to it not having a reverse proxy that works so no
it works if you set up plex server and use ip but other wise not so much thanks to one of plex updates.

your domain/plex


#19

Hey dtech,

Thanks for the information.
I’ll stick to using IP:port for now until a fix comes out / if it does…


#20

A post was split to a new topic: Get other programs on QuickBox using LE certs