Install Let's Encrypt on your seedbox

ssl
merged-into-quickbox
official-package
letsencrypt

#1

:mega: You can now install valid SSL certificates with Let’s Encrypt using QuickBox’s builtin installer.

Using Let’s Encrypt for SSL on your seedbox is a great way to have a valid certificate and avoid all the nag screens and exceptions that you have to jump through when dealing with self-signed certificates. Let’s Encrypt provides an easy way to obtain and install trusted certificates for absolutely no cost, other a couple of minutes of time.

Before we start, it is required that you have a valid domain name. Purchase one anywhere you like… they are not too expensive. You will then need to setup an A Record for the domain to point the IP of your seedbox towards. I would recommend CloudFlare… there are several reasons why CloudFlare is a good choice, but the biggest is that once again, it’s free.

Run: box install letsencrypt and follow the instructions

In the near future, QuickBox will provide an option to donate to the Project any amount you like and we’ll hook you up on a subdomain, ie. myseedbox.quickbox.io. Obviously, there would be limitations to this method as someone could already have a subdomain, so we’ll sort those details as it plays out… for now, domains are relatively cheap.

NOW AVAILABLE here

Summary

EVERYTHING BELOW IS OUTDATED

Setup and install Let’s Encrypt

###Option 1: Sever has its own Domain

apt-get -y install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto --apache -d your_domain.com -d sub.your_domain.com

Replace your_domain.com and sub.your_domain.com with that of your actual domain. Subdomains are only needed if you are attaching your seedbox to another domain, ie; mybox.seedbox.com use Option 2.

Option 2: Server is on a Subdomain

apt-get -y install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt\r\n./letsencrypt-auto --apache -d sub.your_domain.com

Heads Up!

You may receive a prompt asking which configuration file to use for Let’s Encrypt, it is important that you choose 000-default.conf and not default-ssl.conf. Choosing default-ssl.conf can and in most cases wipe the QiuckBox default-ssl.conf already in place, this results in needing to rebuild the apache configuration files.

https://plaza.quickbo.io/uploads/default/original/1X/fe88c1e4985d69e5151b89b652a2ec8ecf100886.png

Then setup auto-renewal of the ca-certificate

./letsencrypt-auto renew

Now add a crontab

sudo crontab -e
Enter the following:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Save and exit.

This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am. The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

Next, you will also need to change your DocumentRoot after you install let’sencrypt … The good news is you can do it with one string :

sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/000-default-le-ssl.conf && service apache2 restart

Option to install Let's Encrypt
Letsencrypt SSL Options
Cloudflare - Unable to access Deluge (and Plex)
We were unable to find a vhost
Couchpotato redirect to Dashboard
Error 503 on everything
Fresh install on hetzner box. LetsEncrypt wont work
Let's encrypte - renewal certificate
#2

here is let’s encrypt.


with my fav channel on youtube.


#3

After following the instructions and being prompted to choose a configuration file I’m lost in the last instruction. It calls to change the documentroot in 000-default-le-sssl.conf but one doesnt exist in /etc/apache2/sites-available or sites-enabled. Just default-ssl and 000-default. Help? Thank you!


#4

i see the same thing on my end


#5

Thanks for this documentation - it seems to work for my box. Is there a reason why we cannot include this into the core?


#6

I think certbot is actually easier and it’s sponsored by the EFF. It doesn’t get much simpler than certbot…just select which web server and OS you’re running and it gives you a few lines of code to copy-paste. Check it out: https://certbot.eff.org/


#7

Seems nice! I will try it at next certificate renewal


#8

Feel free to submit a pull request with the addition and we will gladly give it a review and possible add. :wink:


#9

do we need to set something for CSF for auto renewal?


#10

Did you see my post above? Check out: https://certbot.eff.org/ . Hope that helps you!!


#11

No CSF uses symlinks (points to original LE cert). I was having permission issues with Deluge and ZNC so had to make a copy of the cert within their dirs.


#12

Got error setting this up


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: A
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for xxx.me
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxx.me (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for xxx.me

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to [email protected].

  • The following errors were reported by the server:

    Domain: xxx.me
    Type: unknownHost
    Detail: No valid IP addresses found for xxx.me

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

I’m using kimsufi and I setup cloudflare

this is setting I got from here

I setup domain with cloudflare


#13

I would advise you to fix your LetsEncrypt certificate on your current nameserver, before moving it to CloudFlare. And also from the pictures you’ve attached I’m failing to see that you’ve pointed your nameservers to Cloudflare. Thats a must if you want CF to handle all traffic


#14

The installation failed when I choose 000-default… so I had to choose default-ssl.conf and manually change the crt and key file paths in order to make it work.
I assume that there is something within that string that I should change because of this, right? Do I just enter
sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/default-ssl.conf && service apache2 restart
and get away with it?


#15

oh I see, so you saying just remove cloudflare from domain and only keep

Kimsufi <-> Domain and do it that way 1st then later on add Cloudflare Kimsufi <-> Cloudflare <-> Domain

done… now I have removed and fixed my domain with my kimsufi DNS … lets see if that works and loads up the page/dashboard


#16

If you have the site being handled by the CloudFlare edge nodes (Cloud Icon Orange on the domain) then Lets Encrypt tries using the CloudFlare IP and not your Server IP. Please set the icon to grey before attempting to install your certificate.


#17

Hello all,

Using JMSolo + SavageCore guide, Letsencrypt is working on my quickbox setup.
Only little hiccup is when I click on the Plex link on the left side, it returns:

Not Found
The requested URL /web/ was not found on this server.
Apache/2.4.18 (Ubuntu) Server at $myserver$ Port 443

I’ll see if I can find where the problem is and post here if I find it.

Thanks


#18

this is due to it not having a reverse proxy that works so no
it works if you set up plex server and use ip but other wise not so much thanks to one of plex updates.

your domain/plex


#19

Hey dtech,

Thanks for the information.
I’ll stick to using IP:port for now until a fix comes out / if it does…


#20

A post was split to a new topic: Get other programs on QuickBox using LE certs