Did you see my post above? Check out: https://certbot.eff.org/ . Hope that helps you!!
No CSF uses symlinks (points to original LE cert). I was having permission issues with Deluge and ZNC so had to make a copy of the cert within their dirs.
Got error setting this up
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for xxx.me
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxx.me (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for xxx.me
If you lose your account credentials, you can recover through
e-mails sent to [email protected].
The following errors were reported by the server:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
I’m using kimsufi and I setup cloudflare
this is setting I got from here
I setup domain with cloudflare
I would advise you to fix your LetsEncrypt certificate on your current nameserver, before moving it to CloudFlare. And also from the pictures you’ve attached I’m failing to see that you’ve pointed your nameservers to Cloudflare. Thats a must if you want CF to handle all traffic
The installation failed when I choose 000-default… so I had to choose default-ssl.conf and manually change the crt and key file paths in order to make it work.
I assume that there is something within that string that I should change because of this, right? Do I just enter
sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/default-ssl.conf && service apache2 restart
and get away with it?
oh I see, so you saying just remove cloudflare from domain and only keep
Kimsufi <-> Domain and do it that way 1st then later on add Cloudflare Kimsufi <-> Cloudflare <-> Domain
done… now I have removed and fixed my domain with my kimsufi DNS … lets see if that works and loads up the page/dashboard
If you have the site being handled by the CloudFlare edge nodes (Cloud Icon Orange on the domain) then Lets Encrypt tries using the CloudFlare IP and not your Server IP. Please set the icon to grey before attempting to install your certificate.
Using JMSolo + SavageCore guide, Letsencrypt is working on my quickbox setup.
Only little hiccup is when I click on the Plex link on the left side, it returns:
The requested URL /web/ was not found on this server.
Apache/2.4.18 (Ubuntu) Server at $myserver$ Port 443
I’ll see if I can find where the problem is and post here if I find it.
this is due to it not having a reverse proxy that works so no
it works if you set up plex server and use ip but other wise not so much thanks to one of plex updates.
Thanks for the information.
I’ll stick to using IP:port for now until a fix comes out / if it does…
A post was split to a new topic: Get other programs on QuickBox using LE certs
Is it possible to enable HSTS on the server?
fix for what exactly ?
Have you tried it? Going for the A+ on the SSL test?
lol yup, and yeah I did it! Success! A+
I also edited some stuff to increase security. if you scan on this website : https://www.htbridge.com/ssl/
there is a section at the bottom of the page which has some tips to improve your server security a little bit.
anyone has tested Certbot (https://certbot.eff.org/)??
No need to use certbot when you can use the built in LetsEncrypt installer
sudo su box install letsencrypt
It’s my go to every time I’m using QuickBox - for nonQB servers I do use certbot though - it’s just too handy!
I managed to get this installed, thank you for the guide. I just have one issue. What would be the equivalent of this line but for Deluge?
sed -i "s|DocumentRoot /var/www/html|DocumentRoot /srv/rutorrent/home/|g" /etc/apache2/sites-enabled/000-default-le-ssl.conf && service apache2 restart
Since Deluge is going to be my main client I want to set it up under ssl the same as rutorrent. Thanks!
Found the info myself here so leaving the reply in case someone else needs it: Get other programs on QuickBox to use LE certs