SSL CSF Firewall


#1

Hi,

I just installed CSF through box, but I can’t access the site at all. I’m getting “NET::ERR_CERT_AUTHORITY_INVALID”. How can I fix the ssl on this?

Kind regards,
Tailchakra


#2

Having the same problem. Can connect with the bypass option in chrome but very anoing to do this all the time.

And randomly ssl seems to have problems with qb dashboard and rutorrent too. I have a feeling this random thing is a chrome thing though.


#3

ok @JMSolo refered me to this article in a different post:

But I am not sure it will work as there is no directory - /etc/letsenscrypt/

So still not quite sure what to do. I had same problem getting dbsync to work and made a post about it but no answers. So either the wiki is outdated or there seem to be a diff version of letsencrypt involved.


#4

You can only make use of the certificates if you currently have a TLD.

If you do and you have ran the box install letsencrypt command, there should certainly be a /etc/letsencrypt directory.

Have you installed a certificate for a domain yet?

As per Chrome having issues with Self-Signed Certificates, there isn’t a whole lot I can do for that, as that is a Chrome measure. You should be able to accept the certificate regardless and move forward. I’ll get a VM going here quick locally to sample this issue.


#5

it has a cert but installed from providers side so I didn’t do anything but pretty sure it’s letsencrypt


#6

Ok, if it’s installed by the providers, and you know the location of the certificate, you should be able to follow that guide by using it’s location instead, so a little modification would be needed on your part.


#7

I thought I knew where they where but apparently I don’t as my try to get dbsync to work here:

Didn’t work.

I wonder why the box providers install it in a diff way that doesn’t corelate with the quickbox.


#8

They probably have some globally signed wildcard and add it in for their ease-of-use, which isn’t always the easiest for an end-user nor myself to troubleshoot when this arises. I’ll need to talk with them about some of these issues. We have a very good standing with Seedbox.IO however as they supply the very servers we use for hosting the QuickBox Ecosystem on. :wink:


#9

I use seedbox.io too.

If I do a check on the cert in the browser it says - The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.


#10

Solution for seedbox.io users

CSF cert fix.

service csf stop && service lfd stop
cp /etc/csf/ui/server.crt /etc/csf/ui/server.crt.backup
cp /etc/csf/ui/server.key /etc/csf/ui/server.key.backup
rm -f /etc/csf/ui/server.crt
rm -f /etc/csf/ui/server.key
ln -s /etc/apache2/ssl/certs/USER.seedbox.io-ssl.key /etc/csf/ui/server.key
ln -s /etc/apache2/ssl/certs/USER.seedbox.io-ssl.pem /etc/csf/ui/server.crt
service csf start && service lfd start

I guess this works for other boxes where the cert is controlled via acme, it will just be something else after the USER… like USER.hutlihut.xx-ssl.key and .pem