SSL CSF Firewall

Tailchakra · March 27, 2017, 6:18pm

Hi,

I just installed CSF through box, but I can’t access the site at all. I’m getting “NET::ERR_CERT_AUTHORITY_INVALID”. How can I fix the ssl on this?

Kind regards,
Tailchakra

cyda · November 14, 2017, 10:53am

Having the same problem. Can connect with the bypass option in chrome but very anoing to do this all the time.

And randomly ssl seems to have problems with qb dashboard and rutorrent too. I have a feeling this random thing is a chrome thing though.

cyda · November 14, 2017, 7:14pm

ok @JMSolo refered me to this article in a different post:

But I am not sure it will work as there is no directory - /etc/letsenscrypt/

So still not quite sure what to do. I had same problem getting dbsync to work and made a post about it but no answers. So either the wiki is outdated or there seem to be a diff version of letsencrypt involved.

JMSolo · November 14, 2017, 7:16pm

You can only make use of the certificates if you currently have a TLD.

If you do and you have ran the box install letsencrypt command, there should certainly be a /etc/letsencrypt directory.

Have you installed a certificate for a domain yet?

As per Chrome having issues with Self-Signed Certificates, there isn’t a whole lot I can do for that, as that is a Chrome measure. You should be able to accept the certificate regardless and move forward. I’ll get a VM going here quick locally to sample this issue.

cyda · November 14, 2017, 7:18pm

it has a cert but installed from providers side so I didn’t do anything but pretty sure it’s letsencrypt

JMSolo · November 14, 2017, 7:19pm

Ok, if it’s installed by the providers, and you know the location of the certificate, you should be able to follow that guide by using it’s location instead, so a little modification would be needed on your part.

cyda · November 14, 2017, 7:24pm

I thought I knew where they where but apparently I don’t as my try to get dbsync to work here:

Didn’t work.

I wonder why the box providers install it in a diff way that doesn’t corelate with the quickbox.

JMSolo · November 14, 2017, 7:28pm

They probably have some globally signed wildcard and add it in for their ease-of-use, which isn’t always the easiest for an end-user nor myself to troubleshoot when this arises. I’ll need to talk with them about some of these issues. We have a very good standing with Seedbox.IO however as they supply the very servers we use for hosting the QuickBox Ecosystem on.

cyda · November 14, 2017, 7:29pm

I use seedbox.io too.

If I do a check on the cert in the browser it says - The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.

cyda · November 15, 2017, 12:40pm

Solution for seedbox.io users

CSF cert fix.

service csf stop && service lfd stop
cp /etc/csf/ui/server.crt /etc/csf/ui/server.crt.backup
cp /etc/csf/ui/server.key /etc/csf/ui/server.key.backup
rm -f /etc/csf/ui/server.crt
rm -f /etc/csf/ui/server.key
ln -s /etc/apache2/ssl/certs/USER.seedbox.io-ssl.key /etc/csf/ui/server.key
ln -s /etc/apache2/ssl/certs/USER.seedbox.io-ssl.pem /etc/csf/ui/server.crt
service csf start && service lfd start

I guess this works for other boxes where the cert is controlled via acme, it will just be something else after the USER… like USER.hutlihut.xx-ssl.key and .pem