HTTS - with cerbot

miloose · 18 December 2023 21:46

Hi,
I try to configure certbot as this page says : System Security Software Options - DietPi.com Docs
71970f97f99d0da939d3de31937a296d47398a49

And when I try to connect to my server using https, it’s not working (https://my-ip/nextcloud ; https://my-ip/8123, …)

For nextcloud I have this message :
“Warning: Probable security risk Firefox detected a potential security threat and did not pursue xxx.xx.xxx.xxx. If you access this site, attackers could steal information such as passwords, emails, or credit card details. What can you do? The problem is probably with the website, so you can’t fix it. You can report this to the people who administer the site.”
And after I can access to nextcloud

For Home Assistant I have this message :
“Secure Connection Failed An error occurred while connecting to xxx.xx.xxx.xxx:8123. SSL received a record that exceeds the maximum allowed length. Error Code: SSL_ERROR_RX_RECORD_TOO_LONG The page you are trying to view cannot be viewed because the authenticity of the data received cannot be verified. Please contact the website owners to inform them of this issue.”
But I can’t access to Home Assitant.

All my port are forwarded in my router config (sfr in France) especially 80 and 443.

I use no-ip.com to have personalize ddns (and https works for nextcloud, rutorrent, freshrss but not for webmin, home assistant, … and I don’t know why).

It could be cool if someone can help me.

PS : maybe I’m not clear in my explanation, tell me if you want more precision.

Regards

Required Information

DietPi version | 8.25.1`
Distro version | Book Worl
Kernel version | Linux DietPi 6.1.0-16-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.67-1 (2023-12-12) x86_64 GNU/Linux
SBC model | `Native PC (x86_64)

Jappe · 19 December 2023 06:34

Some browsers

Probably a warning because of the self signed (cert or) certificate.

Https works on port 443, not 8123

Joulinar · 19 December 2023 09:19

This depends on the app. Individual apps could have own SSL ports
Question is if OP configured HTTPS on HA?? Or if he is just trying to connect assuming it would work ootb. I guess it will be needed to setup revers proxy for HA

For Nextcloud, if I understood you don’t use self signed certificate? It’s the one issued by Let’s Encrypt? And you are using the same hostname/ DDNS to connect as you specified within dietpi-letsencrypt?

Some years ago I created a very basic how-to How can I secure connection to nextcloud? - #4 by Joulinar

Jappe · 19 December 2023 09:34

Or you tell HA where your certs are, then it should work also on port 8123:
https://www.home-assistant.io/integrations/http/#ssl_certificate

miloose · 19 December 2023 20:15

Hi,
Thank you for all of you for yours answers.

But I think my level in networks configuration is too poor. And I’m sorry but I don’t understand anything.

I think I can’t use no-ip to connect to my dietpi’s home assistant with this kind of web adress : https://noipadress.com:8126 like my nextcloud (https://noipadress.com/nextcloud).

Thank you
Regards

Joulinar · 20 December 2023 09:31

This is not correct. Your DDNS service has nothing to do with your applications that you want to reach from the Internet. DDNS is just a translation of your external Internet IP address into a readable hostname. It also enables the creation of SSL certificates. Which app you use is entirely up to you. It can be anything.

It’s best if we work on your challenges one by one. Let’s start with Nextcloud. Are you able to access your NC instance from the internet?

Jappe · 20 December 2023 09:37

You could forward the port you need (8126) and then connect vai http (not https) like http://my.dnydns.domain:8126

miloose · 20 December 2023 13:25

Hi,
Thank you @Joulinar & @Jappe for your help.

To Joulinar : I can access eto nextcloud with http://myip/nextcloud and https://subdomain.noip.com/netxcloud.
It alsoworks whith rutorrent, freshrss.

To access to homeassitant it’s work with http://myip:8123 but it doesn’t work whith https://subdomain.noip.com:8123

To jappe : I really need to have HTTPS for Home Assistant.

Regards

Joulinar · 20 December 2023 14:14

ok Nextcloud is working good.

For HA, did you already configured HA to use SSL?

Jappe · 20 December 2023 16:27

if not:
In the configuration.yaml you have to modify these settings:

http:
  ssl_certificate: /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
  ssl_key: /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem

replace YOUR_DOMAIN with the actual domain name, then just restart and SLL should be working on port 8123.

miloose · 22 December 2023 20:59

Hi,
Sorry my two daughters are sick last days so I didn’t have time to lock at this.

At " configuration / networks / " it’s wrote http://myip:8123, I have to change this to https ?

@Jappe when I do this I can’t access to HA anymore.
I try to replace YOUR_DOMAIN by :

I’m loose with it.

Jappe · 22 December 2023 21:22

Put in just the domain, no IPs and no protocols like https, no subdomain beforehand (except your are using a dynDNS which can come with a subdomain in the free tiers).
e.g. `mydomain.noip.com’ or ’ google.com’