Unable to setup SSL

micose · 4 January 2016 19:56

Hello!

Since v104 is out, and LetsEncrypt is no longer available, i’m getting a lot of trouble setting up SSL.

I’ve followed https://dietpi.com/phpbb/viewtopic.php?f=8&t=5&start=10 and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose

Fourdee · 4 January 2016 20:31

Hi Micose,

I assume you are running Wheezy? LetsEncrypt is available on the Jessie image. If its not too late to change to Jessie, i would highly recommend it. LetsEncrypt is a godsend when it comes to SSL.

micose:

I’ve followed DietPi Community Forum - Welcome to the DietPi OS Community Forum and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose

I’am not 100% if I have tested this on Wheezy, so this may be an error on my part. I’ve slowly been moving over to Jessie as all the other DietPi images (Odroid/VM/OPI etc) are also Jessie.
If Wheezy is critical to your setup, let me know and I will test this on a new installation and report back if changes are needed. However, it may be a few days before I will have the time available to do this.

micose · 4 January 2016 20:42

Yes i am running Wheezy and Wheezy is not critical for my project at the moment.

I want to run a couple of services on dietpi and mainly use apache for a small webpage to manage my services and computers inside the house, like WOL via DietPi.

Perhaps it is best to start over with Jessie… small bump on the road.

Appreciate the help!

Fourdee · 4 January 2016 21:06

Ah brilliant. Means I can continue work on v105 for a bit

Sounds like an interesting project. If you get into any trouble down the road, just let me know and I’ll see if I can help.

chinicetsai · 14 August 2016 02:45

Hi expert,
My environment is Nginx+MaiaDB.
CertBot only support apache in Dietpi-software hint, can I use it in Nginx with DietPi version:128 ? or can I use another way to enable SSL in Nginx?

I have try to install CertBot manually, and finished *.pem generation.
My plan is to install owncloud/wordexpress in same Nginx, but I don’t know how to config .conf file with SSL before start install OC/WP.

drwxr-xr-x 2 root root 4096 8月 14 01:57 .
drwx------ 3 root root 4096 8月 14 01:57 …
lrwxrwxrwx 1 root root 39 8月 14 01:57 cert.pem → …/…/archive/myhttpsURL/cert1.pem
lrwxrwxrwx 1 root root 40 8月 14 01:57 chain.pem → …/…/archive/myhttpsURL/chain1.pem
lrwxrwxrwx 1 root root 44 8月 14 01:57 fullchain.pem → …/…/archive/myhttpsURL/fullchain1.pem
lrwxrwxrwx 1 root root 42 8月 14 01:57 privkey.pem → …/…/archive/myhttpsURL/privkey1.pem

Can you provide suggestions to me?
thanks

4bob · 14 August 2016 21:18

Hi,
You need first to convert .pem to .crt and .key file

openssl x509 -outform der -in cert.pem -out cert.crt

openssl rsa -outform der -in privkey.pem -out private.key

copy the files to nginx /etc/nginx/ssl
create the folder if its not present.

The Software installation from diepi create for nginx one default site config
also named default - you find it here:

/etc/nginx/sites-available/

edit the first server section on top
that should be present:

server {
    listen 80 default_server;

to the new ssl config:

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;

restart the webserver

/etc/init.d/nginx restart

You can also create a new config only for OC without modification on the default conf

Bob

btw. You can find here a sample.
https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_owncloud_9x.html

Fourdee · 15 August 2016 20:03

Thanks Bob, excellent walk-though and guide! Good stuff

4bob · 15 August 2016 21:44

You’re welcome!