Page 1 of 1

Unable to setup SSL

Posted: Mon Jan 04, 2016 8:56 pm
by micose
Hello!

Since v104 is out, and LetsEncrypt is no longer available, i'm getting a lot of trouble setting up SSL.

I've followed https://dietpi.com/phpbb/viewtopic.php?f=8&t=5&start=10 and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose

Re: Unable to setup SSL

Posted: Mon Jan 04, 2016 9:31 pm
by Fourdee
micose wrote:Hello!

Since v104 is out, and LetsEncrypt is no longer available, i'm getting a lot of trouble setting up SSL.
Hi Micose,

I assume you are running Wheezy? LetsEncrypt is available on the Jessie image. If its not too late to change to Jessie, i would highly recommend it. LetsEncrypt is a godsend when it comes to SSL.

micose wrote:I've followed https://dietpi.com/phpbb/viewtopic.php?f=8&t=5&start=10 and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose
I'am not 100% if I have tested this on Wheezy, so this may be an error on my part. I've slowly been moving over to Jessie as all the other DietPi images (Odroid/VM/OPI etc) are also Jessie.
If Wheezy is critical to your setup, let me know and I will test this on a new installation and report back if changes are needed. However, it may be a few days before I will have the time available to do this.

Re: Unable to setup SSL

Posted: Mon Jan 04, 2016 9:42 pm
by micose
Yes i am running Wheezy and Wheezy is not critical for my project at the moment.

I want to run a couple of services on dietpi and mainly use apache for a small webpage to manage my services and computers inside the house, like WOL via DietPi.

Perhaps it is best to start over with Jessie... small bump on the road.


Appreciate the help! :D

Re: Unable to setup SSL

Posted: Mon Jan 04, 2016 10:06 pm
by Fourdee
micose wrote:Yes i am running Wheezy and Wheezy is not critical for my project at the moment.

I want to run a couple of services on dietpi and mainly use apache for a small webpage to manage my services and computers inside the house, like WOL via DietPi.

Perhaps it is best to start over with Jessie... small bump on the road.


Appreciate the help! :D
Ah brilliant. Means I can continue work on v105 for a bit :D

Sounds like an interesting project. If you get into any trouble down the road, just let me know and I'll see if I can help.

Re: Unable to setup SSL

Posted: Sun Aug 14, 2016 4:45 am
by chinicetsai
Hi expert,
My environment is Nginx+MaiaDB.
CertBot only support apache in Dietpi-software hint, can I use it in Nginx with DietPi version:128 ? or can I use another way to enable SSL in Nginx?

I have try to install CertBot manually, and finished *.pem generation.
My plan is to install owncloud/wordexpress in same Nginx, but I don't know how to config .conf file with SSL before start install OC/WP.

drwxr-xr-x 2 root root 4096 8月 14 01:57 .
drwx------ 3 root root 4096 8月 14 01:57 ..
lrwxrwxrwx 1 root root 39 8月 14 01:57 cert.pem -> ../../archive/myhttpsURL/cert1.pem
lrwxrwxrwx 1 root root 40 8月 14 01:57 chain.pem -> ../../archive/myhttpsURL/chain1.pem
lrwxrwxrwx 1 root root 44 8月 14 01:57 fullchain.pem -> ../../archive/myhttpsURL/fullchain1.pem
lrwxrwxrwx 1 root root 42 8月 14 01:57 privkey.pem -> ../../archive/myhttpsURL/privkey1.pem


Can you provide suggestions to me?
thanks

Re: Unable to setup SSL

Posted: Sun Aug 14, 2016 11:18 pm
by 4bob
Hi,
You need first to convert .pem to .crt and .key file

Code: Select all

openssl x509 -outform der -in cert.pem -out cert.crt

Code: Select all

openssl rsa -outform der -in privkey.pem -out private.key
copy the files to nginx /etc/nginx/ssl
create the folder if its not present.

The Software installation from diepi create for nginx one default site config
also named default - you find it here:

/etc/nginx/sites-available/

edit the first server section on top
that should be present:

Code: Select all

server {
    listen 80 default_server;
to the new ssl config:

Code: Select all

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
restart the webserver

Code: Select all

/etc/init.d/nginx restart
You can also create a new config only for OC without modification on the default conf

Bob

btw. You can find here a sample.
https://doc.owncloud.org/server/9.0/adm ... ud_9x.html

Re: Unable to setup SSL

Posted: Mon Aug 15, 2016 10:03 pm
by Fourdee
4bob wrote:Hi,
You need first to convert .pem to .crt and .key file
Thanks Bob, excellent walk-though and guide! Good stuff :)

Re: Unable to setup SSL

Posted: Mon Aug 15, 2016 11:44 pm
by 4bob
You're welcome! :)