Unable to setup SSL Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
micose

Unable to setup SSL

Post by micose »

Hello!

Since v104 is out, and LetsEncrypt is no longer available, i'm getting a lot of trouble setting up SSL.

I've followed https://dietpi.com/phpbb/viewtopic.php?f=8&t=5&start=10 and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Unable to setup SSL

Post by Fourdee »

micose wrote:Hello!

Since v104 is out, and LetsEncrypt is no longer available, i'm getting a lot of trouble setting up SSL.
Hi Micose,

I assume you are running Wheezy? LetsEncrypt is available on the Jessie image. If its not too late to change to Jessie, i would highly recommend it. LetsEncrypt is a godsend when it comes to SSL.

micose wrote:I've followed https://dietpi.com/phpbb/viewtopic.php?f=8&t=5&start=10 and checking all details but with no success.

Details of /etc/apache2/sites-enabled/default-ssl.conf:

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost mydomain:443>
                ServerAdmin webmaster@mydietpi
                ServerName mydietpi.mydomain
                DocumentRoot /var/www

                LogLevel error
                ErrorLog /error.log
                #CustomLog /access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]"                                 nokeepalive ssl-unclean-shutdown                                 downgrade-1.0 force-r$
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Please help me with this issue

Thanks in advance,
Micose
I'am not 100% if I have tested this on Wheezy, so this may be an error on my part. I've slowly been moving over to Jessie as all the other DietPi images (Odroid/VM/OPI etc) are also Jessie.
If Wheezy is critical to your setup, let me know and I will test this on a new installation and report back if changes are needed. However, it may be a few days before I will have the time available to do this.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
micose

Re: Unable to setup SSL

Post by micose »

Yes i am running Wheezy and Wheezy is not critical for my project at the moment.

I want to run a couple of services on dietpi and mainly use apache for a small webpage to manage my services and computers inside the house, like WOL via DietPi.

Perhaps it is best to start over with Jessie... small bump on the road.


Appreciate the help! :D
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Unable to setup SSL

Post by Fourdee »

micose wrote:Yes i am running Wheezy and Wheezy is not critical for my project at the moment.

I want to run a couple of services on dietpi and mainly use apache for a small webpage to manage my services and computers inside the house, like WOL via DietPi.

Perhaps it is best to start over with Jessie... small bump on the road.


Appreciate the help! :D
Ah brilliant. Means I can continue work on v105 for a bit :D

Sounds like an interesting project. If you get into any trouble down the road, just let me know and I'll see if I can help.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
chinicetsai
Posts: 6
Joined: Mon Jul 25, 2016 10:22 am

Re: Unable to setup SSL

Post by chinicetsai »

Hi expert,
My environment is Nginx+MaiaDB.
CertBot only support apache in Dietpi-software hint, can I use it in Nginx with DietPi version:128 ? or can I use another way to enable SSL in Nginx?

I have try to install CertBot manually, and finished *.pem generation.
My plan is to install owncloud/wordexpress in same Nginx, but I don't know how to config .conf file with SSL before start install OC/WP.

drwxr-xr-x 2 root root 4096 8月 14 01:57 .
drwx------ 3 root root 4096 8月 14 01:57 ..
lrwxrwxrwx 1 root root 39 8月 14 01:57 cert.pem -> ../../archive/myhttpsURL/cert1.pem
lrwxrwxrwx 1 root root 40 8月 14 01:57 chain.pem -> ../../archive/myhttpsURL/chain1.pem
lrwxrwxrwx 1 root root 44 8月 14 01:57 fullchain.pem -> ../../archive/myhttpsURL/fullchain1.pem
lrwxrwxrwx 1 root root 42 8月 14 01:57 privkey.pem -> ../../archive/myhttpsURL/privkey1.pem


Can you provide suggestions to me?
thanks
4bob

Re: Unable to setup SSL

Post by 4bob »

Hi,
You need first to convert .pem to .crt and .key file

Code: Select all

openssl x509 -outform der -in cert.pem -out cert.crt

Code: Select all

openssl rsa -outform der -in privkey.pem -out private.key
copy the files to nginx /etc/nginx/ssl
create the folder if its not present.

The Software installation from diepi create for nginx one default site config
also named default - you find it here:

/etc/nginx/sites-available/

edit the first server section on top
that should be present:

Code: Select all

server {
    listen 80 default_server;
to the new ssl config:

Code: Select all

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
restart the webserver

Code: Select all

/etc/init.d/nginx restart
You can also create a new config only for OC without modification on the default conf

Bob

btw. You can find here a sample.
https://doc.owncloud.org/server/9.0/adm ... ud_9x.html
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Unable to setup SSL

Post by Fourdee »

4bob wrote:Hi,
You need first to convert .pem to .crt and .key file
Thanks Bob, excellent walk-though and guide! Good stuff :)
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
4bob

Re: Unable to setup SSL

Post by 4bob »

You're welcome! :)
Post Reply