I close now port forwarding for port 80 on my router becouse security. Do I have to open it? Can You tell me also during that tutorial on Emby forum I have to change my certificates to another format. Does this not affect my nextcloud? I have to go to my folder /etc/letsencrypt/live/myserver.ddns.net/ and change my certificates with command:
The port 80 we already discussed some days ago. I guess it would be needed to recreate your certificates once they are going to expire.
Regarding the transformation for emby. I guess it will just create the *.pfx file and do anything with your other files. However you could create a copy of the original files if needed.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
no need to do this because you already created the letsencrypt certificate. So you can skip these steps. Only thing to do is to create the *.pfx file and configure emby.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Thank You very much one more time. It works now. Can You tell me something about renew that certificate. Do I get some info or my nextcloud and emby stops working on https?
if the certificate expire, you will get a message on the web browser that the certificate is not valid anymore. basically you could check the lifetime yourselves by opening your https website an display the certificate. there you should see the expatriation date. Usually the validation is 90 days, so renewing the certificates once a month should be sufficient.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Btw when using dietpi-letsencryt or certbot, a systemd timer is added which renews the certificate automatically 30 days before or it expires.
And port 80 can or better should stay opened. It is required for certificate renewal in most cases and as long as you have automated redirection to HTTPS active and/or force it though the other web applications, it is no security risk.
systemctl status certbot.timer
journalctl -u certbot
It should show a renewal attempt two times a day, skipping it as long as expiry is more then 30 days in the future. Probably we should point that our within dietpi-letsencrypt UI.