Long-term plan is some dietpi-https/dietpi-ssl tool to generate SSL certs from different sources, self-signed, certbot, acme.sh and others. Would contain then enable/disable selection not only for webservers but also for other web applications that run their own internal webserver. There it makes sense to show certificate status, expiry date and others. But I lack the time currently to start working on this .
hehe. Anyway let's come back to the original topic of recreation the certificates. So for the normal letsencrypt we are save because it will be done automatically. I guess for Emby the transformation into the *.pfx file would still need to be done manually as there is no automation be default.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Indeed, the non-webserver-based applications one needs to copy the certs in place manually. Or, one could add it as script to /etc/letsencrypt renewal-hooks, so it is done automatically when certbot renews the certs.
Other solution is to grant those applications direct access to the letsencrypt certs/keys, but this is probably not wanted for security reasons and some need those files in different format, Emby *.pfx? Yeah this is exactly what would be nice to have in a dedicated DietPi tool.
Got everything up and working and I'm now staring at the Nextcloud login page. Probably a stupid question but what's my Nextcloud login credentials and how do I set them up?
create a clean DietPi installation and complete initial setup
first you would need to have a DynDNS service that allow you to connect from outside world to your home network by using a dynamic domain name. If you already have a DDNS service, you can go to point 5
Opening ports to the internet would need to be done on your internet router. The description above is describing how to create SSL certificates for a web server like lighttpd or nginx running port 80/443. This will enable to access applications using standard web server. Thinks like Plex and Sonarr using it's on web server, running on different ports. Therefore they will not be reachable. Access would need to be configured separately on your internet router be opening respective ports.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team