self signed sertificate Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
willis936
Posts: 3
Joined: Sat May 29, 2021 6:11 pm

Re: self signed sertificate

Post by willis936 »

There is benefit in hiding the admin interface password and the traffic logs. Eavesdropping Wi-Fi is much more reasonable to accomplish than a MITM (which I think would require a stronger Wi-Fi signal at the clients from the attacker than the WAP). Correction: I'm definitely wrong here and unencrypted DNS over Wi-Fi is bad.

I don't think software is really there for DNSSEC or DoT to run on most DNS clients, this could just be my ignorance though.

I don't see

Code: Select all

50-dietpi-https.conf # activate HTTPS
98-dietpi-https_redirect.conf # redirect port 80 > 443
in /etc/lighttpd/conf-available. Here is a list of files in /etc/lighttpd/conf-available.

Code: Select all

05-auth.conf
10-accesslog.conf
10-cgi.conf
10-dir-listing.conf
10-evasive.conf
10-evhost.conf
10-expire.conf
10-fastcgi.conf
10-flv-streaming.conf
10-no-www.conf
10-proxy.conf
10-rewrite.conf
10-rrdtool.conf
10-simple-vhost.conf
10-sockproxy.conf
10-ssi.conf
10-ssl.conf
10-status.conf
10-userdir.conf
10-usertrack.conf
11-extforward.conf
15-fastcgi-php.conf
90-debian-doc.conf
99-dietpi-pihole-block_public_admin.conf
99-dietpi-pihole.conf
99-unconfigured.conf
I'll I try uninstalling/reinstalling pihole and the LLSP stack.

Update: no change in available configs after a LLSP and Pi-Hole uninstall+reinstall.


Update: manually making those two conf files and updating the cert/CA lines fixed the issue. Cheers! Thank you for the help.
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: self signed sertificate

Post by Joulinar »

Yes files are not present by default, they are generated by dietpi-letsencrypt. That's why I posted both files and it's content.
I don't think software is really there for DNSSEC or DoT to run on most DNS clients
Modern web browser allow to configure DoT and/or DoH inside their configuration (independent from client).
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 36
Joined: Sat Mar 20, 2021 10:12 am

Re: self signed sertificate

Post by eglider86 »

Thanks for the input, but i can not get it worked. I think i understand the my scenario now a bit better.
So now the major problem as i see, that because of getting lost with running certbot, i have reached the limit of certificates. So correct me if i am wrong, now at least i must have at least valid one for my domain. But everytime i am running dietpi-launcher then dietpi-DDNS then dietpi-letsencrypt and certbot, it tries to download a brand new certificate but for some reason it is not applied. Then i saw in the debug log it has crteated several copy of my domin like "domain-001.cert" and "domain-002.cert" beside the "domain.cert. I have removed all tried agian but since i reached my limit no success.
My question is the following. Since certificate has been issued for my domain what is the way to download this and apply for my dietpi nextcloud?
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: self signed sertificate

Post by Joulinar »

My question is the following. Since certificate has been issued for my domain what is the way to download this
Probably a misunderstanding. Certificates are not stored centrally. They are generated directly on your system at runtime. If you delete them, they are gone.

If you have issues to create certificates, you would need to check the log why this failed.
If certificates are created successfully but still HTTPS is not working, web server log/config to be checked.

In general it's better to move certificates into another folder to have them safely stored, before removing them completely.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 36
Joined: Sat Mar 20, 2021 10:12 am

Re: self signed sertificate

Post by eglider86 »

thanks, i understand. The situation was created right at the time when dietpi needed to be updated and i forgot to renew the invalid certificate. Probably that is what messed up my system. My question may have not been clear: i have found those certificates in my system, but for some reason they were not automatically applied. In case this happens again, what is the way to apply the valid certificate that can anyway be found in my system and let certbot use it to apply?
Actually what i did now that in noip i have changed the domain name and run a certbot again. Now it works. Changing the domain was not an issue since i am the only one using it.
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: self signed sertificate

Post by Joulinar »

usually certificates are updated automatically by certbot.

If you need to change certificates manually, you can adjust https config located in /etc/lighttpd/conf-available
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 36
Joined: Sat Mar 20, 2021 10:12 am

Re: self signed sertificate

Post by eglider86 »

Thanks for the all input!
Post Reply