• [6.10-RC2] servername_unraid_bundle.pem gets overwritten by self signed SSL-certificate


    Kopernikus
    • Solved

    Hi,

     

    When I place my custom SSL certificate "servername_unraid_bundle.pem" in boot/config/ssl/certs it gets overwritten by a self signed certificate as soon as I restart Ngix or rebooting the server, so I cant' access my unraid server anymore with my custom SSL certificate.

     

    This bug was already reported on 6.10-RC1 and should have been resolved on 6.10-RC2

    See thread:

     

    Thx




    User Feedback

    Recommended Comments

    Probably would have been best to continue in the existing bug report, but I'll go ahead and close that one.

     

    You need make sure the servername + LocalTLD matches the subject line of your certificate.

     

    Please see the instructions here:

      https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29

    Start with the introductory information, then scroll down to the "Custom certificate" section.

     

    If you still have issues please upload your diagnostics.

    Link to comment
    16 hours ago, ljm42 said:

    Probably would have been best to continue in the existing bug report, but I'll go ahead and close that one.

     

    You need make sure the servername + LocalTLD matches the subject line of your certificate.

     

    Please see the instructions here:

      https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29

    Start with the introductory information, then scroll down to the "Custom certificate" section.

     

    If you still have issues please upload your diagnostics.

     

    Hi,

     

    It's still gets overwritten by the self-signed certificate.

    In attachment my diagnostics.

    unraid-server-diagnostics-20211112-0956.zip

    Link to comment

    The certificate is not being overwritten, but it is not in the correct format for the system to be able to parse the url.

     

    Run this command on the problematic Unraid-Server_unraid_bundle.pem certificate:

      /usr/bin/openssl x509 -noout -subject -nameopt multiline -in /boot/config/ssl/certs/Unraid-Server_unraid_bundle.pem

     

    And compare that to the output of a cert with the expected data:

    /usr/bin/openssl x509 -noout -subject -nameopt multiline -in /boot/config/ssl/certs/certificate_bundle.pem
    subject=
        commonName                = hash.unraid.net

     

    The url shown on the "commonName" line has to exactly match [servername].[localTLD] (or be hash.unraid.net)

    Link to comment
    17 hours ago, ljm42 said:

    The certificate is not being overwritten, but it is not in the correct format for the system to be able to parse the url.

     

    Run this command on the problematic Unraid-Server_unraid_bundle.pem certificate:

      /usr/bin/openssl x509 -noout -subject -nameopt multiline -in /boot/config/ssl/certs/Unraid-Server_unraid_bundle.pem

     

    And compare that to the output of a cert with the expected data:

    /usr/bin/openssl x509 -noout -subject -nameopt multiline -in /boot/config/ssl/certs/certificate_bundle.pem
    subject=
        commonName                = hash.unraid.net

     

    The url shown on the "commonName" line has to exactly match [servername].[localTLD] (or be hash.unraid.net)

     

    If run the command I get:

     

    root@Unraid-Server:~# /usr/bin/openssl x509 -noout -subject -nameopt multiline -in /boot/config/ssl/certs/Unraid-Server_unraid_bundle.pem
    subject=
        countryName               = GB
        stateOrProvinceName       = Greater Manchester
        localityName              = Salford
        organizationName          = Sectigo Limited
        commonName                = Sectigo RSA Domain Validation Secure Server CA
    root@Unraid-Server:~#

     

    What could be wrong?

    It's a Wildcard cert that I use for Nginx my UDM Pro, Pihole's, all working fine.

    Link to comment

    That looks like the output from an intermediary cert rather than the server's cert. What files did the company give you when you bought the cert, and how did you combine them to create Unraid-Server_unraid_bundle.pem ?

    Link to comment
    On 11/13/2021 at 5:11 PM, ljm42 said:

    That looks like the output from an intermediary cert rather than the server's cert. What files did the company give you when you bought the cert, and how did you combine them to create Unraid-Server_unraid_bundle.pem ?

     

    All working fine now, seems like wrongly formmated pem.

    Thx for the help!

    Link to comment
    3 hours ago, Kopernikus said:

    All working fine now, seems like wrongly formmated pem.

     

    Glad you were able to get it working

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.