Jump to content
  • Unraid will not use a valid Let's Encrypt cert - always uses self-signed


    BurntOC
    • Urgent

    So there's another bug report on the fact some LE certs are being cut off and not used by NGINX properly.  This is related, but different.  Due to that bug I've had to pull over an Unraid LE cert from a backup I made last week.  Even if I delete all other certs and the LE info appears properly at the bottom of the Management Access screen, it re-generates a self-signed cert (if not already there) and uses that.  I've included more info and some pics to clarify the issue here.




    User Feedback

    Recommended Comments

    BurntOC

    Posted (edited)

    I meant to add that I also noticed this is happening on my other Unraid server I'd upgraded from 6.9.2 to 6.10rc2 as well (though this one I re-setup from scratch).  From provisioning on the Management Access page it reports cert info from Let's Encrypt, but when I look at the browser it is confirming that it, too, is using the self-signed cert.

    Edited by BurntOC
    ljm42

    Posted

    There are no diagnostics, but I'll make some guesses...

    When you are on the Settings -> Management Access page, does it show that you have a "CA-signed certificate file"? The domain should be listed in the "Subject" area - if you click that, does it load fine?

     

    What is your "Use SSL/TLS" setting set to? If you want the system to default to using the LE certificate with your (my)unraid.net domain, set Use "SSL/TLS" to Auto. For more info see https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29

     

    If that doesn't help, please upload your diagnostics

    NeoFusion

    Posted

    After doing some googling, I found this thread and I also appear to have the same issue.

    I enabled SSL on update updating to 6.10.2 and I generated a LE cert. When I connect to my server by IP or host name in the browser with HTTPS, even in a private tab, I always seem to get handed a self signed cert.

    I have attached my screenshots and the diagnostic file.
     

    image.png

    image.png

    image.png

    image.png

    firebird-server-diagnostics-20220606-2345.zip

    ljm42

    Posted

    On 6/6/2022 at 8:48 AM, NeoFusion said:

    I enabled SSL on update updating to 6.10.2 and I generated a LE cert. When I connect to my server by IP or host name in the browser with HTTPS, even in a private tab, I always seem to get handed a self signed cert.

     

    That is correct. The official LE cert is only valid for the ip.hash.myunraid.net url. If you are accessing the server by ip or hostname then it needs to use a self-signed cert.

    rvcjew

    Posted (edited)

    On 6/8/2022 at 6:21 PM, ljm42 said:

     

    That is correct. The official LE cert is only valid for the ip.hash.myunraid.net url. If you are accessing the server by ip or hostname then it needs to use a self-signed cert.

    Sorry to revive this old thread. I was on 6.9.2 and use a self signed cert. I connect with my local server ip (which would redirect to the https address of the same ip) as habit, it had no warnings. I upgraded to 6.11.1 and now have the untrusted warning and just bypassed it as I saw it was still using my cert and then found a reddit post showing how it says picking YES will show warnings in browser with a self cert. Is this just new for the 6.10.x onward and I can safely ignore the warning as long as it still uses my cert?

    Edited by rvcjew
    ljm42

    Posted

    3 hours ago, rvcjew said:

    Sorry to revive this old thread. I was on 6.9.2 and use a self signed cert. I connect with my local server ip (which would redirect to the https address of the same ip) as habit, it had no warnings. I upgraded to 6.11.1 and now have the untrusted warning and just bypassed it as I saw it was still using my cert and then found a reddit post showing how it says picking YES will show warnings in browser with a self cert. Is this just new for the 6.10.x onward and I can safely ignore the warning as long as it still uses my cert?

     

    The first time you use a self-signed cert on a given url, the browser will warn you and you have to tell the browser not to worry about it. You probably did this a long time ago for 6.9.2, and then perhaps the cert was regenerated in 6.10 so you have to do it again.

     

    Browsers are getting very strict about self signed certs. If it gets too annoying you can either not use SSL or you can use an official myunraid.net certificate. More details here:

      https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.

×
×
  • Create New...