July 1, 20224 yr Having a real problem getting my pfsense self signed certs to work since the upgrade (they were working before upgrade). When I put the <name>_unraid_bundle.pem file into the certs folder, and either reboot or restart nginx the pem file gets immediately overwritten. I have tried re-issuing new certs, updating/changing the server name and issuing new certs, using wild card certs (which work in my docker nginx), and I am at a loss at to what I am doing wrong. This is the cert : The server name matches : I export the .key & .crt from pfsense and cat them together into the pem file on unraid, but it just gets overwritten immediately, with an internally signed cert. I have installed my ca into windows so any certs issued are trusted: but unraid its just: I'm obviously doing something wrong, or have misread something, can anyone shed any light please? Update: Validating the Subject in the pem file: Edited July 1, 20224 yr by Minty Trebor more info
July 1, 20224 yr Unraid determines its url from the [servername].[localTLD] settings. If that url is not valid for the certificate you provide, it will get deleted and replaced with a self-signed certificate that is valid for those settings. So if you want this to be the url to the server: homesvr3.rjbhome.localdomain First you need to ensure DNS resolves homesvr3.rjbhome.localdomain to the server's IP address (I'm guessing you've already done this) Then on Settings -> Identification you need to set the "servername" to: homesvr3 (you have already done this) And on Settings -> Management Access you need to set the "Local TLD" to: rjbhome.localdomain (you need to do this) And the certificate needs to be valid for either of these urls: homesvr3.rjbhome.localdomain *.rjbhome.localdomain (you have already done this) For more details see: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 I have made some assumptions, so if you have further questions please upload your diagnostics.zip file (from Tools -> Diagnostics) to your next post in this thread.
July 1, 20224 yr Author Thanks for replying, the LocalTLD setting is not set to the correct value, there was a typo. I could of sworn i did not change this during the upgrade... And i didn't spot it until i took a screen shot to post in this reply. I transposed 2 letters... Thanks !! Edited July 1, 20224 yr by Minty Trebor IDOCY
July 1, 20224 yr Hmm... please upload your diagnostics.zip file (from Tools -> Diagnostics) to your next post in this thread.
July 1, 20224 yr Solution Oh, your screenshot of the Local TLD shows a typo: domian instead of domain
July 1, 20224 yr Great! glad it is working now. SSL support has been reworked in 6.10 to be more secure. The LocalTLD setting had minimal impact in 6.9 so you might not have noticed the typo previously. In 6.10 the LocalTLD is used to generate the server's url, so it is much more important.
July 1, 20224 yr Author Ahh, so it could have been wrong all the time! - makes sense - at least I know I'm not going crazy!!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.