Minty Trebor Posted July 1, 2022 Share Posted July 1, 2022 (edited) Having a real problem getting my pfsense self signed certs to work since the upgrade (they were working before upgrade). When I put the <name>_unraid_bundle.pem file into the certs folder, and either reboot or restart nginx the pem file gets immediately overwritten. I have tried re-issuing new certs, updating/changing the server name and issuing new certs, using wild card certs (which work in my docker nginx), and I am at a loss at to what I am doing wrong. This is the cert : The server name matches : I export the .key & .crt from pfsense and cat them together into the pem file on unraid, but it just gets overwritten immediately, with an internally signed cert. I have installed my ca into windows so any certs issued are trusted: but unraid its just: I'm obviously doing something wrong, or have misread something, can anyone shed any light please? Update: Validating the Subject in the pem file: Edited July 1, 2022 by Minty Trebor more info Quote Link to comment
ljm42 Posted July 1, 2022 Share Posted July 1, 2022 Unraid determines its url from the [servername].[localTLD] settings. If that url is not valid for the certificate you provide, it will get deleted and replaced with a self-signed certificate that is valid for those settings. So if you want this to be the url to the server: homesvr3.rjbhome.localdomain First you need to ensure DNS resolves homesvr3.rjbhome.localdomain to the server's IP address (I'm guessing you've already done this) Then on Settings -> Identification you need to set the "servername" to: homesvr3 (you have already done this) And on Settings -> Management Access you need to set the "Local TLD" to: rjbhome.localdomain (you need to do this) And the certificate needs to be valid for either of these urls: homesvr3.rjbhome.localdomain *.rjbhome.localdomain (you have already done this) For more details see: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 I have made some assumptions, so if you have further questions please upload your diagnostics.zip file (from Tools -> Diagnostics) to your next post in this thread. Quote Link to comment
Minty Trebor Posted July 1, 2022 Author Share Posted July 1, 2022 (edited) Thanks for replying, the LocalTLD setting is not set to the correct value, there was a typo. I could of sworn i did not change this during the upgrade... And i didn't spot it until i took a screen shot to post in this reply. I transposed 2 letters... Thanks !! Edited July 1, 2022 by Minty Trebor IDOCY Quote Link to comment
ljm42 Posted July 1, 2022 Share Posted July 1, 2022 Hmm... please upload your diagnostics.zip file (from Tools -> Diagnostics) to your next post in this thread. Quote Link to comment
Solution ljm42 Posted July 1, 2022 Solution Share Posted July 1, 2022 Oh, your screenshot of the Local TLD shows a typo: domian instead of domain Quote Link to comment
Minty Trebor Posted July 1, 2022 Author Share Posted July 1, 2022 Yes I spotted as I posted, edit reply above! Thanks Again Quote Link to comment
ljm42 Posted July 1, 2022 Share Posted July 1, 2022 Great! glad it is working now. SSL support has been reworked in 6.10 to be more secure. The LocalTLD setting had minimal impact in 6.9 so you might not have noticed the typo previously. In 6.10 the LocalTLD is used to generate the server's url, so it is much more important. 1 Quote Link to comment
Minty Trebor Posted July 1, 2022 Author Share Posted July 1, 2022 Ahh, so it could have been wrong all the time! - makes sense - at least I know I'm not going crazy!! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.