Switch from Self-Signed Certificate to Unraid LE (Solved)

[karash]

Today I went through the process of finally clearing my technical debt and upgrading my server from 6.8.3 to 6.12.10. This has brought with it a little bit of quick learning, specifically in regards to Certificates. 

 

6.8.3 used self-signed certificates and it seems that somewhere along the way there was a switch to being able to use Unraid Let's Encrypt certificates?

 

I have provisioned an Unraid LE certificate and Unraid Connect is working as is the "*.myunraid.net" URL. However when looking at the Management Access settings I see the following:

 

It looks like the "*.myunraid.net" is using certificate_bundle.pem while the local URLs are all using the SERVER_unraid_bundle.pem certificate, this is causing me to get an SSL warning when I navigate to my Unraid GUI.

 

Reading the docs here: https://docs.unraid.net/unraid-os/manual/security/secure-webgui-ssl/ 

I see there are two listed options: 

1. HTTPS with Myunraid.net certificate and fallback URL if DNS is unavailable

2. HTTPS with custom certificate - with option to have Unraid Connect Remote Access

 

#2: HTTPS with custom certificate - with option to have Unraid Connect Remote Access seems to be what Unraid is using for me now:

Quote

You are responsible for managing the certificate. Upload it to /boot/config/ssl/certs/[servername]_unraid_bundle.pem

 

This is where my current SERVER_unraid_bundle.pem is located. Whereas #1 appears to use certificate_bundle.pem for both the "*.myunraid.net" URL as well as the local URLs/IP.

But there are no instructions on setting that up.

 

Is there a way for me to switch from using the [servername]_unraid_bundle.pem to the Unraid LE (certificate_bundle.pem) certificate?

I think it may be as simple as deleting my self-signed certificate but I don't want to end up losing access to my GUI entirely.

 

I also am not sure if this will end up messing anything up for the likes of docker containers or other functions.

 

Edited April 20 by karash

[ljm42]

On 4/12/2024 at 7:27 PM, karash said:

It looks like the "*.myunraid.net" is using certificate_bundle.pem while the local URLs are all using the SERVER_unraid_bundle.pem certificate, this is causing me to get an SSL warning when I navigate to my Unraid GUI.

 

This is correct.  The certificate_bundle.pem cert is ONLY valid for *.myunraid.net urls. There is zero benefit to using it with other urls.  If you access the server by IP address or by name then it will use a self-signed cert.

 

On 4/12/2024 at 7:27 PM, karash said:

But there are no instructions on setting that up.

 

It is fully setup. To use it, click the url starting with https://192-168... that you blanked out of the screenshot.

 

For more information, see https://docs.unraid.net/unraid-os/manual/security/secure-webgui-ssl/