ZataH Posted January 14, 2018 Share Posted January 14, 2018 How do I disable this feature, and use my own internal dns address and own cert with SSL? Quote Link to comment
ezhik Posted January 14, 2018 Share Posted January 14, 2018 TL;DR /boot/config/ssl/certs/hostname_unraid_bundle.pem The file consists of combined *.crt and .key file. You can "cat" them together using: $> cat mycert.crt mycert.key > hostname_unraid_bundle.pem (Obviously replace hostname with your unraid hostname). Delete other generated certs in that folder. Full info: There are instructions on how the SSL configuration is setup and used. Navigate to Settings -> Identification and click on "Use SSL/TLS" with the Question Mark: --- Determines how the webGui responds to HTTP and/or HTTPS protocol. Select No to disable HTTPS (but HTTPS is recognized and redirected to HTTP). Select Yes to enable HTTPS and redirect HTTP to HTTPS. If a Let's Encrypt SSL certificate has not been provisioned, then an automatically generated self-signed SSL certificate will be used. Select Auto if you are using or plan to use a Let's Encrypt SSL certificate provisioned by Lime Technology. Before the certificate is provisioned, the webGui remains in http-mode. After provisioning, the webGui automatically switches to https-mode. In addition two background processes are enabled: updatedns - This starts 30 seconds after server reboot has completed and contacts the Lime Technology DNS service to register the servers local IP address. Thereafter it wakes up every 10 minutes in case the local IP address has changed again. renewcert - This starts 60 seconds after server reboot has completed and contacts the Lime Technology certificate renewal service to determine if your Let's Encrypt SSL certificate needs to be renewed. Thereafter it wakes up every 24 hours. If within 30 days of expiration, a new certificate is automatically provisioned and downloaded to your server. Note: After provisioning a Let's Encrypt SSL certificate you may turn off the updatedns and newcert background processes by chaning this field to Yes. nginx certificate handling details The nginx startup script looks for a SSL certificate on the USB boot flash in this order:config/ssl/certs/certficate_bundle.pemconfig/ssl/certs/<server-name>_unraid_bundle.pem If neither file exists, a self-signed SSL certificate is automatically created and stored inconfig/ssl/certs/<server-name>_unraid_bundle.pem Provisioning a Let's Encrypt certificate writes the certificate toconfig/ssl/certs/certficate_bundle.pem nginx stapling support Whether nginx enables OCSP Staping is determined by which certificate is in use:config/ssl/certs/certficate_bundle.pem => Yesconfig/ssl/certs/<server-name>_unraid_bundle.pem => No --- 2 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.