Jump to content
local.bin

Using own Cert CA, possible to point unraid admin to that rather than LE?

5 posts in this topic Last Reply

Recommended Posts

Hi

 

I am using my own internal cert CA with acme and would prefer to point my unraid servers certs to that url rather than that of Letsencrypt.

 

Is it possible to edit unraid files to change that url, if so, which ones and will it get overwritten on each update?

 

Edit: If I am able to edit the url LE using to get its certs, that should be all I need.

 

Thanks in advance.

Edited by local.bin

Share this post


Link to post

The answer is in the Help for the 'Use SSL/TLS' setting on Settings/Management Settings:

 

Quote

nginx certificate handling details

The nginx startup script looks for a SSL certificate on the USB boot flash in this order:
config/ssl/certs/certficate_bundle.pem
config/ssl/certs/<server-name>_unraid_bundle.pem

If neither file exists, a self-signed SSL certificate is automatically created and stored in
config/ssl/certs/<server-name>_unraid_bundle.pem

Provisioning a Let's Encrypt certificate writes the certificate to
config/ssl/certs/certficate_bundle.pem

nginx stapling support

Whether nginx enables OCSP Staping is determined by which certificate is in use:
config/ssl/certs/certficate_bundle.pem => Yes
config/ssl/certs/<server-name>_unraid_bundle.pem => No

 

To use your own certificate you are going to put it on the flash in config/ssl/certs directory.  What you name the file depends on whether Stapling should be enabled.  Note that the pem file is called a 'bundle' and consists of the concatenation of the certificate followed by the private key.  You can look at /etc/rc.d/rc.nginx and see how it's handled.

 

Share this post


Link to post
3 hours ago, limetech said:

The answer is in the Help for the 'Use SSL/TLS' setting on Settings/Management Settings:

 

 

To use your own certificate you are going to put it on the flash in config/ssl/certs directory.  What you name the file depends on whether Stapling should be enabled.  Note that the pem file is called a 'bundle' and consists of the concatenation of the certificate followed by the private key.  You can look at /etc/rc.d/rc.nginx and see how it's handled.

 

Hi there

 

Thanks for the response, but that was not what I was asking :)

 

I had read the help and it is a manual process, where I am asking if the LE url you use for automatically getting LE certs can be replaced.

 

See here -> https://letsencrypt.org/docs/staging-environment/

 

Replacing this url -> https://acme-staging-v02.api.letsencrypt.org/directory

 

With my acme server, I can create my certs from my own CA.

Share this post


Link to post

Ok, that makes more sense.  If you want that capability, we would ask that you open a feature request in the appropriate forum.  That isn't current functionality (nor planned) at this point, so it'd have to go through the process.  The workaround Tom mentioned previously is still valid for the meantime.

Share this post


Link to post
56 minutes ago, jonp said:

Ok, that makes more sense.  If you want that capability, we would ask that you open a feature request in the appropriate forum.  That isn't current functionality (nor planned) at this point, so it'd have to go through the process.  The workaround Tom mentioned previously is still valid for the meantime.

Ok thanks.

 

I was more hoping I could manually edit the LE url in the code to create my certs, as judging by the lack of responses here, it wouldn't be a popular feature request.

 

I will look for a puppet plugin or similar that allows me to populate my unraid servers certs automatically rather than having to manually create and maintain their certs :)

 

Thanks for both for your inputs.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.