local.bin Posted October 25, 2019 Share Posted October 25, 2019 (edited) Hi I am using my own internal cert CA with acme and would prefer to point my unraid servers certs to that url rather than that of Letsencrypt. Is it possible to edit unraid files to change that url, if so, which ones and will it get overwritten on each update? Edit: If I am able to edit the url LE using to get its certs, that should be all I need. Thanks in advance. Edited October 25, 2019 by local.bin Quote Link to comment
limetech Posted October 29, 2019 Share Posted October 29, 2019 The answer is in the Help for the 'Use SSL/TLS' setting on Settings/Management Settings: Quote nginx certificate handling details The nginx startup script looks for a SSL certificate on the USB boot flash in this order: config/ssl/certs/certficate_bundle.pem config/ssl/certs/<server-name>_unraid_bundle.pem If neither file exists, a self-signed SSL certificate is automatically created and stored in config/ssl/certs/<server-name>_unraid_bundle.pem Provisioning a Let's Encrypt certificate writes the certificate to config/ssl/certs/certficate_bundle.pem nginx stapling support Whether nginx enables OCSP Staping is determined by which certificate is in use: config/ssl/certs/certficate_bundle.pem => Yes config/ssl/certs/<server-name>_unraid_bundle.pem => No To use your own certificate you are going to put it on the flash in config/ssl/certs directory. What you name the file depends on whether Stapling should be enabled. Note that the pem file is called a 'bundle' and consists of the concatenation of the certificate followed by the private key. You can look at /etc/rc.d/rc.nginx and see how it's handled. Quote Link to comment
local.bin Posted October 29, 2019 Author Share Posted October 29, 2019 3 hours ago, limetech said: The answer is in the Help for the 'Use SSL/TLS' setting on Settings/Management Settings: To use your own certificate you are going to put it on the flash in config/ssl/certs directory. What you name the file depends on whether Stapling should be enabled. Note that the pem file is called a 'bundle' and consists of the concatenation of the certificate followed by the private key. You can look at /etc/rc.d/rc.nginx and see how it's handled. Hi there Thanks for the response, but that was not what I was asking I had read the help and it is a manual process, where I am asking if the LE url you use for automatically getting LE certs can be replaced. See here -> https://letsencrypt.org/docs/staging-environment/ Replacing this url -> https://acme-staging-v02.api.letsencrypt.org/directory With my acme server, I can create my certs from my own CA. Quote Link to comment
jonp Posted October 29, 2019 Share Posted October 29, 2019 Ok, that makes more sense. If you want that capability, we would ask that you open a feature request in the appropriate forum. That isn't current functionality (nor planned) at this point, so it'd have to go through the process. The workaround Tom mentioned previously is still valid for the meantime. 1 Quote Link to comment
local.bin Posted October 29, 2019 Author Share Posted October 29, 2019 56 minutes ago, jonp said: Ok, that makes more sense. If you want that capability, we would ask that you open a feature request in the appropriate forum. That isn't current functionality (nor planned) at this point, so it'd have to go through the process. The workaround Tom mentioned previously is still valid for the meantime. Ok thanks. I was more hoping I could manually edit the LE url in the code to create my certs, as judging by the lack of responses here, it wouldn't be a popular feature request. I will look for a puppet plugin or similar that allows me to populate my unraid servers certs automatically rather than having to manually create and maintain their certs Thanks for both for your inputs. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.