Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Master Untangler
    Join Date
    May 2008
    Posts
    962

    Default

    I don't think you need to do this.

    Code:
    cp /tmp/apache.pem /usr/share/untangle/settings/untangle-certificates/apache.pem
    At least I didn't. FYI I am using a wildcard cert.

    You could also clean it up a bit.
    Code:
            cat "/root/.acme.sh/$domainname/$domainname.cer" > /tmp/apache.pem
            cat "/root/.acme.sh/$domainname/$domainname.key" >> /tmp/apache.pem
    to
    Code:
    cat "/root/.acme.sh/$domainname/$domainname.cer" "/root/.acme.sh/$domainname/$domainname.key" > /tmp/apache.pem
    Thanks
    fizzyade likes this.

  2. #12
    Untangler
    Join Date
    Aug 2019
    Posts
    35

    Default

    Quote Originally Posted by donhwyo View Post
    I don't think you need to do this.

    Code:
    cp /tmp/apache.pem /usr/share/untangle/settings/untangle-certificates/apache.pem
    At least I didn't. FYI I am using a wildcard cert.

    You could also clean it up a bit.
    Code:
            cat "/root/.acme.sh/$domainname/$domainname.cer" > /tmp/apache.pem
            cat "/root/.acme.sh/$domainname/$domainname.key" >> /tmp/apache.pem
    to
    Code:
    cat "/root/.acme.sh/$domainname/$domainname.cer" "/root/.acme.sh/$domainname/$domainname.key" > /tmp/apache.pem
    Thanks
    The reason for overwriting that file is that under some circumstances untangle seems to replace it back with a self signed certificate which exists until the cron job runs, so this is the reason behind this. Since I have added that line i have not seen a self signed certificate at any point. It may have been related to reboots, I can't quite remember now.

    Prefer my 2 lines as its more explicit when glancing at the script, but the way you suggest is just as valid. Tomato/Tomato, matter of personal preference.

    thanks for the feedback!

    Do the wildcards work OK for you? I had some weird DNS issues when I tried with them, it was probably down to something else, but it all works now so I'm loathed to change it!

  3. #13
    Master Untangler
    Join Date
    May 2008
    Posts
    962

    Default

    I understand, if it aint broke don't fix it. The wild card cert works fine for me. It is generated on a vm that only is used for that purpose. As suggested above. A script then scp's it to the untangle.

    What does this cert do? /usr/share/untangle/settings/untangle-certificates/apache.pem I didn't change it but have not seen any problems yet.

    Thanks

    Don't forget to vote for this.
    https://untanglengfirewall.featureup...0/lets-encrypt
    Last edited by donhwyo; 10-01-2019 at 08:08 AM.

  4. #14
    Untangler
    Join Date
    Aug 2019
    Posts
    35

    Default

    Quote Originally Posted by donhwyo View Post
    I understand, if it aint broke don't fix it. The wild card cert works fine for me. It is generated on a vm that only is used for that purpose. As suggested above. A script then scp's it to the untangle.

    What does this cert do? /usr/share/untangle/settings/untangle-certificates/apache.pem I didn't change it but have not seen any problems yet.

    Thanks

    Don't forget to vote for this.
    https://untanglengfirewall.featureup...0/lets-encrypt
    It's the location of the certificate that untangle uses (if you look in the GUI at the certificate it will show this one, regardless of whether you've overwritten the one in /etc/apache2/ssl/apache.pem).

    It copies this to "/etc/apache2/ssl/apache.pem" on boot (and possibly other situations), but overwriting both certificate locations I always ensure that my generated certificate is used and the GUI remains in sync with the actual certificate being used.

  5. #15
    Master Untangler
    Join Date
    May 2008
    Posts
    962

    Default

    Thanks I had not noticed that in the gui.

    Hopefully Untangle will implement letsencrypt someday.

  6. #16
    Untangler
    Join Date
    Aug 2019
    Posts
    35

    Default

    Quote Originally Posted by donhwyo View Post
    Thanks I had not noticed that in the gui.

    Hopefully Untangle will implement letsencrypt someday.
    Yep. As can be seen, its very simple to implement. heck, even using certbot or something more enhanced.

    I had some weird issues when I tried wildcard, my dns names for local machines kept resolving to external services, which is odd as this has nothing to do with lets-encrypt. I suspect I was just having DNS problems at the same time I was attempting wildcard.

    I guess it's time to try again.

  7. #17
    Master Untangler
    Join Date
    May 2008
    Posts
    962

    Default

    Ya that sounds like a dns problem.

    It is easy enough do do on the cli. But anything done on the cli is unsupported.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2