I recently installed omv4 on an old desktop PC I have. I'm very happy with it so far but I'm having a little trouble with SSL certificates. I'm very new to this and my understanding of all this is pretty limited. I tried to find an answer to this question elsewhere in the forum before posting, and it may well be out there, I just couldn't find it.
I have several plugins installed (listed below), and I would like to be able to access most of them from outside my local network through https with a signed certificate from LetsEncrypt. I'm using a domain from DynDNS and, after some fiddling, I was able to get a signed SSL certificate from LetsEncrypt using the LetsEncrypt plugin in omv. I am not using the standard https port to access the omv admin page. In my router, I have forwarded another external port to port 443 on my omv machine. This works perfectly when I access the omv admin page from the internet - that is, I get the green lock icon in my browser.
However, when I try to access the other services running on this machine from the internet using the same domain name from DynDNS but on a different port, the system uses an unsigned certificate and my browser warns me that the connection may be insecure.
As I understanding it, as long as I know I'm connecting to the right server, a self-signed certificate will provide the same encryption as a signed cert from a CA like LetsEncrypt. With that in mind, I don't know how important it is to get that little green lock icon for all of the services running on this machine but, I would still like to.
Right now, each service is listening on a different port. I have each of those ports forwarded in my router and I've used the settings in each individual service to allow/force https connections. Is there a way to get all of these services to use the same signed SSL certificate or perhaps different ones, given that they're all on the same domain name, just different ports? If so, is this something I can do from the omv admin page or is it a problem for the command line or do I need to do this in each of the services individually?
Some basic info is listed below. Please let me know if there is any way I can clarify my question.
Thanks!
Hardware
- Intel Core i5-3570
OMV
- Version: 4.1.6
- Kernel: 4.16.0-0.bpo.1-amd64
Services i would like to access through https
- omv admin page (signed cert working)
- syncthing admin page (signed cert not working)
- WebDAV (not setup yet but i'd like this to work as well when I get to it)
- Docker Containers
- Handbrake (signed cert not working, also not really needed. I don't plan to access this from the internet anyway)
- OpenVPN-AS admin page (signed cert not working)