I have certbot installed on the server, how can I get it to work in the OMV GUI / ensure OMV is using it?

  • Hi all,


    I've logged in via SSH and run the following command:


    certbot --nginx --redirect -d subdomain.domain.com -d subdomain.domain.com -m email@address.com --agree-tos


    This gave me a certificate which is great.


    However, I note theres a certificate section in the Secure Connection area in the Web Administration area. I drop down that option and nothing is there.


    How can I ensure OMV is using my certificate?


    Thank you

  • The official way is to import it with the web GUI.

    You can try to make up a omv-rpx command to do the same (https://openmediavault.readthe…opment/tools/omv_rpc.html)

    or you can just copy the new cert on top of the old one and restart nginx in your script.

    or use a reverse proxy, which does it automatically.


    I would do the later.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • Thank you for this. However I am a bit new to SSL certs.


    As a note, this is a public facing machine, it's not behind my modem. I've got a server on Vultr and can access via subdomain.domain.com if that makes any difference.


    I've gone and created a ssl cert using the certbot command :


    certbot --nginx --redirect -d subdomain.domain.com -d subdomain.domain.com -m email@address.com --agree-tos



    However, how does that let me use it in omv? I am sorry I don't understand what you mean by "copy the new cert on top of the old one and restart nginx in your script" in regard to what I've done.


    Thank you

  • If you are ne, go to the WEB UI, System / Certificates and Add / Import the cert.

    Then configure https for the web ui (Somewhere in System).

    Check in your browser if this works and report back.


    Sorry, not at my omv, so i can not post screenshots.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • Thank you I do appreciate your help.


    However, when I go to System / Certificates and Add / Import the cert. There is nothing to import.


    I'm really not sure what to do there and can't find any docs / tutorials anywhere on this topic.

  • For example, in the OMV docs I found this statement RE letsencrypt:


    LetsEncrypt

    Lets Encrypt certificates can be imported directly, just locate your /etc/letsencrypt/live/<mydomain.com>/fullchain,privkey.pem files and copy their contents in their respective field. No need to convert.


    So I looked on the filesystem, and found the following:


    cert.pem

    chain.pem

    fullchain.pem

    privkey.pem

    README


    So I'm just not sure what to do. I am not finding the docs clear based on that paragraph.

  • You mean you do not have the ssl import button?

    There should be a window which will allow you to enter an name and the text of the cert.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • There is! Thank you. I found the import in the dropdown.


    I pasted the results of cat privkey.pem into the box.


    However, there is one called public key in the omv interface. Which file's contents should I paste into that? fullchain maybe? Well, I tried that and it says invalid format. I'm not sure. It's really not clear in the docs.


    Thanks again for this.

  • This is how I think it should be done:


    Instead of clicking "ADD", there's a "down arrow" and then "Import":



    Then you need to paste the contents of the fullchain and the privkey:


  • Thank you. I ended up finding this part of the interface. I can copy / paste the Private Key and that seems fine. But when I try the Public Key it says invalid format. I am pasting the contents of fullchain.pem into Public Key.

  • It says "Certificate" and "Private Key" so, see if you have a cert.pem file

  • Sorry, spent all possible ideas.


    Since I use a reverse-proxy for all services (SWAG in docker), I don't use the certificates on OMV.

  • Yes, I get the feeling most people run OMV on a home system behind their modem, so very little is out there for public facing omv servers. It's a struggle to find info / docs / tutorials. Thanks for your time though, much appreciated.

  • Yes, I get the feeling most people run OMV on a home system behind their modem, so very little is out there for public facing omv servers. It's a struggle to find info / docs / tutorials. Thanks for your time though, much appreciated.The ports will always be 80 and 443 (me thinks).

    If you can run docker, why not use docker-swag to proxy the services?


    My OMVs and ALL services I have running are all accessed from WAN. I just don't advertise it to the world.


    Nonetheless, good luck

  • @TeWuEs did it recently in ths thread RE: Can not login with host.domain but can with IP address maybe he can give detailed instructions.

    Thank you.


    I went there, started asking, looked over my interface and... guess what?


    I was entering the data into SSH not SSL. There are two tabs.


    So now my keys are accepted, in the system... and I still have a broken lock on my address bar. sigh. :)


    Oh well, one step at a time!

    I definitely have a valid letsencrypt cert. I also have it imported in the OMV interface. I just have to keep plugging away.


    Thanks again everyone!

  • hmm, it says:


    https://i.imgur.com/zsdKtfA.png


    But I definitely have an SSL cert. Checking my terminal on the server I get:


    $ certbot certificates

    Saving debug log to /var/log/letsencrypt/letsencrypt.log


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Found the following certs:

    Certificate Name: [redacted]

    Domains: [redacted]

    Expiry Date: 2022-04-20 06:00:47+00:00 (VALID: 89 days)

    Certificate Path: /etc/letsencrypt/live/redacted/fullchain.pem

    Private Key Path: /etc/letsencrypt/live/redacted/privkey.pem

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  • There is no need of hiding domain names they will attack you anyway.


    Did you use https://the_name_of_my_server? and did you chose the correct name?

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!