Search the Community

So I just instlled True NAS on my Server + Nextcloud Jail. Works like a charm, but I just cant seem to get HTTPS to work. I have tried different tutorials online for at least 10 hours, but nothing works. I have: -Public IPv4 -Opened Ports for HTTP and HTTPS -Registered Domain -Reachable Nextcloud (HTTP only) Tutorial I have tried: https://www.truenas.com/community/threads/enable-lets-encrypt-ssl-in-nextcloud-on-freenas.78734/ https://drive.google.com/file/d/1E68zif8k6V70KBqMGS09Xp_-eGb-RquX/view# https://www.youtube.com/watch?v=g1mYxrxdJXM https://www.youtube.com/watch?v=6nkN4MbsXls&t=140s https://www.youtube.com/watch?v=hxSAGY5zRwQ&t=321s How important is SSL encryption for private Nexcloud usage really? Because I think Im ready to say fuck it and not encrypt the server at all

Hi! I've recently coded a program in Python 3.9 that takes the output of a RSS feed (from Environment Canada, for weather forecasts) and converts it to a string, which is then converted to TTS and saved in a .wav file. The program works amazingly well on both of my main computers... except on the computer that's supposed to run it 24/7. I've identified that the problem comes from FeedParser (the Python library that converts the XML file to a string), and what happens is when I execute the code to get the XML file: import feedparser NewsFeed = feedparser.parse("https://meteo.gc.ca/rss/city/qc-133_e.xml") print(NewsFeed) Instead of getting a normal output, which would be the XML file at this address: https://meteo.gc.ca/rss/city/qc-133_e.xml I get this result: {'bozo': True, 'entries': [], 'feed': {}, 'headers': {}, 'bozo_exception': URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))} I've looked into this problem a bit, and while monkeypatching could work, I am not really comfortable with the idea. What could be the problem there? TIA!

Hello everyone! I've got a problem I'm hoping someone can help with. I'm running a Linux (Ubuntu) VM on Unraid (v.6.9.2), and currently have Swag running on it to secure my NextCloud docker. I'm lookng to get my Icecast server (on the Linux VM securred) with SSL, is it possilbe to direct the VM through Swag (similarlly to how you would with dockers), as whenever I try and install Let's Incrypt on the VM it fails as Swag is already on my network. I'm kind of new to unraid/ssl so If anyone can provide any help or a better solutuon, that would be great! Harry

Hello, I am trying to enable HTTPS for remote access which requires a SSL certificate. To do this I have been using Caddy but I'm open to using something else. Currently my setup is an Ubuntu Server and I use Docker+Portainer for Jellyfin. I am new to servers so I can't figure how to do this. I can't seem to find any tutorials and I am a little confused by the documentation on Jellyfin's website.

Hi! I would like to fix the SSL certificate because I want to be able to read and configure the network settings via scripts and not having a proper SSL certificate introduces problem I got tired of following YT videos and manual for generating certs and keys and trying to update Ubiquiti Cloud Key v1.1.19. Every time my cert gets ignored. I am not sure if this is the right type of the certificate and if the "aircontrolenterprise" password should be used and so on and so forth. So, Are there step-by-step instructions for: generating self-signed certificate updating Cloud Key commands It is for my internal home usage, so I want to use a self-signed certificate (and not Let's Encrypt, for instance). Thanks!

Can anyone please explain me why I cannot access the Princeton website? When I click on show code on this website link: https://www.cs.princeton.edu/~chazelle/courses/BIB/pagerank.htm I get this error

On the domain linustechtips.com they use Cloudflare to protect data and provide the https to protect logins and the store. When browsing the SSL certificate the forums use its a standard certificate that is shared across many other domains. Through Cloudflare its only 5$/mo for linustechtips.com and *.linustechtips.com or 10$/mo for linustechtips.com and *.linustechtips.com and 50 other domains and wildcards. There are other ways too like Lets Encrypt and more expensive options. This will also for the certificate to show a common name of LTT and the organization to be under Linus Media Group.

Hi Team Linus, first off, I'm quite a newbie when it comes to servers. Actually this is my first project. I bought a 100GB v-server and it comes with Ubuntu 16.04 including an apache2 server. It also comes with a fixed IP, lets say 123.123.123.123 and I have a subdomain pointing with an A record directly at the IP. The apache2 default site works perfectly both ways, either typing in cloud.mysuperdomainname.at or the IP directly via HTTP. But I have serious problems installing an SSL certificate (letsencrypt, https://certbot.eff.org/#ubuntuxenial-apache). My ports.conf file: Listen 80 Listen 443 // I added this extra, the original file came without this line <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> My sites-enabled file: 000-default.conf <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName cloud.mysuperdomainname.at DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html Servername cloud.mysuperdomainname.at ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet Trying to install the letsencrypt certificate gives the following error: Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for cloud.mysuperdomainname.at Enabled Apache socache_shmcb module Enabled Apache ssl module Waiting for verification... Cleaning up challenges Failed authorization procedure. cloud.mysuperdomainname.at (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data IMPORTANT NOTES: - The following errors were reported by the server: Domain: cloud.mysuperdomainname.at Type: connection Detail: Error getting validation data To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. I tried quite alot and searched google for hours but I don't have any solution yet. Can you guys help me? If you need logfiles or anything, just let me know. That would be awesome.

I was looking through my router's settings when I saw the traffic analyzer option. I decided to turn it on to see what it did. I left for about 15-20 minutes I came back and saw that something called HTTP Protocol over TLS SSL had already used almost 1GB, I don't have a problem with this as I have unlimited internet but I'm just wondering what it is. I can look at some of the other devices on the network, specifically, my phone that I watched a youtube video on had data used up for that but the HTTP Protocol over TLS SSL bar only had used 4.76 MB in the same amount of time. I'm just wondering what that could be. List of what I have open at the time of writing this: Skype 4 chrome tabs looking up what this problem is tab with Gmail tab with google drive tab with google calendar tab with twitch(there is a separate bar for twitch so I know it isn't this and the screen I'm on isn't streaming anything so highly unlikely this is it). Ubisoft 30 days of giveaways website(https://30days.ubi.com/Promotion/Calendar) wunderlist.com 192.168.1.1 webpage Battle.net launcher(in background) discord

My setup: Router: Several ports forwarded to synology, including 5000, 5001, 80, 443 Domain: Using xxxx.synology.me Also have Google Domain that I tried but still not working either Certificate using synology.com default DNS is xxxx.synology.me Synology: accessible via 192.xxx.xxx.xxx or xxxx.synology.me or my quickconnect ID Don't have router configured with Dynamic DNS, not sure if that matters https://xxxx.synology.me forwads to 5001 port to https://xxxx.synology.me:5001 http://benjaminllim.synology.me:80/ goes to https://xxxx.synology.me:5001 What I'm doing: Certificate > Add > Add a new certificate > Get a certificate from Let's Encrypt > details: Domain name: xxxx.synology.me Email: email@gmail.com Subject alternative name: mail.xxxx.synology.me Not sure what I'm doing wrong would appreciate any help, thanks!

Does anyone know of any software that is capable of scanning websites/servers to check what ssl/ciphers they support. I need to be able to scan local web servers (IDRAC, printers, routers, switches, ETC) Apparently, NMAP can tell you this but so far I have struggled to find a way to bring up the exact cipher. Thanks, Scott

I am a graduate student at San jose state university and i am working on this project where i have to add a SSL on my website and i have tried every method available to validate it but i am still not able to do it . Does anyone know how to do that?

I'm developing a bot that pulls emails from the client's own web server. Using Uipath for it. However, when my bot attempts to make a connection, I get an error that says, "The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Is there a way I can make my PC think that this certificate is totally valid and has no issues? It's the client's own web mail server, so I do not believe any problems should arise from this. Can someone help me just whitelist this?

Hello, I use Chrome and wonder if recently there was somekind of SSL update on a global scale because almost every website that I visit shows exclamation mark in browser's address bar. Here's a screenshot of what I mean:

Hello, I am going to install Nextcloud on my old PC and because I will make it accessible through my home network's public IP I want to use SSL. However I do not want to buy a domain and the command `sudo nextcloud.enable-https lets-encrypt` requires a domain because Let's Encrypt requires a domain, and `sudo nextcloud.enable-https self-signed` brings up a warning in most browsers which makes my setup seem even more dangerous to my family members who will be using it as well. Is there any way to get something like Let's Encrypt on an IP?

Hi guys, I have setup my IIS Webserver but if I try to use my SSL cert. I always run into the 503 error and google didnt solve my problems but maybe one of you guys is a IIS expert EDIT: Firewall is open like a barn door (for testing)

Hello everybody I have a big problem with my self-signed SSL certificate coming with my Synology NAS. All my Wenbbrowser are blocking my domain for some reason, so I have a hard time reaching the domain, especially from mobile devices and apps. I would therefore like to create a new certificate and look for a suitable provider. Can you recommend someone to me?

Is the enterprise proxy what use MITM to filter https traffic is secure? Is it the best method? I have strong dubts about it. For me replacement of original certificate is a bad practice... Is there interesting studies to read? In France that is very common method to "secure" enterprise network

Hi. I'm "making" a server (ubuntu) and I'd like to make a VPN so I can access samba and other services like if I was in the local network. That's pretty much all I get about VPNs, they simulate you're inside some other network. Now I've looked into openVpn and the official guides, it says how to configure ssl for it and generate certificates for server and clients. Halfway through doing this I stopped understanding what I was doing, what it actually meant. I went searching for how to connect to a VPN and apparently, there's a lot of programs out there, windows 8.1 has pre-defined vpn types you can select from but you can also do it from the network and sharing center without going through it, I don't know what a certificate will do in all this, in android you need an app, then there's a whole mess with .ovpn files that I have no idea how to generate... I'm overwhelmed, it's all a mess in my head. Things I understand: Again, VPN "puts" you inside some other internal network (reroutes ). SSL encrypts traffic going between VPN server and client, so, for example, even if you're browsing non-https websites no one can mitm you without ssl stripping. Things I don't: What should I do with the client.crt, ca.crt, and client.key? How do I obtain a .ovpn file? How do I connect to an openvpn server on windows, and do I need specific software do do it? IPSec, SSL, TLS, PPTP, P2TP, WTF?! I've read institutions such as universities or companies use VPNs to link to each other and create a large private network, how do you make something that scale, how does that much traffic get rerouted, how optimized is it? I have a 5mb/s upload speed which is more than the download speed of any network I regularly am in. I just wanna feel safe and be home, basically be inside of my home network at all times, using the VPN on my every device, but first I need to understand it so I can create it. Thank you!

Hey guys, I would like to have you guy's opinion about using a valid certificate (from let's encrypt) for using OpenVPN and putting an extra layer with sTunnel. I just want to know if it's going to change anything at all. If it's a little more secure or are there another way to use something more secure. I use sTunnel because my school's network detect openVPN (on 443) and "set a timeout" of about 10 sec before the app (android) connects back to it for it to timeout again. Thanks a lot!

Hi Not sure if this is the correct section, didn't know where else to look. I have just started my own company (yay!), and in the process of getting a website on the go. I currently have a working forum with phpBB, and hopefully a store sometime in the future. Now since I haven't started trading, my host do SSL certificates, from £15/py. I was wondering whether it'd be worth getting one, holding off a bit, or not get one at all? Cheers ~Dan

When on chrome recently i tried to connect to a website, I later learned that it wasn't only this website that had an ssl error on it, it was all websites. Help Fixing please? Thanks!

When on chrome recently i tried to connect to a website, I later learned that it wasn't only this website that had an ssl error on it, it was all websites. Help Fixing please? Thanks!

(I'm not sure if this is the correct forum for this, happy to move it if not) I'm planning on upgrading my server to windows 2012. One thing I'm trying to wrap my head around is how to get things working together with nginx. My intended setup is this: I have a domain purchased through namecheap.com, but going to migrate it over to godaddy so it can be used with win2012. We don't have a static IP, so am I correct in thinking that win2012 will automatically update the DNS record with godaddy if theres an IP change? Currently, nginx is set up with reverse proxy so things like seafile (cloud service), couch potato, plex, sonarr, can be accessed by visiting www.domain.com/couchpotato (for example) nginx listens on both port 80 and 443 as I have my own SSL certificate. Any requests to 80 get redirected to 443 so I'm always using SSL when I access any web service I'm planning on making use of both vpn and remote web access when we move to win2012. My question is, how do I get set up nginx so that those things can be accessed via domain.com? I'd like to be able to access remotewebaccess by visiting domain.com/remote for example. Is there a way to set up a reverse proxy (like with my other services) to accomplish this? Or is there another preferred method for getting all my services, plus the new win2012 ones, to work together? Another issue, is that port 443 is used by nginx for all of those services. I heard that remote web access also uses 443, so there will be a clash there (I guess unless I set it up through nginx too) Currently, I forward ports 80 and 443 to my server using the router, and domain.com just points to the routers IP. I'm unfamiliar with how win2012 actually makes use of a domain name that has been registered with it so I'm thinking I need to do things a different way? What are the correct steps to accomplish a setup where I have nginx, rwa+vpn, my current services, all being accessed through domain.com on 443?

Im very glad to read this.. original link