JuKu Posted March 23, 2018 Posted March 23, 2018 Hello everybody, I try to configure a letsencrypt certificate for one of my domains https://jukusoft.com , certificates are already generated by froxlor, but i get this error, if i browse the domain with firefox: SSL_ERROR_RX_RECORD_TOO_LONG If i search with google there are many threads about this topic, but there isn't any solution for this. Also there is no good tutorial on froxlor sites. Because i dont know if this is a bug or only a issue about a not-existent documentation, i havent created a issue on github yet. I also doesnt get any results by your forum search. If this is the wrong forum, please move my topic to the right! thanks! If i try to execute "openssl s_client -showcerts -connect jukusoft.com:443 -servername jukusoft.com" i get this output: CONNECTED(00000003) 140505437533840:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 310 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1521806504 Timeout : 300 (sec) Verify return code: 0 (ok) --- I have also configured IP / Port settings: Domain Settings: Where is the problem? And please, can you write a good tutorial / documentation for SSL & letsencrypt configuration for froxlor?
d00p Posted March 23, 2018 Posted March 23, 2018 The ssl-enabled IP/Port needs a certificate too, specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings). You also have to activate "generate Vhost container" in the ip/port for this to work
JuKu Posted March 23, 2018 Author Posted March 23, 2018 @d00p Thanks for this fast answer! vor 5 Stunden schrieb d00p: The ssl-enabled IP/Port needs a certificate too How do i get this certificate? Can i generate this or also get a certificate from letsencrypt? vor 5 Stunden schrieb d00p: specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings). I have already specified this in global ssl settings: Is this right?
d00p Posted March 25, 2018 Posted March 25, 2018 You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought
d00p Posted March 25, 2018 Posted March 25, 2018 Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required
JuKu Posted March 30, 2018 Author Posted March 30, 2018 Am 25.3.2018 um 08:27 schrieb d00p: You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought Thanks for your answer again! Can i also use a lets encrypt certificate for this? Or have i really generate a selfsigned certificate? If yes, how can i do this? openssl req -new > new.ssl.csr openssl rsa -in privkey.pem -out new.cert.key openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN cp new.cert.cert /etc/ssl/certs/server.crt cp new.cert.key /etc/ssl/private/server.key Am 25.3.2018 um 08:28 schrieb d00p: Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required I have done this, but it doesnt works.
d00p Posted March 30, 2018 Posted March 30, 2018 42 minutes ago, JuKu said: I have done this, but it doesnt works. It doesnt work is not an error message...please post logs or error messages.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.