Community Forum

Share this post:
Responses (8)
  • Accepted Answer

    Sunday, February 19 2017, 05:50 PM - #Permalink
    Resolved
    0 votes
    Hi Fred,

    I have indead not the FTP server installed and no file on the server called "dhparam"
    The HTTPS site of Domoticz is working now with my SSL certificate and is not giving any errors in log file or accessing the site.

    Any additional functionality is always welcome.
    I find the standard apps in ClearOS somethime to lean. (lack of options to configure in webconfig)
    May you can make submenus to make it look more organized.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2017, 05:10 PM - #Permalink
    Resolved
    0 votes
    Patrick,
    Nice to hear it works.

    I am still investigating what I can do to make the certificate handling more integrated with ClearOS. My thinking is now a two step approach:
    1. Release an update soon (on its way now, may take a day or so before it is rolled out) where I will simplify things a bit by removing the need to fiddle around with DH-parameters (see explanation below)
    2. Release another update later on (weeks) if I can find a good way to introduce a more integrated solution with ClearOS for the certificates

    The way domoticz is currently configured, it expects the server_cert.pem file to contain DH-parameters at the end of the file. But you did not include the content from the /etc/dhparam.pem file (that file only exist on your server if ftp has been installed, so you might be missing it). This means that your Domoticz log will throw a warning at startup that DH file parameters are missing. Your browser might also give you some warning message. In an upcoming update of app-domoticz I will take care of the DH parameter part, so if it is working for you now I suggest you wait for that.

    If you absolutely want to add DH parameters to you newly added server_cert.pem file before I release the update you can do this (as root):
    cd /home/<your-normal-user-here-where-the-file-will-be-stored>
    openssl dhparam -out dhparameters.pem 2048
    It takes maybe 5 minutes to generate the file (CPU dependent) so be patient.
    When the file has been generated you can add its content to your certificate file that is missing the DH-parameters:
    cat dhparameters.pem >> /var/domoticz/server_cert.pem
    systemctl restart domoticz

    /Fred
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2017, 01:57 PM - #Permalink
    Resolved
    0 votes
    Hi Fred,

    This worked.


    cp -a /var/domoticz/server_cert.pem /var/domoticz/server_cert.pem.original
    cat /etc/letsencrypt/live/pdebrabander.nl/privkey.pem /etc/letsencrypt/live/pdebrabander.nl/fullchain.pem > /var/domoticz/server_cert.pem
    systemctl restart domoticz


    You need to add you domainname in the directory structure.
    I cycle every months to be sure i've a valid certificate.
    For this i've made a small script to update the certificate and copy the renewed certificates to the HTTP and Webconfig directories
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2017, 12:30 PM - #Permalink
    Resolved
    0 votes
    Patrick,
    Domoticz has its own webserver, and in the current (default) setup, it uses its own domoticz certificate. But it can be changed. Read on.

    In my first beta, I actually had a possibility for the user to specify what certificate files to use with domoticz but I removed it after feedback from the ClearOS team (to simplify the interface). Then the idea was to let ClearOS do all the access control by having it act as a reverse proxy and that would have solved "everything". However, that turned out not possible with all the different use cases.

    Domoticz is a bit picky about what formats of certificates it will accept. I need to work on this a bit (and check with the ClearOS team maybe) before I can make a general improvement here that could use the selected certificate files in the general ClearOS setup.

    In the mean time you can try this, logged in as "root" (You will need to force a refresh in your browser afterwards. I am not sure it will work, and I am just guessing where your private key and cert are located):
    cp -a /var/domoticz/server_cert.pem /var/domoticz/server_cert.pem.original
    cat /etc/letsencrypt/live/privkey.pem /etc/letsencrypt/live/fullchain.pem /etc/dhparams.pem > /var/domoticz/server_cert.pem
    systemctl restart domoticz

    If this works (please let me know), then you will have to repeat this whenever your letsencrypt SSL-keys are updated (I think it is evey 90 days).

    If it does not work, or if you want to revert back to the default setup for any other reason do this (as root):
    mv /var/domoticz/server_cert.pem.original /var/domoticz/server_cert.pem
    systemctl restart domoticz

    /Fred
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2017, 07:53 AM - #Permalink
    Resolved
    0 votes
    Fredrik Fornstad wrote:

    Patrick,
    You should be able to see Domoticz among the services. See screenshot from my testserver:

    I tend to remember that you did your own init.d script before. Did you erase that one before you installed app-domoticz? I guess there could be some interfering things otherwise.

    When it comes to SSL, I am not sure I understand how your setup works. Can you explain a bit more?

    /Fred

    It is working now.
    I've uninstalled the app, removed the /init.d/domoticz and did a re-install.

    About the SSL.
    The SSL connection is not using my LetsEncrypt certificate, but i think the standard ClearOS certificate.
    This is causing the connection to be "Unsave", because it is using the wrong certificate.
    Where can i change the location of the certifcate for Domoticz to use.

    In Webconfig you can choose which certifcate to use

    http://i65.tinypic.com/10qgq5h.png
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 18 2017, 07:24 PM - #Permalink
    Resolved
    0 votes
    Patrick,
    You should be able to see Domoticz among the services. See screenshot from my testserver:

    I tend to remember that you did your own init.d script before. Did you erase that one before you installed app-domoticz? I guess there could be some interfering things otherwise.

    When it comes to SSL, I am not sure I understand how your setup works. Can you explain a bit more?

    /Fred
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 18 2017, 04:05 PM - #Permalink
    Resolved
    0 votes
    Hi Fred,

    I've purchased the app. Great job !!
    The only thing i'm missing at this moment is the service job in the menu https://www.serverid:81/app/services

    If this a feature for the future ?

    For the https i'm using an External SSL (LetEncrypt). Can i change some the path to the script or maybe you can make a setting in the config menu ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 17 2017, 06:24 PM - #Permalink
    Resolved
    0 votes
    ClearCenter has posted a blog on this as well. Congratz Fredrik!

    https://www.clearcenter.com/blogs/timeline
    The reply is currently minimized Show
Your Reply