Forums

Resolved
0 votes
Hello all,

I recently installed ClearOs and have several apps running now. What I wish to ask about is the use of generated SSL certificates.

I am taking advantage of the freely available open source LetsEncrypt SSL certificate generator product. (http://letsencrypt.org). The certificate has been installed successfully and used for other web based applications on my ClearOs install.

I would like to also use the generated certificate for port 81. Has anyone been able to do this?

kindest regards,
Frank
Thursday, August 04 2016, 11:54 PM
Like
1
Share this post:
Responses (31)
  • Accepted Answer

    Friday, January 05 2018, 02:29 PM - #Permalink
    Resolved
    0 votes
    I've just tried it and it is a WFM, unfortunately. My letsencrypt.log file starts:
    2018-01-05 14:10:12,676:DEBUG:certbot.main:certbot version: 0.19.0
    2018-01-05 14:10:12,676:DEBUG:certbot.main:Arguments: ['--apache', '--agree-tos', '-n', '-m', 'a_user@howitts.co.uk', '-d', 'subcomain.howitts.co.uk']
    2018-01-05 14:10:12,676:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2018-01-05 14:10:12,702:DEBUG:certbot.log:Root logging level set at 20
    2018-01-05 14:10:12,702:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-01-05 14:10:12,702:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
    2018-01-05 14:10:12,996:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
    2018-01-05 14:10:13,191:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache


    Perhaps we need to unpick how you did your initial set up. I know mine broke when I tried setting a default web server (I never had on and just used files in /var/www/html) and ClearOS failed to create the bind mount from the default web site flexshare to /var/www/html.

    What is in your /etc/httpd/conf.d/flex-443.conf and what is the result of:
    findmnt | grep -e "\["
    sed -e '/\s*#.*$/d' -e '/^\s*$/d' /etc/httpd/conf/httpd.conf
    Please put the output in "code" tags so we can see it indented properly.

    Have you set the immutable bit anywhere as it is mentioned in the thread?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, January 05 2018, 10:09 AM - #Permalink
    Resolved
    0 votes
    Oh oh its broken somewhere! I used the above method for quit some time and now I installed the letsencrypt app it showed the certificates made before bet when I request a new one I get the following:
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Could not choose appropriate plugin: Too many flags setting configurators/installers/authenticators 'webroot' -> 'apache'
    Too many flags setting configurators/installers/authenticators 'webroot' -> 'apache'
    Unfortunately also the old way is broken, somebody know what to do?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 04:33 PM - #Permalink
    Resolved
    0 votes
    It is probably slightly separate things. It looks like it needs somehow to be able to validate your IP address against the FQDN. Presumably it is doing some sort of http or https request to do this. The certificates you've created may possibly be used for the webconfig. If you do you, may need to use your poweredbyclear.com FQDN to access your webconfig and that means you'll need a hosts entry in your DNS server mapping it back to your LAN IP address, but I don't know for sure. I only use the certificate for my external web server.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 04:05 PM - #Permalink
    Resolved
    0 votes
    Hi Nick

    OK, got it working.At the end I specified the port 80, open the port 80 for the validation and that did the trick.

    The whole idea of the certificate was to solve the webconfig certs, but that wasn't the case. Am I missing something? Or did I create the certificates for web server only?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 02:04 PM - #Permalink
    Resolved
    0 votes
    Which letsencrypt client are you using?
    Which FQDN are you using?
    Does it resolve back to your IP address?
    Please also post the full error message between code tags? You can copy out of PuTTy just by selecting the text.

    Do you have a web server currently listening on 80 or 443. I think you need to have one.

    At the end of the day, google will be your friend.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 01:45 PM - #Permalink
    Resolved
    0 votes
    Hi Nick

    Sorry to be pain. Still having issues. It is timing out. Whole load of errors but at the end it says: urn:acme:error:connection :: The server could not connect to the clien t to verify the domain :: Timeout

    Any ideas?
    Thank you
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 11:58 AM - #Permalink
    Resolved
    0 votes
    What are you using to create your certificates? I am not sure why it is making comments about A or AAAA records. As far as I am aware all mine are CNAME records. What is important is that they resolve back to your IP address. Does your poweredbyclear.com FQDN resolve back to your IP address? Have a look in Webconfig > cloud > services > Dynamic DNS. Your fqdn is a combination of the subdomain and domain. If you do not like your subdomain, change it to something more memorable.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 11:08 AM - #Permalink
    Resolved
    0 votes
    Hi Nick

    Thank you for your reply. When I use the ClearOS name, I am getting an error saying that the A/AAAA name does not exists. That suggest that I need a domain name?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 10:09 AM - #Permalink
    Resolved
    0 votes
    You can use any name which resolves back to your current IP address and you can use more than one name at the same time so I, for example, have a certificate which covers both howitts.poweredbyclear.com and www.howitts.co.uk (and a few others).

    I use certbot to manage my certificates. Certificates are created under /etc/letsencrypt. Always point any app to the ones under /etc/letsencrypt/live as these symlink to the latest renewed ones under /etc/letsencrypt/archive which get renewed periodically.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 16 2017, 08:16 AM - #Permalink
    Resolved
    0 votes
    Hi Frank

    Thank you for the details on creating the certificate. In order to create the certificate, do you need to have a registered domain name? Or do you you the ClearOS's domain name?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 07 2017, 09:30 AM - #Permalink
    Resolved
    0 votes
    Hi Taryck,
    If you use Certbot, they recommend checking certificate validity automatically twice daily. I finf this a bit OTT as they issue a three month certificate and renew it after 2. I've just set a simple job in cron.daily and it looks after the renewal in the background.

    OpenVPN is a red herring. I was thinking Letsencrypt replaces the root certificate and would then be used for signing OpenVPN certificates. That thought was way off the mark. Treat them as being independent. OpenVPN uses a weird validation as both the certificate and key must be in the client. I believe it then validated the certificate against the key then checks the CA is still the CA published by the OpenVPN server. It can also check for a CRL on the server, and that is it. It has a big down-side for ClearOS in that ClearOS OpenVPN is not configured to use CRL's and nor is the Certificate Manager so it means that once a certificate is issued it is impossible to invalidate it. There is a bug filed for this.

    For e-mail, don't go there or at least not in the way I did. I tried it and regretted it. It is easy enough to configure the e-mail server to use the Letsencrypt certificates and the certbot renewal program allows you to fire a post-renewal script. This means you can easily restart postfix/cyrus/whatever when necessary. The problem is that this certificate renewal then invalidates your certificate in your e-mail clients and you have to go round updating the clients before you can receive e-mails again.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 07 2017, 06:38 AM - #Permalink
    Resolved
    0 votes
    Hi all,

    News from letsencrypt.org : Wildcard Certificates Coming January 2018
    Let’s Encrypt will begin issuing wildcard certificates in January of 2018.

    Tips :
    openssl x509 -checkend 86400

    helps you to check by script ($?) if cetificat will expire (or not) within the next 24 hours. And so, do not ask for renew if not required.
    I suggest to schedule weekly the cerficiate renew due to the short time of the cert.

    For OpenVPN I do not think official certificates are required because this is OpenVPN to check the validity of the client certificate. And I don't think letsencrypt provide client certificates or CA.
    Servers only, validated by domain name: this excludes client certificates.

    Can I use certificates from Let's Encrypt for code signing or email encryption?

    No. Email encryption and code signing require a different type of certificate than Let's Encrypt will be issuing.

    No other usage than servers.


    For email, I guess it could be interesting however, I don't think letsencrypt provide client certificates..

    You also should edit /etc/letsencrypt/renewal/<domaine>.conf to raise :
    renew_before_expiry = 5 days

    to a little higher value like 15 days.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 21 2017, 03:10 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I am trying to imagine how this would work. Presumably you've used a LetsEncrypt CA, but ClearOS generates its own certificates for postfix (/etc/postfix/cert.pem and/etc/postfix/key.pem), cyrus-imap (/etc/postfix/cert.pem and /etc/postfix/key.pem but I don't know which CA it uses) and so on. OpenVPN generates certificates for each user. I would not have thought ClearOS could sign LetsEncrypt certificates so I'd love to know how this works. It would be good if it were documented.

    I'm hoping to have a scratch server that I can tinker around with soon. I'll have to have a little play.

    It would be nice if this feature were documented, of it it is documented, it would be good if I could find the document.

    [edit]
    Also, how does ClearOS handle the renewal?
    [/edit]

    Nick,

    I've found this on the web :
    https://forums.openvpn.net/viewtopic.php?t=20973
    https://www.sideras.net/lets-encrypt-https-certificates-for-openvpn-as-access-server/
    Does this help you ? Is this what you are looking for ?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 20 2017, 08:09 PM - #Permalink
    Resolved
    0 votes
    I am trying to imagine how this would work. Presumably you've used a LetsEncrypt CA, but ClearOS generates its own certificates for postfix (/etc/postfix/cert.pem and/etc/postfix/key.pem), cyrus-imap (/etc/postfix/cert.pem and /etc/postfix/key.pem but I don't know which CA it uses) and so on. OpenVPN generates certificates for each user. I would not have thought ClearOS could sign LetsEncrypt certificates so I'd love to know how this works. It would be good if it were documented.

    I'm hoping to have a scratch server that I can tinker around with soon. I'll have to have a little play.

    It would be nice if this feature were documented, of it it is documented, it would be good if I could find the document.

    [edit]
    Also, how does ClearOS handle the renewal?
    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 20 2017, 07:26 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    @Patrick,
    Interesting. How does this work? Do you set LetsEncrypt as the CA? If so, how do you generate user certificates for thing like OpenVPN? I can't find any documentation on it.
    Please feel free to take this question privately if you don't think it lives here.
    Nick

    Hi Nick,

    In reply of another thread (LINK.)
    I'm not using OpenVPN, but i'm using the SSL Certificate for my HTTPS connections.
    How can i test the user certificates ? if you can me a help i can test this for you.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 22 2016, 06:24 PM - #Permalink
    Resolved
    0 votes
    If you're happy for a script to run monthly, don't worry about crontab. Just place it in /etc/cron.monthly and make it executable. If you use crontab (as root), it creates a file /var/spool/cron/root.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 22 2016, 05:27 PM - #Permalink
    Resolved
    0 votes
    Lex Vroemen wrote:

    Patrick de Brabander wrote:

    Hi,

    I've made a cronjob for the automatic update which can maybe helpfull



    I am trying to figure how this cronjob works do you have to make a file somewhere or edit a file please share some more info, I got it all working accept the cronjob for the auto renewal.

    Thanks


    Hello lex,

    You must edit /etc/crontab and add the following line:
    0 4 1 */2 * root /PATH/letsencrypt.sh >> /var/log/letsencrypt


    Location (PATH) of the script file is depending on where you have put the script.
    Also the frequency of the execution of the script. It is now set to every 2 months.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 22 2016, 05:13 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:

    Hi,

    I've made a cronjob for the automatic update which can maybe helpfull



    I am trying to figure how this cronjob works do you have to make a file somewhere or edit a file please share some more info, I got it all working accept the cronjob for the auto renewal.

    Thanks
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 10 2016, 01:00 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Hi Patrick,
    Just an idea, but instead of copying the files between /etc/letsencrypt/live/www.yourdomain.nl/ and/etc/clearos/certificate_manager.d/ and adjusting ownership and permissions, can you just symlink them?

    Hi Nick,

    This crossed my mind, but since the permissions and afraid of breaking something with webconifg i've choosen this option.

    How is the certificate handled voor WWW and non-WWW domains ?
    Do i need 2 certificates ?

    FOUND it:

    ./letsencrypt-auto --config /etc/letsencrypt/cli.ini -d www.yourdomain.nl -d yourdomain.nl certonly


    You can make both certificates and they will combine it in 1
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 10 2016, 12:23 PM - #Permalink
    Resolved
    0 votes
    Hi Patrick,
    Just an idea, but instead of copying the files between /etc/letsencrypt/live/www.yourdomain.nl/ and/etc/clearos/certificate_manager.d/ and adjusting ownership and permissions, can you just symlink them?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 10 2016, 09:05 AM - #Permalink
    Resolved
    1 votes
    Hi,

    I've made a cronjob for the automatic update which can maybe helpfull


    letsencrypt.sh

    #!/bin/bash

    cd /usr/local/letsencrypt/
    ./letsencrypt-auto --config /etc/letsencrypt/cli.ini -d www.yourdomain.nl certonly

    if [ $? -ne 0 ]
    then
    ERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`
    echo -e "The Lets Encrypt Cert has not been renewed! \n \n" $ERRORLOG | mail -s "Lets Encrypt Cert Alert" postmaster@yourdomain.nl
    else

    service httpd stop

    cp -f /etc/letsencrypt/live/yourdomain.nl/cert.pem /etc/clearos/certificate_manager.d/LetsEncrypt.crt
    cp -f /etc/letsencrypt/live/yourdomain.nl/privkey.pem /etc/clearos/certificate_manager.d/LetsEncrypt.key
    cp -f /etc/letsencrypt/live/yourdomain.nl/fullchain.pem /etc/clearos/certificate_manager.d/LetsEncrypt.intermediate

    chown webconfig:webconfig /etc/clearos/certificate_manager.d/LetsEncrypt.crt
    chown webconfig:webconfig /etc/clearos/certificate_manager.d/LetsEncrypt.key
    chown webconfig:webconfig /etc/clearos/certificate_manager.d/LetsEncrypt.intermediate

    chmod 600 /etc/clearos/certificate_manager.d/LetsEncrypt.crt
    chmod 600 /etc/clearos/certificate_manager.d/LetsEncrypt.key
    chmod 600 /etc/clearos/certificate_manager.d/LetsEncrypt.intermediate

    service httpd restart
    service webconfig restart

    fi

    exit 0




    cli.ini

    authenticator = webroot
    webroot-path = /var/www/html
    server = https://acme-v01.api.letsencrypt.org/directory
    renew-by-default
    agree-tos
    email = postmaster@yourdomain.nl


    Please share me your comments if you see some improvements ;)
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 09:09 PM - #Permalink
    Resolved
    0 votes
    Adding the certificate files into webconfig worked for my default website.
    Webconfig will adjust the .conf file with the new ceritifcates


    For the webconfig (port 81) see also : post

    ClearOS Webconfig

    We need to edit a file in clearos.

    /usr/clearos/sandbox/etc/httpd/conf.d/framework.conf

    replace :
    SSLCertificateFile /etc/pki/tls/certs/domain.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/domain.key

    with:
    SSLCertificateFile /etc/clearos/certificate_manager.d/LetsEncrypt.crt
    SSLCertificateKeyFile /etc/clearos/certificate_manager.d/LetsEncrypt.key
    `
    (name and location is made by webconfig after addind the certificates

    Restart clearos webconfig

    service webconfig restart



    Now i need to make a cronjob for the 2 monthly update !!
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 07:21 PM - #Permalink
    Resolved
    0 votes
    Hi Frank,

    did you enable ssl for your default website ?

    http://i67.tinypic.com/ixy460.png

    And after you installed the letencryp certificate in the webconfig, can you select here an different certificate ?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 06:52 PM - #Permalink
    Resolved
    0 votes
    Thanks for your reply Patrick

    Patrick de Brabander wrote:

    Can you maybe add the certificated in the webconfig ? https://server:81/app/certificate_manager/external/add

    For the webconfig you need to add the certificates for port :443
    /etc/httpd/conf.d/flex-443.conf is generated by webconfig automaticly.




    Letsencrypt produces 4 files.

    cert1.pem
    chain1.pem
    fullchain1.pem
    privkey1.pem


    The certificate manager is looking for

    Certificate file which I suspect is cert1.pem
    Key File which I suspect is privkey1.pem
    Intermediate file which I suspect may be the fullchain1.pem??

    It seems to be ok when I enter the information and adds it.

    When I view it I get the following


    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number:
    xxx
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    Validity
    Not Before: Jun 20 19:50:00 2016 GMT
    Not After : Sep 18 19:50:00 2016 GMT
    Subject: CN=yourdomainname
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:

    bunch of stuff


    Exponent: 65537 (0x10001)
    X509v3 extensions:
    X509v3 Key Usage: critical
    Digital Signature, Key Encipherment
    X509v3 Extended Key Usage:
    TLS Web Server Authentication, TLS Web Client Authentication
    X509v3 Basic Constraints: critical
    CA:FALSE
    X509v3 Subject Key Identifier: xxx

    X509v3 Authority Key Identifier:
    keyid: xxx


    Authority Information Access:
    OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
    CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

    X509v3 Subject Alternative Name:
    DNS: xxx
    X509v3 Certificate Policies:
    Policy: 2.23.140.1.2.1
    Policy: 1.3.6.1.4.1.44947.1.1.1
    CPS: http://cps.letsencrypt.org
    User Notice:
    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

    Signature Algorithm: sha256WithRSAEncryption
    xxx


    I looked in the /etc/httpd/conf.d directory but could not see a flex-443.conf file.

    authnz_external.conf autoindex.conf php.conf README ssl.conf userdir.conf welcome.conf.rpmsave
    authz_unixgroup.conf geoip.conf phpMyAdmin.conf roundcubemail.conf ssl.conf.rpmsave welcome.conf



    It is mentioned that flex-443.conf is generated so I am wondering if there was something I did wrong. Perhaps I'm using the wrong files when adding an external certificate in the certificate manager.??

    Kindest regards,
    Frank
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 06:15 PM - #Permalink
    Resolved
    0 votes
    Non-flexshare websites, so possibly in /var/www/html and so on, I believe use certificates referenced from /etc/httpd/conf.d/ssl.conf. Flexshare web sites use /etc/httpd/conf.d/flex-443.conf, which, as you say, is generated automatically. This means you need to edit the file and point it to your new certificates then set the immutable bit so ClearOS can't change it - but you need to remember you've done it!
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 05:05 PM - #Permalink
    Resolved
    0 votes
    Can you maybe add the certificated in the webconfig ? https://server:81/app/certificate_manager/external/add

    For the webconfig you need to add the certificates for port :443
    /etc/httpd/conf.d/flex-443.conf is generated by webconfig automaticly.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 05:00 PM - #Permalink
    Resolved
    0 votes
    I'm following this with interest for when I go over to 7.x and note that certbot is available packaged from Epel so you possibly don't have to go down the git route.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 04:49 PM - #Permalink
    Resolved
    0 votes
    Hi Franks,

    Many thanks for your clear howto.
    I've followed your steps and the certificates are made and installed.
    Only how can i check if it is working ? Now i'll see still the ClearOS selfcertificate on the site.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 09 2016, 02:39 PM - #Permalink
    Resolved
    0 votes
    Certainly. I've used Letsencrypt on a couple of Unbuntu servers so the instructions were a little different. Needless to say those servers are scheduled to be changed to ClearOS. :)

    I was able to get things going on my ClearOS install with thanks to the assistance from Marc Laporte and Xavier de Pedro at Wikisuite ( http://Avan.Tech http://wikisuite.org )


    This will assume you are logged into the server via ssh as root.

    Install git if you don't already have it.

    yum install git

    Ok time to install

    cd /usr/local
    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt
    service httpd stop

    Now create your certificate. Replace yourdomainname with your domain name :)


    sudo ./letsencrypt-auto certonly --standalone -d yourdomainname --debug

    If all goes well you should receive the following message

    IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/yourdomainname/fullchain.pem. Your cert
    will expire on ........ To obtain a new or tweaked version of
    this certificate in the future, simply run letsencrypt-auto again.
    To non-interactively renew *all* of your certificates, run
    "letsencrypt-auto renew"
    - If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le



    OK so now set up the web server to use the certificates.

    vi /etc/httpd/conf.d/ssl.conf

    change the following lines

    SSLCertificateFile /etc/letsencrypt/live/yourdomainname/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomainname/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/yourdomainname/chain.pem


    Restart your httpd service

    service httpd restart


    If everything goes well your https connection is now using the Letsencrypt certificate.


    cheers,
    Frank
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 08 2016, 08:27 AM - #Permalink
    Resolved
    0 votes
    Hi Frank,

    Very interesting.
    Can you give a smal howto regarding the step you took to get LetsEncrypt working.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    JD
    JD
    Offline
    Saturday, August 06 2016, 02:52 PM - #Permalink
    Resolved
    2 votes
    Frank, I too am interested in seeing the community's response regarding the use and integration of the LetsEncrypt SSL certificate generator and the LetsEncrypt project in general. I am curious about the steps you chose to get the SSL working on your server.

    Which client did you select?
    Were you able to use Certificate Manager external certificate with the ClearOS Webconfig System Settings or did you use command line?

    I haven't seen much discussion regarding LetsEncrypt and it's functionality with ClearOS 7; ironically I was researching this very subject when your post appeared in this forum.

    Very interested in your input,
    JD
    Like
    1
    The reply is currently minimized Show
Your Reply