I installed the plugin NextCloud on the Truenas 12.0-U8 and I cant find a proper tutorial on how to install/valitade the SSL certificate on it to not have that " this site is unsafe " everytime I access it.
Or in a simpler way to understad: The https says is not secure, how do I secure it in my case?!.
I got no clue and I don’t want to reinstall everything again just for the sake of experimenting with settings and commands.
The os that the jail runs on is “FreeBSD 12.2-RELEASE-p12”
Last time I tested a command like " certbot certonly --standalone -d yourdomain.com " but I could not get pass the email verification cuz no matter what i wrote in that it would spit an error.
Hmm odd, After I setup the truenas ipmi with proper settings some of the error for certbot have gone but I got another one.
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: **************
Type: connection
Detail: *************: Fetching http:// ************* /.well-known/acme-challenge/b0nE5n_G5FiSIWcVax9xOvOkD4TnW-nhzFbGAaRSSwM: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded fromthe internet.
Some challenges have failed.
is it because is trying to access the HTTP instead of HTTPS? (I do get errors when i try to access that also but https works no problem)
I got no clue what’s going on but atleast I learned some new stuff related to configuring the network interface in truenas.
Any idea?
Edit: Or maybe i need to give a folder where you don’t need access privileges?
Certbot tries to validate one of two ways. The first being HTTP validation, which means opening port 80 and 443 to do it’s magic. The second is DNS validation, this is my preferred way of doing things because it doesn’t require opening any ports, but it does require a bit of knowledge of how DNS works, but if you have a supported DNS provider, it can use it’s API to do all the magic for you.
I think I will leave it like that , cuz I don’t mind the that “unsafe bla bla bla” error when you access my nextcloud instance. I start to lose to much hair from looking and trying so many things from all over the internet.
One thing I want to ask, How to i get access with an SMB share to a jail’s content and be able to modify it?. How do i find out what permisions I need and in order to do that?.
After a ton of time spent thinking about things. I ended up routing the internal ports that my nextcloud has, like this : the 8282 as port 80 and 8283 as port 443 .
“So on your ““internet providers router”” you have to open the ports 443 and 80 for the nextcloud install or certbot will not work.”
after that i went and run the “certbot certonly -d mydomain.com” and then I used winscp to login into truenas and edit the nginx config from the jail.
