First, thank you guys for creating such an easy and wonderful tool as MIB
setup MIB on AWS EC2 instance. got it working, email works and got SSL certs installed
I have multiple domains and one of those domains, I host a website of a webserver in my house.
I use DDNS and use a redirect to point to my webserver
because my ISP blocks port 80 I have to use the redirect below to make it work on my previous DNS setup
> ** <FRAME SRC=‘http://pern.servebeer.com:8082’ **
but now since I moved to MIB
this redirect works, but it defaults to https and gives users an error about loading unauthorized scripts
I realized that the same cert I am using on MIB needs to be installed on my webserver, how do I do this?
website in question is https://troll-ed.com
Copy the cert to the webserver.
this is where I need help. where do I find the cert?
Most likely /etc/letsencrypt/live/example.com?
Make sure you get the current one … all of the expired certs are stored in that directory as well.
This is where certbot-auto would put them, yes … but I do not believe that is how the integration with MiaB is set up …dunno. See my last post for the location within MiaB installs.
so I imported the cert as pfx (windows hosting) and it doesnt work
I am using duckdns.org for DDNS
if i use the redirect link and I change it to https, it doesnt work
if I change it back to HTTP it doesn’t work. I get the error to load unsafe scripts
Let me just eat my shoe, I guess it’s not lol
I found the correct .pem file, and I used a pem+ sslkey converter to convert it to pfx file and upload the .pfx to my windows webserver, and added it, but it doesn’t work. maybe this is where I need help, how do I convert the .pem and sslkey file into an usable .pfx file for windows
I figured it out
sort off, I still need help but here is what I did
so I added my ddns name to my MIB pern.duckdns.org and I went to duckdns control panel, and I pointed pern.duckdns.org to my MIB ip address.
once DNS updated, MIB was able to provision a certificate to pern.duckdns.org using the cert tool within it
so I went into my MIB, downloaded the newest cert on there, went to the website https://www.sslshopper.com/ssl-converter.html and used the cert I just downloaded and the SSL key and got my .pfx file. I uploaded .pfx file to webserver and added to my site.
so my site, https://troll-ed.com works now but some parts of the site do not show up, it says some parts are not secure
I am using a wordpress site on a windows box
okay so I fixed the issue. My site https://troll-ed.com had other links which were not https, therefore since my browser is setup to not display mixed content
so my sites are now HTTPS and resolving correctly using a DDNS redirect
so to recap, I installed MIB, uploaded a redirect to the default directory in MIB for troll-ed.com
that redirect pointed to my DDNS domain pern.duckdns.org:8083
installed certs on my domain troll-ed.com
also added my DDNS domain pern.duckdns.org to MIB and pointed DDNS domain to MIB and installed cert
opened port on router
downloaded cert .pem file and sslkey from /home/user-data/ssl/ for pern.duckdns.org
converted both files to .pfx using ssl converter and uploaded to windows webserver
set bindings to point to webserver to 8083 and pointed .pfx cert to website
went into website and made sure all content and links were HTTPS and voila! it works!!!
this can be closed
@pern seems you didn’t tock into account what will happens at let’s Encrypt certificate renewal time …
- Your box.yourdomain.com will get automatically renewed at <14 days to due date
- Your BOX will not renew your main yourdomain.com and subdomain.yourdomain.com because they are pointing to an external server IP then your manually copied certificate for them will expire and will not be renewed.
The way you need to go is:
- Create your MIAB as new.
- Before to ask for the let’s Encrypt certificate through your MiaB admin panel add the needed custom DNS A records, for your main & yourdomain.com and other subdomain(s), normally www.yourdomain.com, pointing them to the ‘other’ server IP address.
- Now is the moment to call for the certificate through MiaB… And only a certificate for box.yourdomain.com will be issued.
- In your other server, where you plan to host your wordpress, install Let’s Encrypt/ Cerbot and ask for the needed certificates for your main yourdomain.com and subdomain.mydomain.com from the real server where your Wordpress web app. will be served.
Hope this helps.
thanks for this
but one caveat is that certbot is not compatible with windows hosting so I will not be able to use it in your workflow
do you have another alternative?
when it is time to renew the cert, I will have to do the same process above by pointing ddns to my MIB and renew cert. any other ideas?
Just google about Let’s encrypt for Winndos IIS or search at let’s Encrypt documentation section for the right/ available client(s).
BTW to start-up you may wish to watch this youtube about, too. Hope this helps.