MIB on AWS. set website redirect to a host on DDNS how to install the same certificate that was installed on MIB on the website host

pern · November 4, 2017, 5:16pm

First, thank you guys for creating such an easy and wonderful tool as MIB

backstory:

setup MIB on AWS EC2 instance. got it working, email works and got SSL certs installed

I have multiple domains and one of those domains, I host a website of a webserver in my house.

I use DDNS and use a redirect to point to my webserver

because my ISP blocks port 80 I have to use the redirect below to make it work on my previous DNS setup

> ** <FRAME SRC=‘http://pern.servebeer.com:8082’ **

but now since I moved to MIB

this redirect works, but it defaults to https and gives users an error about loading unauthorized scripts

I realized that the same cert I am using on MIB needs to be installed on my webserver, how do I do this?

website in question is https://troll-ed.com

alento · November 6, 2017, 12:32am

Copy the cert to the webserver.

pern · November 6, 2017, 12:51am

this is where I need help. where do I find the cert?

murgero · November 6, 2017, 7:44pm

Most likely /etc/letsencrypt/live/example.com?

alento · November 6, 2017, 10:24pm

/home/user-data/ssl/

Make sure you get the current one … all of the expired certs are stored in that directory as well.

alento · November 6, 2017, 10:26pm

This is where certbot-auto would put them, yes … but I do not believe that is how the integration with MiaB is set up …dunno. See my last post for the location within MiaB installs.

pern · November 7, 2017, 2:01am

so I imported the cert as pfx (windows hosting) and it doesnt work

I am using duckdns.org for DDNS

if i use the redirect link and I change it to https, it doesnt work

if I change it back to HTTP it doesn’t work. I get the error to load unsafe scripts

murgero · November 7, 2017, 3:40pm

Let me just eat my shoe, I guess it’s not lol

pern · November 8, 2017, 5:57am

I found the correct .pem file, and I used a pem+ sslkey converter to convert it to pfx file and upload the .pfx to my windows webserver, and added it, but it doesn’t work. maybe this is where I need help, how do I convert the .pem and sslkey file into an usable .pfx file for windows

pern · November 8, 2017, 7:20am

ALRIGHT GUYS!!!

I figured it out

sort off, I still need help but here is what I did

so I added my ddns name to my MIB pern.duckdns.org and I went to duckdns control panel, and I pointed pern.duckdns.org to my MIB ip address.

once DNS updated, MIB was able to provision a certificate to pern.duckdns.org using the cert tool within it

so I went into my MIB, downloaded the newest cert on there, went to the website https://www.sslshopper.com/ssl-converter.html and used the cert I just downloaded and the SSL key and got my .pfx file. I uploaded .pfx file to webserver and added to my site.

so my site, https://troll-ed.com works now but some parts of the site do not show up, it says some parts are not secure

any ideas?

I am using a wordpress site on a windows box

pern · November 8, 2017, 7:41am

okay so I fixed the issue. My site https://troll-ed.com had other links which were not https, therefore since my browser is setup to not display mixed content

so my sites are now HTTPS and resolving correctly using a DDNS redirect

so to recap, I installed MIB, uploaded a redirect to the default directory in MIB for troll-ed.com
that redirect pointed to my DDNS domain pern.duckdns.org:8083

installed certs on my domain troll-ed.com

also added my DDNS domain pern.duckdns.org to MIB and pointed DDNS domain to MIB and installed cert

opened port on router

downloaded cert .pem file and sslkey from /home/user-data/ssl/ for pern.duckdns.org

converted both files to .pfx using ssl converter and uploaded to windows webserver

set bindings to point to webserver to 8083 and pointed .pfx cert to website

went into website and made sure all content and links were HTTPS and voila! it works!!!

this can be closed

just4t · November 8, 2017, 10:11am

@pern seems you didn’t tock into account what will happens at let’s Encrypt certificate renewal time …

Your box.yourdomain.com will get automatically renewed at <14 days to due date
Your BOX will not renew your main yourdomain.com and subdomain.yourdomain.com because they are pointing to an external server IP then your manually copied certificate for them will expire and will not be renewed.

The way you need to go is:

Create your MIAB as new.
Before to ask for the let’s Encrypt certificate through your MiaB admin panel add the needed custom DNS A records, for your main & yourdomain.com and other subdomain(s), normally www.yourdomain.com, pointing them to the ‘other’ server IP address.
Now is the moment to call for the certificate through MiaB… And only a certificate for box.yourdomain.com will be issued.
In your other server, where you plan to host your wordpress, install Let’s Encrypt/ Cerbot and ask for the needed certificates for your main yourdomain.com and subdomain.mydomain.com from the real server where your Wordpress web app. will be served.

Hope this helps.

pern · November 8, 2017, 4:56pm

thanks for this

but one caveat is that certbot is not compatible with windows hosting so I will not be able to use it in your workflow

do you have another alternative?

when it is time to renew the cert, I will have to do the same process above by pointing ddns to my MIB and renew cert. any other ideas?

just4t · November 9, 2017, 12:08am

Just google about Let’s encrypt for Winndos IIS or search at let’s Encrypt documentation section for the right/ available client(s).
BTW to start-up you may wish to watch this youtube about, too. Hope this helps.