Certificate SSL Letsencrypt with wilcards crash ldap

letsencrypt
v7

(enrico) #1

NethServer Version: NethServer Enterprice release 7.5.1804
Module: pop3 ldap

Good Evening
i create a certificate with wilcards from the site www.sslforfree.com and site use Letsencrypt
i import this certifcate in Nethserver
yesterday my server update and crash ldap and the user is empty
Your helpdesk respond the problem the certificate …
There is a solution for create certificare whit wilcards in the NethServer Enterprice

Thank you very mutch
The software is fantastic

Compliments italian people


(Markus Neuberger) #2

Hi @oenrico,

There’s a solution in the wiki:

https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns


(enrico) #3

thank you very mutch


(Dan) #4

…and there’s an updated version (with RPM-y goodness) here.

Edit: It would probably be good to give some background. In order to obtain a wildcard cert from Let’s Encrypt, you need to use DNS validation–the “normal” HTTP validation that Neth does by default isn’t adequate for a wildcard cert. For this to be practical (i.e., allow automation), your DNS host needs to have an API that lets you make updates to your DNS records automatically.

If your DNS host does this (like Cloudflare, for example), I’ve written up a different process you could use. That process involves using the acme.sh client, which is a shell script that will obtain and renew your cert(s). The intent of the writeup I just linked to is to let you get certs for servers that aren’t directly exposed to the Internet, but it’s still DNS validation–the same technique will work just fine for wildcard certs.

If your DNS provider doesn’t have a supported API (or you don’t want to use that API, because compromise of those credentials could result in your losing control of your domain entirely), you can use acme-dns instead. acme-dns will let you run your own DNS server with an API, which will only serve the TXT challenge records that Let’s Encrypt uses. This will let you do DNS validation (and therefore get wildcard certs) with just about any DNS host.


(enrico) #5

the problem is import ssl create for site www.sslforfree.com and the certificate is ok NethServer crash ldap when the Nethserver updating

Now i create certificate with normal procedure for nethserver and ldap crash because the certifcate preferred is ssl create for site www.sslforfree.com
For fix problem settting preferred certificate ssl nomal procedure ldap is start

Sorry for my english

This is a bug