Change favorite certificate CLI


(Federico Ballarini) #1

NethServer Version: 7.4
Module: Server Certificate

how can I change Nethserver favorite certificate from command line?
I am writing a script, because NS doesn’t update certificates if there is a proxy pass set for this domain…
And how often I have to update certs?


P.S. An OT question… NS 7.5 is released for testing or I can update on production servers?

(Markus Neuberger) #2

Here are some docs:

Here is a discussion about cert scripting:

(Federico Ballarini) #3

Thank you so much

(Davide Principi) #4

Did you update the nethserver-httpd-proxypass package to latest version? It should allow virtual host reverse proxy with a local LE certificate… If it does not work it’s a #bug!


And also

(Federico Ballarini) #5

If I use this and not a .conf file NS is able to update https certs?

(Davide Principi) #6

Yep! Certificates are updated by certbot (letsencrypt)

(Federico Ballarini) #7

Now i have a .conf file. Why it doesn’t update letsencrypt certs?

(Davide Principi) #8

It probably blocks the LE challenge path. Look at

(Federico Ballarini) #9

Thanks. I will try with NS httpd-admin.
Thank you so much.

(Davide Principi) #10

I can’t assert it’s a good test case :face_with_raised_eyebrow: I’d rather try with roundcube or a static web site…

(Federico Ballarini) #11

Sorry… I will try to remove .conf file and put info in NS httpd-admin

(Federico Ballarini) #12

A question… do you think that I have to “Accept invalid SSL certificate from target”?
In my project I don’t want to update SSL internal server certificates…
@davidep I hope in your advice… thanks.

(Davide Principi) #13

If you don’t fear MITM attacks why not… In LAN can be acceptable also clear text protocol.