Change favorite certificate CLI

https
v7

(Federico Ballarini) #1

NethServer Version: 7.4
Module: Server Certificate

Hi,
how can I change Nethserver favorite certificate from command line?
I am writing a script, because NS doesn’t update certificates if there is a proxy pass set for this domain…
And how often I have to update certs?

Thanks.

P.S. An OT question… NS 7.5 is released for testing or I can update on production servers?


(Markus Neuberger) #2

Here are some docs:
http://docs.nethserver.org/projects/nethserver-devel/en/v7/certificate_management.html

Here is a discussion about cert scripting:


(Federico Ballarini) #3

Thank you so much


(Davide Principi) #4

Did you update the nethserver-httpd-proxypass package to latest version? It should allow virtual host reverse proxy with a local LE certificate… If it does not work it’s a #bug!

See

http://docs.nethserver.org/en/v7/proxy_pass.html#reverse-proxy

And also


(Federico Ballarini) #5

If I use this and not a .conf file NS is able to update https certs?


(Davide Principi) #6

Yep! Certificates are updated by certbot (letsencrypt)


(Federico Ballarini) #7

Now i have a .conf file. Why it doesn’t update letsencrypt certs?


(Davide Principi) #8

It probably blocks the LE challenge path. Look at


(Federico Ballarini) #9

Thanks. I will try with NS httpd-admin.
Thank you so much.


(Davide Principi) #10

I can’t assert it’s a good test case :face_with_raised_eyebrow: I’d rather try with roundcube or a static web site…


(Federico Ballarini) #11

Sorry… I will try to remove .conf file and put info in NS httpd-admin


(Federico Ballarini) #12

A question… do you think that I have to “Accept invalid SSL certificate from target”?
In my project I don’t want to update SSL internal server certificates…
@davidep I hope in your advice… thanks.


(Davide Principi) #13

If you don’t fear MITM attacks why not… In LAN can be acceptable also clear text protocol.