Hey there, I looking for a way to install a custom ssl certificate for my webserver, someone that can help me?
Hi Ronald,
this link could help you:
http://docs.nethserver.org/projects/nethserver-devel/en/stable/certificate_management.html#install-a-custom-certificate
I did it thanks. Another question, is it possible to install multiple certificates?
Think not, but can you explain me your purpose?
I want to have different sub-domains with ssl certificates for each one example:
Or do I need a wildcard certificate?
To use different certs for different websites on one IP you need SNI support on the browser (no longer an issue since some years: https://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm)
I didn’t test a similar configuration, but I think you could use different certificates for different virtualhost, but only if when creating them in /etc/httpd/conf.d/.
If your second level domain is always the same, I think you’ll prefer a wildcard cert (lower cost and many certs, but that could change with letsencrypt.org).
BTW, I’m usign a wildcard cert.
@rodmontgt in NethServer 7 we have improved this procedure with a dedicated panel
Hello,
I am also searching for how to install a custom certificate on Nethserver but the link that you mentioned is not working. could you please update me? I am very thankful to you.
Kind Regards,
Adnan
What do you believe you need to do with a custom certificate that you don’t think a Let’s Encrypt certificate will do? But if you do need one for some reason, the current manual for the current version (not the link for the five-year-old version given above) should answer your question:
http://docs.nethserver.org/en/v7/base_system.html#server-certificate
Hello @danb35,
Actually, my server is not open external traffic and Let’s encrypt certificate is available only for three months. After three months I opened my server for external traffic and updated the Let’s encrypt certificate. That’s why I am planing to buy an ssl certificate which remains valid for at-least two years.
Kind Regards,
Adnan
Hello @danb35,
Is it possible that I can update my let’s encrypt certificate for more than 3 months? If it’s possible then it will be really great.
Kind Regards,
Adnan
No, it isn’t, and it almost certainly never will be–if anything, the validity period could reduce.
Then you should instead consider one of my guides for using DNS validation:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns
From as far as I can tell you can not set the date to expire beyond the 3 months but you can set it to auto-renew. This would require you to either use the built in renewal tool but this requires you to have port 80 open and forwarded to your NS install. Alternatively, if you don’t want to or can’t expose those ports you can utilize acme-dns that automates this same process but does it in such a way that you do not need to open any ports to the internet.