How to have a valid certificate recognized by the browser? as this one is concidered as being dangerous by the browser
You can require a Let’s Encrypt certificate (you have to point a DNS name to your public IP and open port 80). This is not a valid certificate for IP address but only for the host name.
Or you can buy a certificate from a CA.
You have 2 options: buy a certificate from an offcial certificate vendor (for instance Verisign) A 2nd option is to use a letsencrypt certificate. That is free and implemented in NethServer.
/edit: lol @federico.ballarini posted at the same time… same message…
I choose option 2, how do I do it?
You can read the docs and require the certificate as explained here.
It’s not very clear
First of all, you need to point a DNS name to your public IP and open port 80 from your router to your Nethserver.
Then you can go on Server Certificate page and “Require a Let’s Encrypt Certificate” with the specific button.
And if I do not have the opportunity to point my dns on a public ip, how do I do?
Why can’t you point to your dns on a public IP? If it is because you have an internet connection on a dynamic IP address, you can use dynamic dns. There are several (free) services where you can connect your domain to a dynamic ip address.
If you have a server behind a firewall with only a pricate IP address, you need to configure some kind of portforwarding (and reverse dns).
Can I specify my DNS on a public IP address from the router?
Why did you post two threads with the same question?
To get a Let’s Encrypt cert using the server manager, a few conditions must be met:
- You must own/control a real, public domain.
- Public DNS records must be published, pointing that domain to your IP address.
- From the Internet, your domain name is reachable on port 80 and goes to your Neth server.
If those are true, getting the Let’s Encrypt cert is simply a matter of filling out the form in the server manager.
If either (or both) of the latter are not true, you may be able to get a cert using DNS validation instead. See:
There’s actually a third: Buypass is a Norwegian CA who offers free certs using the ACME protocol as well. Their certs have a longer lifetime (180 days, IIRC), but I don’t see any particular reason to prefer them over Let’s Encrypt–but it is another option.