Valid https certificate

How to have a valid certificate recognized by the browser? as this one is concidered as being dangerous by the browser

You can require a Let’s Encrypt certificate (you have to point a DNS name to your public IP and open port 80). This is not a valid certificate for IP address but only for the host name.
Or you can buy a certificate from a CA.

1 Like

You have 2 options: buy a certificate from an offcial certificate vendor (for instance Verisign) A 2nd option is to use a letsencrypt certificate. That is free and implemented in NethServer.

/edit: lol @federico.ballarini posted at the same time… same message… :wink:

1 Like

I choose option 2, how do I do it?

You can read the docs and require the certificate as explained here.

It’s not very clear

First of all, you need to point a DNS name to your public IP and open port 80 from your router to your Nethserver.
Then you can go on Server Certificate page and “Require a Let’s Encrypt Certificate” with the specific button.

1 Like

And if I do not have the opportunity to point my dns on a public ip, how do I do?

Why can’t you point to your dns on a public IP? If it is because you have an internet connection on a dynamic IP address, you can use dynamic dns. There are several (free) services where you can connect your domain to a dynamic ip address.
If you have a server behind a firewall with only a pricate IP address, you need to configure some kind of portforwarding (and reverse dns).

Can I specify my DNS on a public IP address from the router?

Why did you post two threads with the same question?

To get a Let’s Encrypt cert using the server manager, a few conditions must be met:

  • You must own/control a real, public domain.
  • Public DNS records must be published, pointing that domain to your IP address.
  • From the Internet, your domain name is reachable on port 80 and goes to your Neth server.

If those are true, getting the Let’s Encrypt cert is simply a matter of filling out the form in the server manager.

If either (or both) of the latter are not true, you may be able to get a cert using DNS validation instead. See:

There’s actually a third: Buypass is a Norwegian CA who offers free certs using the ACME protocol as well. Their certs have a longer lifetime (180 days, IIRC), but I don’t see any particular reason to prefer them over Let’s Encrypt–but it is another option.

1 Like