Sounds like Let’s Encrypt support has been included in the docker beta, can it get pushed to the community and pro builds.
You can use nginx or apache to serve Seafile. Those two support any own certificates
I am using Let’s Encrypt with nginx, but it would have been easier if it was an install or server admin option versus a manual cli install. I assume the reason it’s included with the docker is because it provides more of a turnkey “out of the box” experience. Self signed certs are definitely less desirable…
Please advise on how to proceed using letsencrypt certbot with seafile server via apache server. The letsencrypt authorization is failing:
Failed authorization procedure. server.a.b (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge.
You should in the future make a new thread when you change the subject. Googling the error suggests to me that you are running certbot in standalone mode, while you should be running it in apache mode. We can confirm this if you give more info: what operating system? what command did you run?
Use this site to get the correct instructions for Apache with your operating system: https://certbot.eff.org/ .
I did run in apache mode…
The command was:
certbot --apache -d mydomain.com
Apparently it needs modifications because seafile uses a reverse proxy, and perhaps also perhaps because my domain is behind Cloudflare. I’m running Debian jessie. Anyway after struggling a lot with this setting up rules for apache conf for the reverse proxy, I ended up using certbot in manual mode using TXT file authentication. The command is:
certbot -d mydomain.com --manual --preferred-challenges dns certonly
That tutorial may be useful for you https://forum.seafile.com/t/tutorial-for-using-free-ssl-tls-certificates-provided-by-letsencrypt/215
Hard to believe that this is still not integrated into the CE version especially since encryption is vital and many user issues arise with the manual Nginx config. Anything done now is just way behind the curve…