Let's Encrypt Support

Mark_O_Polo · April 4, 2017, 6:17pm

Sounds like Let’s Encrypt support has been included in the docker beta, can it get pushed to the community and pro builds.

Jack · April 5, 2017, 4:41am

You can use nginx or apache to serve Seafile. Those two support any own certificates

Mark_O_Polo · April 5, 2017, 11:39am

I am using Let’s Encrypt with nginx, but it would have been easier if it was an install or server admin option versus a manual cli install. I assume the reason it’s included with the docker is because it provides more of a turnkey “out of the box” experience. Self signed certs are definitely less desirable…

droidzone · April 19, 2017, 3:30pm

Please advise on how to proceed using letsencrypt certbot with seafile server via apache server. The letsencrypt authorization is failing:

Failed authorization procedure. server.a.b (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge.

mhvis · April 19, 2017, 10:08pm

You should in the future make a new thread when you change the subject. Googling the error suggests to me that you are running certbot in standalone mode, while you should be running it in apache mode. We can confirm this if you give more info: what operating system? what command did you run?

Use this site to get the correct instructions for Apache with your operating system: https://certbot.eff.org/ .

droidzone · April 20, 2017, 8:48am

I did run in apache mode…
The command was:
certbot --apache -d mydomain.com

Apparently it needs modifications because seafile uses a reverse proxy, and perhaps also perhaps because my domain is behind Cloudflare. I’m running Debian jessie. Anyway after struggling a lot with this setting up rules for apache conf for the reverse proxy, I ended up using certbot in manual mode using TXT file authentication. The command is:

certbot -d mydomain.com --manual --preferred-challenges dns certonly

kostya49 · April 20, 2017, 9:24am

That tutorial may be useful for you https://forum.seafile.com/t/tutorial-for-using-free-ssl-tls-certificates-provided-by-letsencrypt/215

Mark_O_Polo · March 28, 2019, 1:57pm

Hard to believe that this is still not integrated into the CE version especially since encryption is vital and many user issues arise with the manual Nginx config. Anything done now is just way behind the curve…