(outdated) Tutorial for using free SSL/TLS certificates provided by "letsencrypt"


#41

Thanks for your answer.

So, i did what you said…
When i’m trying to go on mydomain.fr i’ve got an “The connection failed” because it transformed automatically to https… but if i force the http, i’m getting “The connection was reset” error, and seafile is still accessible on port 8080.
Is it good?

Subsidiary question: how do i get rid of fastcgi if it’s going to make me some trouble?

(Thanks again for your help :slight_smile:, i’ll do next steps tomorrow! :slight_smile:)


#42

The manual is also deprecated on switching from fastcgi when using an alternate port. I’ve come up with a solution for that one too, but let’s get your certificate first. :slight_smile:

So, you have a rewrite to https… We may need to disable that rewrite. I had trouble with certbot when I had a rewrite from port 80. Better to just let it do its thing on port 80. I don’t see that in your NGinx file, so I’m going to assume that your browser has “learned” that when you go to that domain that it’s supposed to go to https. Since that’s the case, you should be fine, especially if you got the connection was reset when you forced it.

Now that you have verified that, we are ready to get your new signed certificate.

Simply run:
sudo certbot-auto --nginx.


#43

Alternatively, you can PM me your domain and I can try hitting it from my side since I’ve never entered your server in my browser before.


#44

And one last thing we need to keep in mind. Your Nginx version is now categorized as a legacy version. When we get everything running and taken care of, I highly advise updating it to the latest stable version, 1.12.2. There have been some major security fixes and bug fixes since 1.10.


#45

Hi !

Thanks for your answer!
So i tried… and it gives me back the same error…

I’ll PM you so we can discuss maybe more easily and with the “real” domain ! If we resolve the issue, i’ll post back on this forum so people could have the answer if they’re encountering the same issue! :slight_smile:


#46

Actually, it would be better to open a new thread with the solution. I will also be working with someone to get the manual updated. I spoke with him today.


#47

Sure, i’ll open a new thread when we’ll find the solution :slight_smile:


#48

No problem. Now that we have it working on your machine, just let me know when you’ve had the opportunity to open the thread. I’ll then go in and fill in the gaps with the procedure.


#49

Sure, i’ll open the new thread probably tomorrow, but now that we saw that the major issue was “only” the IPv6 on my domain, is it not better to write it here?


#50

No… This thread was originally started as a tutorial back in Aug 2016, several months before the security issue came up. Putting it in another thread would be better for several reasons, up to and including the age of this thread.


#51

Outdated !! can’t I use this guide to generate valid and accepted by all current browsers ?? I am using CE 6.3.4 and I have configured SSL using manual https://manual.seafile.com/deploy/https_with_nginx.html but it is not recognize by any browser. Pls give any other tutorial link. Thanks in advance,


#52

you must use let’s encrypt to have valid certificates

service nginx stop
apt-get update && apt-get upgrade

cd /tmp
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help all

./certbot-auto --help
./certbot-auto certonly --standalone --rsa-key-size 4096

Exemple
server {
listen 443 ssl;
server_name www.site-name.fr;
ssl_certificate /etc/letsencrypt/live/site-name.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site-name.fr/privkey.pem;


}

service nginx restart