I have a big problem securing my Gitlab CE using SSL.
I've tried many tutorials and now I have the following status:
with external_url='http://example.com:8090' everything works fine.
If I changeexternal_url='https://example.com:8090' I can't access Gitlab.
My gitlab.rb file has been changed according these tutorials.
I have a .crt and a .key file.
I have added these files in my etc/gitlab/gitlab.rb file, I have also enabled redirect_http_to_https option and so on.
My server is unning on Ubuntu 16.04 + Plesk 17.
I appreciate every help :)
Related
I've just done a fresh install of Ubuntu 20.04 and followed the Digital Ocean instructions to get my apache server up and running:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04
Which worked fine for HTTP traffic, then I used the Digital Ocean instructions (which I knew, but followed them anyway) to set up for SSL (https) access:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04
I selected the option to redirect all traffic to https. I opened my firewall using sudo ufw allow 'Apache Full'.
But I am unable to see my sites - the browsers just timeout. I have tried disabling ufw just to see, and nope, nothing.
SSL Labs just gives me an "Assessment failed: Unable to connect to the server" error.
I also ran https://check-your-website.server-daten.de/?q=juglugs.com
and it timed out:
I have deleted the letsencrypt stuff and ran through it again three times with the same result, and now I'm stuck...
Everything I've searched points to a firewall error, but as I've said, I've disabled that and have the same result. The router settings have not been changed since I did my fresh Ubuntu install.
Any help gratefully received.
Thanks in advance.
on8tom answered this one for me - In setting up the new build of Ubuntu, my local IP address for the apache server had changed, and my Virgin Media Hub only had port 443 open to the old IP address.
Many thanks for pointing me at that (but I should have checked that before posting this - kicking myself!)
I am using Mamp Pro 5 and last week I can set up and using SSL by generated a self-signed certificate.
But today when I am trying to start server again, it is doesn't work anymore. I checked on log files and it said : [Sat Oct 12 13:36:58 2019] [error] (1)Operation not permitted: Init: Can't open server certificate file (path to file)/uf.o.crt
Please let me know how to fix this.
Thanks
This is a screenshot of error log.
Move the SSL certificates into the default MAMP certificates folder:
/Applications/MAMP/Library/OpenSSL/certs/
I have experienced the same problem after upgrading MacOS 10.15 Catalina to build 19A602 (security updates from yesterday). I used to store self created SSL Certs in my user folder and apache could not be started any more.
After moving all .crt and .key files into the folder where MAMP itself stores it's automatically generated certificates (which is /Applications/MAMP/Library/OpenSSL/certs) the problem was gone.
Of course you will have to check every single host and re-link certificate files (marked with a red exclamation mark) to make it work - but no need to completely uninstall MAMP
Usually this problem appears after upgrading MacOS.
Disable Apache
Disable SSL in MAMP
Start Apache
Disable Apache
Enable SSL in MAMP and generate new SSL certificate
Start Apache
It works for me :)
I just solved it by myself and I also got this solutions from developers after I solved it.
What I did is just full uninstall Mamp and try to install it again.
That's all fixed.
I had similar issue and solved this by moving my all projects under my home folder. SSL certificates were regenerated (I use MAMP Pro and prefer to keep ssl certs under my projects for development purpose)
With MAMP PRO 6, certificates are managed by MAMP. I had a problem with a certificate that was expired. I simply deleted the host and recreated the host afterwards. MAMP has generated new certificates and everything is ok.
I'm having issues with TLS enabling in Mattemost. In my server I configured a lot of virtualHosts plus the mattermost files. In http everything was working fine.
Today I tried to setup TLS and https. I followed the instuctions as in https://docs.mattermost.com/install/config-tls-mattermost .html. Now I get this:
Please notice the error: I'm trying to access domain1.mywebsite.com and the error is "its security certificate is signed by domain2.mywebsite.com". domain2.mywebsite.com is one of the websites configured as virtualhosts in apache.
I did not configure any virtualhost for Mattermost, since I don't thing any is needed (and it worked flawlessly without one, and without TLS). But how can I tell mattermost (or the browser?) that the server of domain2.mywebsite.com is the same of domain1.mywebsite.com?
I generated the certificates using letsencrypt with the standalone option (sudo certbot certonly --standalone -d domain1.mywebsite.com) and didn't move any file, just enabled "UseLetsEncrypt": true, in config.json file.
Do you happen to have any idea about how I could fix this?
Thank you
Marco
You'll need to configure TLS on Apache. You'll needs to use separate certificates for each virtual host.
Here is information that might help you: https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Don't configure TLS on Mattermost if TLS is being handled by the proxy.
I am on a very newby level when it comes to AWS and SSL.
I got an SSL from GoDaddy. After that I generated the .csr file on AWS and I got an elastic IP. I created a subdomain on godaddy sub.mydomain.com that points to that IP.
I installed the certs following the instructions a found online, but now I get an error. I've tried installing apache2 on the EC2 and rebooting the instance but no luck yet.
Is there a way to remove the SSL cert or Fix the issue? When I got the SSL from GoDaddy, the zip had 2 files and ran the following command to install them:
sudo java -jar lib/ace.jar import_cert gd_bundle-g2-g1.crt gdroot-g2.crt sfroot-g2.crt 54581acbeba8a74e.crt
System said the certs were installed but now as I get that error, on the EC2 we have a unifi controller and we want to get that SSLrunning to accept payments for the hotspot.
I had the same issues my controller is hosted on an EC2 instance.
Check your system.properties which sits in /var/lib/unifi/ open the file with vim or your text editor of choice.
Have a look at your HTTPS options, the important ones are the ciphers and protocols.
The Protocols you need are TLSv1 and potentially SSLv2Hello there should be no other SSL protocols in there.
The Ciphers you ideally want are TLS, so for example TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA
If you are having issues throw them all in, CAUTION! only use this in a demo /test environment.
unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
Remember once you have edited the system.properties you need to restart the controller.
sudo service unifi restart
Lots of help on the Unifi page
UniFi - SSL Certificate Error
UniFi - Explaining the config.properties File
UniFi - system.properties File Explanation
I just upgraded from ISPConfig 3.0 to 3.1.2 on Debian 7.
According to the Changelog, Let's Encrypt is now supported.
However, I don't see any Let's Encrypt specific options. I can create an SSL certificate from the SSL tab of a Website, but accessing the domain using https:// results in the following error in Chrome:
This site can’t provide a secure connection.
Is Let's Encrypt only available for new (clean) installations?
- or will the proper options emerge if I install e.g. CertBot or some other package?
It seems CertBot has a plugin for Apache that automates everything, but I'm worried ISPConfig and CertBot will conflict when both trying to control configuration files.
Thanks in advance for any guidance.
Jimmy
I realized that HowToForge would be the ideal place to ask. Here is the response I received from Till Brehm:
"1) You have to install certbot and just certbot, no certbot apache plugin. and do not create ssl certs with certbot at install time, when it asks for that, choose cancel.
2) then login to ispconfig, go to the website settings amd emable the checkbox labeled "Letsencrypt" which is on the first tab of the site settings. The SSL tab is not used for letsencrypt."
It worked just the way he said.
https://www.howtoforge.com/community/threads/ispconfig-lets-encrypt-not-available-after-upgrade.75540/#post-355688