Forum

TLScertFile & letsencrypt

sascha
1 December 2018, 17:49
hi,
i use debian with iredmail (redirect to https) + i try to install wordpress in var/www/hiawatha/blog,

i succeeded to make letsencrypt files but hiawatha says privkey not found or 509x cert not found.
this is not working:
TLScertFile = /etc/letsencrypt/live/mydomain. com/privkey. pem
i changed privkey with chain, fullchain, cert.pem but all was wrong, refused by hiawatha.
so, i had to # 443 and to use port 80, but iredmail redirect to 443 and i cant install wordpress. annoying.
sascha
2 December 2018, 20:46
I tried and this command and again, journalctl - xe said when i restart hiawatha: no x509 cert was found in /etc/ssl/private/privmat.net.key

openssl genrsa -out privmat.net.key 2048

openssl req -new -x509 -key privmat.net.key -out privmat.net.cert -days 3650 -subj /CN=privmat.net
Hugo Leisink
2 December 2018, 20:47
Did you use the Normal and TLS bindings HOWTO?
sascha
3 December 2018, 15:27
my experience was because the keys were not all present, after a lot of hassle i gave up doing this manually and started using the letsencrypt tool supplied with hiawatha

sascha
3 December 2018, 21:08
this above is not sascha that created topic.
i checked my pem file, it starts with private rsa keys and after that sertificate, so, it is ok, hiawatha - k = ok, netstat tpln shows hiawatha 443 port, when i type website in chrome, it says no connection. it is not working but in terminal, all is ok.
GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 1000
ConnectionsPerIP = 25
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log


# BINDING SETTINGS
# A binding is where a client can connect to.
#
#Binding {
# Port = 80
#}
#
Binding {
Port = 443
# TLScertFile = /etc/ssl/private/privmat.net.key
TLScertFile = privmat.net.pem
# RequireTLS = yes
Interface = 127.0.0.1
MaxRequestSize = 2048
# TimeForRequest = 30
TimeForRequest = 5, 30
}

#BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
BanOnSQLi = 60
BanOnFlooding = 10/1:15

# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications.
#
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi
#
FastCGIserver {
FastCGIid = PHP7
ConnectTo = /run/php/php7.0-fpm.sock
Extension = php
}


# VIRTUAL HOSTS
# Use a VirtualHost section for each website you want to host.
#
VirtualHost {
Hostname = privmat.net;
WebsiteRoot = /var/www/hiawatha/privmat
StartFile = index.html
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
#}

#VirtualHost {
Hostname = ospok.privmat.net;
WebsiteRoot = /v, ar/www/hiawatha/ospok
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
RequireTLS = yes
StartFile = index.php
ExecuteCGI = yes
TimeForCGI = 5
UseFastCGI = PHP7
PreventCSRF = yes
PreventXSS = yes
PreventSQLi= yes
# UseToolkit = banshee
# UseDirectory = static, files
#}

#VirtualHost {
Hostname = predicsasa.com;
WebsiteRoot = /var/www/hiawatha/aboutme
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
StartFile = index.html
#}

#VirtualHost {
Hostname = blog.predicsasa.com;
WebsiteRoot = /var/www/hiawatha/newblog
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
StartFile = index.php
ExecuteCGI = yes
TimeForCGI = 5
UseFastCGI = PHP7
PreventCSRF = yes
PreventXSS = yes
PreventSQLi = yes
#}

#VirtualHost {
Hostname = oldblog.predicsasa.com;
WebsiteRoot = /var/www/hiawatha/oldblog
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
StartFile = index.php
ExecuteCGI = yes
TimeForCGI = 5
UseFastCGI = PHP7
PreventCSRF = yes
PreventXSS = yes
PreventSQLi = yes
#}

#VirtualHost {
Hostname = photo.predicsasa.com;
WebsiteRoot = /var/www/hiawatha/photo
StartFile = index.html
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
#}

#VirtualHost {
Hostname = mylife.predicsasa.com;
WebsiteRoot = /var/www/hiawatha/mylife
StartFile = index.html
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
#}

#}

#VirtualHost {
Hostname = porodin.predicsasa.com;
WebsiteRoot = /var/www/hiawatha/porodin
StartFile = index.html
AccessLogFile = /var/log/hiawatha/access.log
ErrorLogFile = /var/log/hiawatha/error.log
RequireTLS = yes
}
Hugo Leisink
9 December 2018, 14:50
Run your website without HTTPS first and request a certificate via Let's Encrypt. Hiawatha comes with a script for that (see the extra/letsencrypt directory in the source package). Use that key/certificate file to setup HTTPS.
Allowed BBcodes:
[quote]
[code]
[config]
[url]
[color]
[size]
[img]
[b]
[i]
[u]
[s]
[list]
[ul]
[ol]
[*]