Curtis_Aotea
TVWBB Member
OK - spent a few hours last evening trying to get external https up and running, without much success.
Situation:
1. I already have a website/webserver up and running, with a fixed IP address.
2. It's proxied through Cloudfare for DNS only, running on a Pi4.
3. I use Let's Encrypt Certs for the website, and already have these autogenerated and renewing, and sitting in location:
4. The working files generated by my Let's Encrypt setup are: fullchain.cer, keystore.p12, mysite.org.nz.cer, mysite.org.nz.csr, certificate.pfx and mysite.org.nz.key.
I've tried copying the relevent certs and converting them to "der" format, in place of /etc/uhttpd.cert and /etc/uhttpd.key, however, when I port forward the set port to my Heatermeter, either it's still using the self-signed certs (hence I can't get in, since I've set strict HSTS on the certs themselves) or the webserver fails to come up due to incorrect certs altogether.
I've also tried hm-letsencrypt and fiddling with the associated scripts, however they generate certs (with 443 forwarded), but not working/valid ones for my site ("Issuer: Fake LE Intermediate x1"), which I presume has something to do with using Cloudflare for DNS services, including A, AA and CNAME records.
My question is: which of the working Let's Encrypt files need to be uploaded using the webinterface (or scp) in place of /etc/uhttpd.cert and /etc/httpd.key? And/or do they need to be converted to "der" format?
TLDR; I've done the hard part by having working Let's Encrypt certificates and a working HTTPS server, I just can't translate those certs to Heatermeter.
EDIT: solved as per script below.
Situation:
1. I already have a website/webserver up and running, with a fixed IP address.
2. It's proxied through Cloudfare for DNS only, running on a Pi4.
3. I use Let's Encrypt Certs for the website, and already have these autogenerated and renewing, and sitting in location:
/home/pi/.acme.sh/mysite.org.nz/cert files* |
4. The working files generated by my Let's Encrypt setup are: fullchain.cer, keystore.p12, mysite.org.nz.cer, mysite.org.nz.csr, certificate.pfx and mysite.org.nz.key.
I've tried copying the relevent certs and converting them to "der" format, in place of /etc/uhttpd.cert and /etc/uhttpd.key, however, when I port forward the set port to my Heatermeter, either it's still using the self-signed certs (hence I can't get in, since I've set strict HSTS on the certs themselves) or the webserver fails to come up due to incorrect certs altogether.
I've also tried hm-letsencrypt and fiddling with the associated scripts, however they generate certs (with 443 forwarded), but not working/valid ones for my site ("Issuer: Fake LE Intermediate x1"), which I presume has something to do with using Cloudflare for DNS services, including A, AA and CNAME records.
My question is: which of the working Let's Encrypt files need to be uploaded using the webinterface (or scp) in place of /etc/uhttpd.cert and /etc/httpd.key? And/or do they need to be converted to "der" format?
TLDR; I've done the hard part by having working Let's Encrypt certificates and a working HTTPS server, I just can't translate those certs to Heatermeter.
EDIT: solved as per script below.
Last edited: