Koozali.org: home of the SME Server

ssl certificate managment

Offline ve3ore

  • 4
  • +0/-0
ssl certificate managment
« on: February 27, 2022, 09:14:28 PM »
I have been using SME server for many years but am not an Unix skilled person.

On my locally hosted website I have used, in the past, Veriosn 9,  a nice contribs add-in panel to assist with certificate management. I am now running Version 10 and am lost as to how to upgrade my Gandi supplied certificate without this tool.

Can anyone recommend a straightforward tool for this,  or even a step-by-step tutorial?

I understand the procedure for obtaining new certificates etc but I do not know how to install them in the new version 10 manually.  Any help or suggestions would be gratefully received.

Andy B

Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #1 on: February 27, 2022, 09:58:04 PM »
So obvious question, what was the sme9 contrib? it may have been migrated to sme10
--
qui scribit bis legit

Offline ve3ore

  • 4
  • +0/-0
Re: ssl certificate managment
« Reply #2 on: February 27, 2022, 10:42:07 PM »
First, Thanks for the response Terry.

The contrib was called "Smeserver-certificate for SME Server 8 and 9" and was written by Stéphane de Labrusse AKA Stephdl

https://wiki.koozali.org/Certificate_ssl_management

Unfortunately, there is a note at the bottom which I believe indicates it's no longer functional.

ID   Product   Version   Status   Summary
11604   SME Contribs   10.0rc   CONFIRMED   panel is ignoring services

In the meantime, my current certificate expires in March.


Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #3 on: February 27, 2022, 11:14:39 PM »
OK, so looking at the bug seems a relatively straightforward update to get it functional with sme10..

Highlights our constant talk of manpower needs..and testing and verifying..nag mode off

Hopefully it may be done in time, means other work has to be stopped, you get the idea, fingers crossed
--
qui scribit bis legit

Offline Mophilly

  • ****
  • 381
  • +0/-0
    • Mophilly
Re: ssl certificate managment
« Reply #4 on: February 28, 2022, 12:12:31 AM »
A manual install is not hard, but facility with command line is needed. Most certificate sellers provide instructions organized by platform. In the case of SME 10 the platform is Centos 7.

I can help you with a manual install of the certificate, either walk you through it or do it for you.

Drop me a private message to coordinate your details if you want.
« Last Edit: February 28, 2022, 01:08:28 AM by Mophilly »
- Mark

Offline ve3ore

  • 4
  • +0/-0
Re: ssl certificate managment
« Reply #5 on: February 28, 2022, 02:54:18 AM »
Terry and Mark, thank you both for your reply’s I really appreciate your kind responses.

Terry, I believe if this can be fixed for version 10 it would be very usefull. It was of great value to me since it was published and I suspect other users who are not Unix gurus or security specialists. I suspect anyone running a website on SME Server today should probably have commercial certificates installed and so could benefit. It seems to be an annual task.

Mark, thanks for your kind offer.  I will get the new certificate in hand and also the other two key certificates so that I am ready regardless. Then I will try and see if I can find any published instructions for Centos 7 that I feel confident with. If I can’t get going that way I will reach out to you Terry.

Thanks once again to both of you.

Andy

Offline Jean-Philippe Pialasse

  • *
  • 2,164
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: ssl certificate managment
« Reply #6 on: February 28, 2022, 02:59:55 AM »
I have been a gandi client for years (up untill this year when I moved my last domain to ovh).
I used to use their free ssl certificate, but honestly you should move to let’s encrypt certificate.

Only reason to keep another source of certificate would be one with an insurance for money transactions which is mot provided by Gandi.

So while it would be a food idea to port the contrib and update it to be better, i suggest you to test the let’s encrypt one. 


Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #7 on: February 28, 2022, 03:02:31 AM »
no probs, give a shout out to Mophilly if needed, I know he has done this task a few times

and yes letsencrypt is way of the world now, and we have a contrib to look after :-)
--
qui scribit bis legit

Offline ve3ore

  • 4
  • +0/-0
Re: ssl certificate managment
« Reply #8 on: March 01, 2022, 06:21:57 PM »
Thanks for your comments, everyone.

I am happy to report that with the help of FileZilla I was able to get a clearer picture of the locations for my certificates and able to effect the installation of new certificates which seem to be working OK.

Jean-Philippe  …    I did like the idea of Lets Encrypt and I read the WIKI re this however I ran into a roadblock at step one when:

yum install smeserver-letsencrypt --enablerepo=smecontribs

resulted in a no file found.

Anyway, I am good for another year so have lots of time to reinvestigate this later.

Thanks again for the responses

Andy

Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #9 on: March 02, 2022, 03:38:26 AM »
Jean-Philippe  …    I did like the idea of Lets Encrypt and I read the WIKI re this however I ran into a roadblock at step one when:

yum install smeserver-letsencrypt --enablerepo=smecontribs

resulted in a no file found.

Caught us on the hop..change that needed wiki updating..

Should do the job # yum install smeserver-letsencrypt
If not found add #  --enablerepo=smeaddons
« Last Edit: March 02, 2022, 03:43:19 AM by TerryF »
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #10 on: March 02, 2022, 03:50:49 AM »
https://wiki.koozali.org/Certificate_ssl_management

Has been migrated to the sme10 dev tree, not yet suitable for prod use, under development, just means time, manpower etc to do it
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,164
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: ssl certificate managment
« Reply #11 on: March 02, 2022, 04:26:28 AM »
Caught us on the hop..change that needed wiki updating..

Should do the job # yum install smeserver-letsencrypt
If not found add #  --enablerepo=smeaddons
good update
still smeaddons is always enabled by default so should still be available. 

Offline TerryF

  • grumpy old man
  • *
  • 1,717
  • +2/-0
Re: ssl certificate managment
« Reply #12 on: March 30, 2022, 11:21:57 AM »
updated smeserver-certificates contrib is in /smedev for testing, looks to be doing the job, just needs validating..

https://bugs.koozali.org/show_bug.cgi?id=11604
--
qui scribit bis legit