Hi
I have a 5304 and wanted to install a certificate for a Google Domain using let's encrpyt. If I install the certificate without it being set to default, the installation process runs fine. If I try to install it as default, it gives an error but ends up being installed after a fashion.
If I then browse my domain - steve-paul.org - I then get the following picture:
So far, so good. If I then click on the ADM or try to navigate direct to the NAS, it gives me an error on SSL and if I grant an exception, I receive the following:
From what I can see, the system is resorting to using the Asustor certificate instead of my Let's Encrypt certificate. I've set the Let's encrypt certificate to default repeatedly but anytime I go past the home screen, it seems that that certificate is ignored....
I can't see a way of removing the Asustor certificate hence none of my Apps such as PhotoPrism will work because obviously they can't get a secured connection to the service.
Any ideas? Maybe permissions have been messed up somehow?
Certificate error
-
- Posts: 18
- youtube meble na wymiar Warszawa
- Joined: Mon Mar 15, 2021 7:38 am
- Nazar78
- Posts: 2078
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Certificate error
It's still using Asustor's default cert. See if your installed cert is being checked as the default. Not sure of the error you encountered but I can install mine as default with no issue although I personally don't use this method for my certs because it doesn't support wildcards.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
- Posts: 25
- Joined: Fri Feb 19, 2016 2:10 am
-
- Posts: 18
- Joined: Mon Mar 15, 2021 7:38 am
Re: Certificate error
Thanks, I have now managed to get that all working, unfortunately a number of apps are only working IF I access the server via ipadress:port, instead of servername:port. An example of this is PhotoPrism or Netdata. PhotoGallery3 works fine so I'm left scratching my head.
The error message is
This site can’t provide a secure connection
domain sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I've checked all the obvious catches - time, date etc. Deleted Browser Cache, turned off the Firewall on My Mac, disabled ClamAv on the NAS. There's no proxy configured. All required ports are open. I've even tried allowing the server to be an exposed host. Nothing seems to work.Any clues or hints?
The error message is
This site can’t provide a secure connection
domain sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I've checked all the obvious catches - time, date etc. Deleted Browser Cache, turned off the Firewall on My Mac, disabled ClamAv on the NAS. There's no proxy configured. All required ports are open. I've even tried allowing the server to be an exposed host. Nothing seems to work.Any clues or hints?
- Nazar78
- Posts: 2078
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Certificate error
Check if you accidentally try to access https over a non-https port. E.g. accessing this link will get you the same error https://www.google.com:80/steve6443 wrote:Thanks, I have now managed to get that all working, unfortunately a number of apps are only working IF I access the server via ipadress:port, instead of servername:port. An example of this is PhotoPrism or Netdata. PhotoGallery3 works fine so I'm left scratching my head.
The error message is
This site can’t provide a secure connection
domain sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I've checked all the obvious catches - time, date etc. Deleted Browser Cache, turned off the Firewall on My Mac, disabled ClamAv on the NAS. There's no proxy configured. All required ports are open. I've even tried allowing the server to be an exposed host. Nothing seems to work.Any clues or hints?
I would suggest to use an easier approach to manage which is by using reverse proxy. For myself I'm running many virtual hosts accessed via https from the frontend which reverse proxy via nginx chroot pointing to multiple non-https backend apps e.g. https://foobar.mydomain.com -> http://192.168.1.1:1234. You can also setup using docker but I prefer chroot.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
- Posts: 18
- Joined: Mon Mar 15, 2021 7:38 am
Re: Certificate error
Thanks. I'd already tried reverse proxies and managed to get Plex working via a reverse proxy. However when I try to do the same using (e.g) PhotoPrism or NetData, when setting up the reverse proxy, it says 'hostname not found" when I test the connections. Any ideas?Nazar78 wrote:Check if you accidentally try to access https over a non-https port. E.g. accessing this link will get you the same error https://www.google.com:80/steve6443 wrote:Thanks, I have now managed to get that all working, unfortunately a number of apps are only working IF I access the server via ipadress:port, instead of servername:port. An example of this is PhotoPrism or Netdata. PhotoGallery3 works fine so I'm left scratching my head.
The error message is
This site can’t provide a secure connection
domain sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I've checked all the obvious catches - time, date etc. Deleted Browser Cache, turned off the Firewall on My Mac, disabled ClamAv on the NAS. There's no proxy configured. All required ports are open. I've even tried allowing the server to be an exposed host. Nothing seems to work.Any clues or hints?
I would suggest to use an easier approach to manage which is by using reverse proxy. For myself I'm running many virtual hosts accessed via https from the frontend which reverse proxy via nginx chroot pointing to multiple non-https backend apps e.g. https://foobar.mydomain.com -> http://192.168.1.1:1234. You can also setup using docker but I prefer chroot.
Let me edit this: I have also got NetData working but PhotoPrism is a no/no. I note that this is using, according to manual connect, TCP 2342 and TCP & UDP Ports 32771. Even leaving "automatically switch HTTP to HTTPS" unchecked isn't helping.... Seems that I need to reverse proxy both ports but I don't see how.....
- Nazar78
- Posts: 2078
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Certificate error
Try using local IP for the upstream and make sure the daemon you're trying to connect via the proxy is listening on the same local IP. So the flow is frontend to backend HTTPS-domain:443->reverse-proxy->non-HTTPS-local-IP:port
I'm not using those apps but I'm very sure same reverse proxy rules apply to them, which is quite straight forward albeit different daemon setup like apache, nginx, haproxy, varnish, træfɪk etc. Some details like logs or screenshot would help.
For your technical references, please do backup if you try to modify the system files:
https://docs.nginx.com/nginx/admin-guid ... rse-proxy/
https://stackoverflow.com/questions/502 ... n-upstream
Edited: replying to your edit, you can always add another port for the single domain but the Asustor reverse proxy doesn't support UDP at the moment. You can raise a request to Asustor support or you can modify the system settings and it's tough especially during firmware upgrade s. I think you're better off running/managing the reverse proxy in a separate instance like docker or chroot where you have full control. For example like myself, I have many requirements using the reverse proxy like clauses, modifying headers/contents, caching, load balancing so using the provided Asustor's implementation is a no go.
I'm not using those apps but I'm very sure same reverse proxy rules apply to them, which is quite straight forward albeit different daemon setup like apache, nginx, haproxy, varnish, træfɪk etc. Some details like logs or screenshot would help.
For your technical references, please do backup if you try to modify the system files:
https://docs.nginx.com/nginx/admin-guid ... rse-proxy/
https://stackoverflow.com/questions/502 ... n-upstream
Edited: replying to your edit, you can always add another port for the single domain but the Asustor reverse proxy doesn't support UDP at the moment. You can raise a request to Asustor support or you can modify the system settings and it's tough especially during firmware upgrade s. I think you're better off running/managing the reverse proxy in a separate instance like docker or chroot where you have full control. For example like myself, I have many requirements using the reverse proxy like clauses, modifying headers/contents, caching, load balancing so using the provided Asustor's implementation is a no go.
Last edited by Nazar78 on Wed Dec 29, 2021 8:48 pm, edited 1 time in total.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
- Posts: 18
- Joined: Mon Mar 15, 2021 7:38 am
Re: Certificate error
Strangely enough I finally managed to get PhotoPrism to work by disabling port forwarding for 2342 and only 32771, then reverse proxy for that port.... at least it works....
- Nazar78
- Posts: 2078
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Certificate error
See my edited reply to your edit.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response