SSL Letsencrypt

Marusche · October 16, 2024, 5:44am

Hi, I need some Help after the installation.
I Installed Passbolt on my own server (VM on MS 2019 SERVER). The OS is Ubuntu. All works fine but the selfmade SSL zertificate made during the installation process couse shows this side is not secure. How can I install the letsencrypt zertificate now?
Best Regars
Marusche

antony · October 16, 2024, 5:47am

Hello @Marusche , welcome to the community!

In order to reconfigure the SSL certificate with Let’s Encrypt, you can follow our dedicated guide.

Please note that the server should be publicly available and that the port 80 should be opened. Also, if you are going to change the domain name, take in consideration that all of the users would have to perform an account recovery because this will involve reconfiguring the browser extension. This obviously means that you should have a copy of your recovery kit. In case you do not have it, you can download it in Profile > Keys Inspector > Download Private

Marusche · October 16, 2024, 6:16am

Hi, I think that is the problem. The server is only reachable in our Network (also VPN). I should have chosen http instead of https. Should I change to http?

max · October 16, 2024, 12:10pm

I am not sure I understand what you mean @Marusche?

Lets encrypt use the HTTP-01 challenge by default and Certbot that is configure with the passbolt package does use it too.

When you said that you want to use http you mean you were using TLS-ALPN-01 challenge already?

Thanks in advance for the clarification

Marusche · October 17, 2024, 8:29am

Hi, the browser is warning that the connection is not secure (net::ERR_CERT_AUTHORITY_INVALID) what can I do in this case?
Thats why I asked to change to http. I think its not from letsencypt.
Maybe I can create some letsencrypt zertificate and put them into the path
that I wrote down during the install process.
Or can I take the Solution form @antony (from the guide) without lost the old database?

joe · October 17, 2024, 4:05pm

If you have generated a self-signed certificate, your browser will mark it as insecure by default since it cannot trace the route to a top level certificate authority.

Did you sign it with your own CA? If so, you will need to get your browser/laptop to accept the CA (it is different depending on your OS).

If you did not, it should be enough to add the certificates to trusted certificates in the browser.

Joe