Lennart Koenraads's picture
Lennart Koenraads - Wed, 2023/04/19 - 09:34

Hello,

At this moment i try to migrate my website from Xampp to Turnkey version 17.1.

I ran into an issue to replace the SSL certificate which i am using now on Xampp. cabundle.crt , server.crt, server.key. I bought this certificate form my hosting provider and i want to use it in Turnkey, but in Turnkey i saw that i can only use a PEM certificate. Is it possible to replace the default certificate to my own certificate and how can i do that.

I tried using the following link, but i get a lot of errors, but no SSL.

https://www.turnkeylinux.org/docs/confconsole/letsencrypt

Also when trying to run the entire Joomla site on https i get the following error:

HTTPS has not been enabled as it is not available on this server. HTTPS connection test failed with the following error: fsockopen(): unable to connect to ssl://X.X.X.X:443 (Unknown error)
Forum: 
Support
Tags: 
ssl
lamp
Jeremy Davis's picture

Jeremy Davis - Tue, 2023/05/02 - 05:29

I'll jump straight in:

[...] replace the SSL certificate which i am using now on Xampp. cabundle.crt , server.crt, server.key [...] in Turnkey i saw that i can only use a PEM certificate

Firstly, '.crt' and '.pem' files are generally actually the same. They are just plain text files. To check if this is the case, try cat-ing the files. E.g.:

cat /path/to/server.crt

At the top and bottom of the file you should see the 2 lines below, with many lines of random characters in between:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

The cabundle.crt file should be the same, although will have numerous sections as per above. The server.key file will also be similar, but will have slightly different lines top and bottom like this:

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

The default TurnKey TLS certs are /etc/ssl/private/cert.pem (and /etc/ssl/private/cert.key). Our default cert includes the key as well (whilst also providing the key as an individual file too). Assuming that I am correct, then I would expect this to work on your server:

cat /path/to/server.crt > /etc/ssl/private/cert.pem
cat /path/to/cabundle.crt >> /etc/ssl/private/cert.pem
cat /path/to/server.key >> /etc/ssl/private/cert.pem
cp /path/to/server.key /etc/ssl/private/cert.key

After doing that, you will need to restart the relevant services. Assuming your server is LAMP (or a LAMP based one), then this should do the trick:

systemctl restart apache2 stunnel4@webmin.service stunnel4@shellinabox.service

Hopefully that helps.

I tried using the following link, but i get a lot of errors, but no SSL.

I'm hoping that the above will make this part redundant. However, if you'd like a hand getting the free Let's Encrypt certs working, please share the specific error messages.

Also when trying to run the entire Joomla site on https i get the following error: 

HTTPS has not been enabled as it is not available on this server. HTTPS connection test failed with the following error: fsockopen(): unable to connect to ssl://X.X.X.X:443 (Unknown error)

That's a new one for me!? Where are you seeing this message? If it's in the web browser, my guess is that there is some incorrect config somewhere in Joomla. If you are seeing that somewhere else such as a log file, I'd be interested in knowing where exactly and perhaps the few lines above and below (assuming it's a log file).

Add new comment