1. General
  2. Questions
0

How can I use Lets Encrypt & Certbot with Ubooquity on Windows 10

Tom Davies 1 month ago updated 1 month ago 1

I can't for the life of me figure out how to convert the cert that I got from Lets Encrypt / Certbot to something usable by Ubooquity.


A long time ago I gave up trying to use HTTPS with Ubooquity on Windows 10. I tried. I read lots of things, I tried lots of things, but I clearly did not understand what I was doing. Recently I heard a colleague mention how easy it was setting up his server's certs with Lets Encrypt and automating it with Certbot. So I tried it, and it was super easy. Just downloaded Cerbot, ran the Windows installer, and before you know it, I had a legit cert for my Win 10 box... but the files that Certbot grabs for you are PEM files. Ubooquity wants a java keystore...


So I did plenty of searching and reading. Lots of instructions for Linux - next to nothing for Windows. I did try some that I found, one was manually generating a keystore with the command line. Then somehow importing your PEM into the keystore...

None of the instructions I found worked. Clearly I'm missing something. Honestly, I don't know how certs work or have much experience with them. When I need to apply them at work, I download the cert from DigiCert and follow the application instructions and they work. But there aren't really instructions for this for Ubooquity (at least not any I could find).

Can someone help by documenting this?

I can get it started:

  1. Open your web browser and go to

    https://certbot.eff.org/

  2. You'll see a large "My HTTP website is running " and a drop-down menu " on " and another drop-down menu.

  3. Use the two drop-downs. Select Other for the first one and Windows for the second.

  4. It will take you an instructions page. There's a download link there to get the certbot installed. https://github.com/certbot/certbot/releases/latest/download/certbot-beta-installer-win_amd64_signed.exe
  5. Install certbot by double-clicking the file after you download it. It will open an install wizard. Just accept the defaults and click your way through until it is finished.
  6. Halt your Ubooquity service (open it from the toolbar and click the "Stop Server And Exit" button)
  7. Halt any other web servers you might be running on your PC
  8. (You may have to briefly disable your Windows firewall for the next step. I did not, but YMMV.)
  9. Open a command prompt with admin privs (right click on it in the Start menu, select More, and select Run As Administrator)
  10. In the command prompt type: certbot certonly --standalone
  11. Note that there are two minus signs in that command.
  12. Certbot will ask you what the domain name of your server is, type it in. (Example: www.myserver.net)
  13. Certbot will grab a cert for you and save it in the default directories and even tell you what they are.
  14. Copy & Paste the info from the command prompt into Notepad and save it. You'll need that info later.
  15. Remember that certbot has scheduled a renewal of your cert just before it expires. So you shouldn't have to do anything more with certbot.

... and that's where I hit a brick wall. I don't know what to do with the PEM files that cerbot so kindly grabbed for me.

Tom Davies 1 month ago

Note for instructions above:

If your web server (Ubooquity) runs on a non-standard port (not port 80), you will likely have setup a port forward on your home network's firewall to forward incoming-from-the-internet port 80 to port 80 on the PC you're running certbot on. It uses port 80 to confirm your domain ownership and to grab the certs. It uses this for renewing the certs as well, so you will need to leave this port mapping in place in your firewall.

Customer support service by UserEcho