1. General
  2. Questions
0

How can I use Lets Encrypt & Certbot with Ubooquity on Windows 10

Tom Davies 7 months ago updated by DarkShadowSwE 4 weeks ago 5

I can't for the life of me figure out how to convert the cert that I got from Lets Encrypt / Certbot to something usable by Ubooquity.


A long time ago I gave up trying to use HTTPS with Ubooquity on Windows 10. I tried. I read lots of things, I tried lots of things, but I clearly did not understand what I was doing. Recently I heard a colleague mention how easy it was setting up his server's certs with Lets Encrypt and automating it with Certbot. So I tried it, and it was super easy. Just downloaded Cerbot, ran the Windows installer, and before you know it, I had a legit cert for my Win 10 box... but the files that Certbot grabs for you are PEM files. Ubooquity wants a java keystore...


So I did plenty of searching and reading. Lots of instructions for Linux - next to nothing for Windows. I did try some that I found, one was manually generating a keystore with the command line. Then somehow importing your PEM into the keystore...

None of the instructions I found worked. Clearly I'm missing something. Honestly, I don't know how certs work or have much experience with them. When I need to apply them at work, I download the cert from DigiCert and follow the application instructions and they work. But there aren't really instructions for this for Ubooquity (at least not any I could find).

Can someone help by documenting this?

I can get it started:

  1. Open your web browser and go to

    https://certbot.eff.org/

  2. You'll see a large "My HTTP website is running " and a drop-down menu " on " and another drop-down menu.

  3. Use the two drop-downs. Select Other for the first one and Windows for the second.

  4. It will take you an instructions page. There's a download link there to get the certbot installed. https://github.com/certbot/certbot/releases/latest/download/certbot-beta-installer-win_amd64_signed.exe
  5. Install certbot by double-clicking the file after you download it. It will open an install wizard. Just accept the defaults and click your way through until it is finished.
  6. Halt your Ubooquity service (open it from the toolbar and click the "Stop Server And Exit" button)
  7. Halt any other web servers you might be running on your PC
  8. (You may have to briefly disable your Windows firewall for the next step. I did not, but YMMV.)
  9. Open a command prompt with admin privs (right click on it in the Start menu, select More, and select Run As Administrator)
  10. In the command prompt type: certbot certonly --standalone
  11. Note that there are two minus signs in that command.
  12. Certbot will ask you what the domain name of your server is, type it in. (Example: www.myserver.net)
  13. Certbot will grab a cert for you and save it in the default directories and even tell you what they are.
  14. Copy & Paste the info from the command prompt into Notepad and save it. You'll need that info later.
  15. Remember that certbot has scheduled a renewal of your cert just before it expires. So you shouldn't have to do anything more with certbot.

... and that's where I hit a brick wall. I don't know what to do with the PEM files that cerbot so kindly grabbed for me.

Tom Davies 7 months ago

Note for instructions above:

If your web server (Ubooquity) runs on a non-standard port (not port 80), you will likely have setup a port forward on your home network's firewall to forward incoming-from-the-internet port 80 to port 80 on the PC you're running certbot on. It uses port 80 to confirm your domain ownership and to grab the certs. It uses this for renewing the certs as well, so you will need to leave this port mapping in place in your firewall.

Sonja M Thomas 3 months ago

Give WinAcme a try. It is mainly for IIS Servers, but there is an option for a manual cert creation that you can copy and place into another server's cert location.

CAVEAT!  You either need to have port 80 accessible to your machine RUNNING WinAcme FROM the internet, or have access to the DNS server's TXT records to paste the Text authentication string that LetsEnrypt is looking for in order to very ownership and control of the domain you are trying to secure.  In all honesty it IS a VERY easy process if you take the time to read the menu options, the requirements WinAcme is looking for and have an understanding of your network, domain and servers.  If you are an "End User" and ANYTHING I said is above your head" then you need to step back, do some research and become familiar with what it is you are doing, the components and what you are putting out on to the network/internet. Not know these things CAN put you at risk for breaches, infection and trouble.

DarkShadowSwE 4 weeks ago

Still interested?


I cant see why you want a SSL cert unless you plan to access it from outside and from a domain?


Or do you want just a local SSL cert?


(depending on your answer there is different solutions)

Tom Davies 4 weeks ago

Absolutely! I'm still interested. I'm sure others are too. The main reason to have SSL is for accessing it from outside and your cert has to match your domain name or the browser will throw errors. A local or self-signed cert will still throw browser errors which most users won't understand. So if you've got friends/family that access your collection over the Internet, a good cert from a verifiable source is important.

DarkShadowSwE 4 weeks ago
 Yes, exactly

The cert must match the server (domain) it was requested by.

So, a little more information about your setup, is it your main computer?, is it a secondary pc?, is it on 24/7?,is it virtual or physical?

Customer support service by UserEcho