- Platform information:
- Hardware: _ 1.5 GHz 64-bit quad-core [ARM Cortex-A72]/4GB/32GB MicroSD_
- OS: Openhabian [stable]v1.5-640(a3f6e8a)
- Java Runtime Environment: _Zulu 188.8.131.52-CA-linux_aarch32hf version: 1.8.0_252 _
- openHAB version: OpenHAB2
- Issue of the topic: When trying to safely connect with my openhab server using reverse proxy, the certificate issued by Let’s encrypt is not trusted.
- Please post configurations (if applicable):
- Items configuration related to the issue
- Sitemap configuration related to the issue
- Rules code related to the issue
- Services configuration related to the issue
- If logs where generated please post these here using code fences:
I recently set up reverse proxy on my openhab server using nginx. The setup was complete, and certbot (Let’s encrypt) assigned me a certificate. When trying to connect via webbrowser and https, the browser tells me my certificate is not trusted. I ran a test at https://www.ssllabs.com/ssltest/, with this as result:
I don’t know where I made a mistake, or what went wrong. I also question why the certificate is self-signed, as I have set it up using a DDNS (duckdns).
I followed this tutorial for the reverse proxy: https://www.smarthomeblog.net/openhab-reverse-proxy/
Anyone knows where it went wrong?
Please check your nginx config. Looks like you haven’t changed it to use your new certificates.
Thanks for your answer.
I am using certbot from Let’s encrypt to get my certs. These are also the certs that are assigned in my nginx config file, as seen here:
I don’t get why it gives me a self-signed cert
(The white part is my domain)
I also noticed this at the start of the test on ssllabs.com:
How is this possible? Doesn’t the certbot create a certificate with my domain name listed in it?
Did you reload the configuration after the certificate was created/installed ?
openssl x509 -in /etc/letsencrypt/live/<your-domain-here>/fullchain.pem -text -noout
and check the output. Does it contain your domain ? Is the issuer correct ? Then the certificate is ok but it is not used.
It does contain my domain and the issuer is Let’s Encrypt, which adds up. How do I reload the configuration?
I tried sudo nginx -s reload, but that didn’t fix it…
I also tried quitting the nginx service, but when I try to reopen I get an error message:
sudo systemctl restart nginx
So, I restarted nginx, and reloaded the configuration, but I still don’t get the right certificate in my webbrowser
I get the same self-signed certificate issued by openhab.org, which boggles my mind.
What can I do to troubleshoot this?
Post your nginx configuration files. The certificate stuff might not be in the right section.
Here you can see my config for nginx:
(Domain is marked out)
I’m not sure where I went wrong… All the paths seem to add up.
No screendumps please