NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to run Koken on https?
What is a good way to make the Koken content management system run on https, without browsers complaining about the self-signed certificate?
I experimented with creating a self-signed certificate and adding a virtual host to /apps/koken/http.conf (based on tutorials, like https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-debian-7 ). This will make koken run on https. However, browsers will complain about the certificate not being trusted.
Guess I need a certificate / key issued by a Certificate Authority?
What is a good CA?
Does anyone have experience with using a free CA?
What steps would I have to take to get the key/certificate?
StephenB wrote:
I suggest looking into letsencrypt ( https://letsencrypt.org/ )Created a how-to for setup of Koken CMS with HTTPS on ReadyNAS OS 6.5.0 and Letsencrypt certificates on https://fotografeer.nl/index.php?/essays/2016/06/koken-cms-on-https/
8 Replies
Replies have been turned off for this discussion
I suggest looking into letsencrypt ( https://letsencrypt.org/ )
Note that Koken is not running on the standard http and https ports 80 and 443.
After installing git, installed the letsencrypt certbot, but can't get it to run as expected. I'm trying this:
./certbot-auto certonly --test-cert --standalone --email someone@noreply.nl -w /apps/koken/web -d fotografeer.nl
But I get an error message:
The program apache2 (process ID 27035) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the apache2 program temporarily and then try again
If I stop apache and try again with:
service apache2 stop
[ ok ] Stopping apache2 (via systemctl): apache2.service.
./certbot-auto certonly --test-cert --standalone --email someone@noreply.nl -w /apps/koken/web -d fotografeer.nl
I get the following error message:
Checking for new version...
Requesting root privileges to run certbot...
/root/.local/share/letsencrypt/bin/letsencrypt certonly --test-cert --standalone --email someone@noreply.nl -w /apps/koken/web -d fotografeer.nl
Failed authorization procedure.
fotografeer.nl (tls-sni-01): urn:acme:error:connection ::
The server could not connect to the client to verify the domain ::
Failed to connect to host for DVSNI challenge
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: fotografeer.nl
Type: connection
Detail: Failed to connect to host for DVSNI challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.Not very sure how to proceed from there.
I think you need a ddns name set up that points to the NAS web server.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
