Using Own Valid SSL Certificate

[b0tzone]

Hi Team,

Please add the feature to add own valid SSL certificate to avoid browser un-trusted SSL alert or antivirus SSL blocked alert.

Also, also add a dedicated section in the documentation on how to implement the same.

Thanks.

[github-actions]

👋 Hi @b0tzone,
Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki
For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

[yogeshojha]

Linked to #512

[psyray]

Add also Let's encrypt (certbot)

[0xtejas]

@yogeshojha Consider closing this as I see the linked issue is marked as complete.

[michschl]

@yogeshojha Consider closing this as I see the linked issue is marked as complete.

@0xtejas the linked issue was closed with a reference to this issue. So closing would be circular. I also support the option to add own valid certificates and actually I would love to have a Let's Encrypt bot integrated with the nginx proxy.

[0xtejas]

The question is how to move forward.

• Remove reNgine's support for openssl cert and just use let's encrypt, additionally support certs from the third party by adding those certificates in /rengine/secrets/certs
• Support openssl certificate and other certificates

Have you made a thought about this earlier @yogeshojha

[yogeshojha]

@0xtejas i have checked the possibility of lets encrypt, one issue is that let's encrypt doesn't generate ssl cert for localhost which I believe a lot of individuals install reNgine on localhost. It will be an issue for them. For vps yes let'sencrypt would be good.

Do you have any ideas how we can accommodate for both?

[0xtejas]

@0xtejas i have checked the possibility of lets encrypt, one issue is that let's encrypt doesn't generate ssl cert for localhost which I believe a lot of individuals install reNgine on localhost. It will be an issue for them. For vps yes let'sencrypt would be good.

Do you have any ideas how we can accommodate for both?

I have been working on a VPS trying to accommodate both the options however it looks like in the current stage the program expects us to have certs before starting the proxy (Nginx). Which is not ideal in our case.

We need to refactor our code in such a way that we can ask the user to select custom certs or lets encrypt. If it is let's encrypt we ignore the certs folder being empty and proceed to start the container. Once the container has started it is easy to generate certs and answer the challenge provided by the let's encrypt within the container.

In the other case, we will ask them to generate using make certs or store the third party certs in the folder as per our naming convention for the files.

[yogeshojha]

@0xtejas sounds good to me.

We need to refactor our code in such a way that we can ask the user to select custom certs or lets encrypt. If it is let's encrypt we ignore the certs folder being empty and proceed to start the container.

I agree to this, this next release will focus on addressing and fixing such issues including the redundant docker compose we have and many others.

I think as you said maybe run the script with default one first and then replace with something like make letsencryptcert generated certs.

Thanks for the heads-up, I will have a look at this weekend,