HELP: has certificate but NOT has private key

[BussyBakks]

owner say in wiki is: You can get free signed certificate in letsencrypt.org
but it DONT has private key
how to export private (or public key) in certificate???
i have ONLY 1-step to public my HFS
pls help~~

[rejetto]

letsencrypt gives you private key, I know because I use it and I get this file "privkey.pem".

[BussyBakks]

how to obtain this private key??, i dont see this!

[SanokKule]

I will assume you are on windows.
Did you use certbot to get your certificate?
If so, you would have your certificate files in the 'C:/certbot/live/#your domain#/'

[BussyBakks]

@SanokKule sorry, i use sub-domain and i dont install certbot

[SanokKule]

Then what did you use to get your certificate?

[BussyBakks]

@SanokKule i download here

[rejetto]

your problem is not with HFS, but with letsencrypt.
If you want to get your free certificate from them, you have to go here https://certbot.eff.org/instructions?ws=other&os=windows

If you don't like their way, your alternatives are

• get the certificate from another company (probably paying)
• use the basic certificate that HFS is able to produce, but you get the ugly warning message https://github.com/rejetto/hfs/wiki/HTTPS

I hope that I'll be able soon to focus on integration of letsencrypt, to make this stuff easier.

[BussyBakks]

ok thanks for help!!

[BussyBakks]

what is webroot in HFS?

[rejetto]

certbot calls "webroot" the folder of your disk that is served by your web server when accessing the root (like google.com , without any folder like google.com/folder )

Most web servers have the root associated to a folder on a disk.

Root is called "Home" in HFS.

Point is: by default HFS' root is virtual. Virtual = not associated to any folder on your disk. This is the "source" option in HFS.

You are trying to use certbot in "webroot" mode, but this mode needs you to have the home of HFS associated to a folder on your disk.

Your options are

• you don't use webroot mode (I don't)
• you continue, but need to set the "source" of the "home" of HFS.
  If you set it a folder, all the files in this folder will appear in HFS. So, you may want to set it to an empty folder. What will happen is that at some point certbot will add a file inside this folder, for a few seconds, necessary to create or renew your certificate.

[BussyBakks]

@rejetto thanks!

[BussyBakks]

i will ask more soon, so i keep issue open

[BussyBakks]

help part 2
i use duckdns, idk what happend!

[rejetto]

so, you chose option 2. It says you must havean HTTP server running on the same machine. Do you have HFS running on the same machine?

[BussyBakks]

@rejetto i use HFS in THIS machine!

[SanokKule]

@BussyBakks, your server should be using port 80 and the Home in your vfs should have D:\share (if that's where you want that to be) as the source.
Server also needs to be accessible from outside your network by the domain you are trying to get a certificate for.
After that you can try running certbot again.

[BussyBakks]

@SanokKule i link my external ip to duckdns, but it isnt work!
how can i access my HFS in duckdns's ip?

[SanokKule]

Did you forward port 80 to your pc in your wi-fi router?

[BussyBakks]

@SanokKule yes i forwarded port 80 in router
but still doesnt work

[SanokKule]

If you add some file into the D:\share folder, do they show up in your server?

[SanokKule]

@SanokKule i link my external ip to duckdns, but it isnt work! how can i access my HFS in duckdns's ip?

It might be that your ISP is blocking some ports, so if you can't access your hfs from your ddns domain despite it pointing to your ip, you might need to talk with your ISP and ask them to unblock the ports.
Can other people access your server if they enter your ip into the browser?

[BussyBakks]

@SanokKule no, i dont share to anyone, just my family and i need THIS server access to every places!

[SanokKule]

But is your server accessible from the internet?

[BussyBakks]

@SanokKule no

[SanokKule]

The server MUST be accessible from the internet to get the certificate.
If the server is not accessible from the internet then your ddns will be useless too, wouldn't it?

[rejetto]

@SanokKule no, i dont share to anyone, just my family and i need THIS server access to every places!

"every places" = the internet.
You can restrict access some way, like with accounts and permissions.

[BussyBakks]

ok i give up, it toooo confusing with me, thanks for help:D

[lostb053]

hey so, i was going thru similar steps. i think the issue might be that it requires login, and thus site can't be accessed by certbot? (question mark here expresses uncertainty)
well, i am curious how did you do it without webroot (sorry if i missed it somewhere in instructions)

edit: just me being stupid maybe. but yeah, still curious, how do you make it work?

my server is accessible from internet. it works normally still fails

[rejetto]

this issue was open before letsencrypt was integrated in HFS.
you'll find the feature under Admin-panel > internet > https
do you still want to use certbot for other reasons?
if so, you'll have to configure HFS to comply with certbot's needs, which i'm not sure about because i don't use it.

[lostb053]

I can't seem to get either to work. Maybe if you could help me out there.

Sorry I'm not really sure where I went wrong

[rejetto]

let's continue on the other thread