SSL certificate Domoticz

[stingone]

Hello Everyone,

Currently i'm running Pimatic and Domotcz in parallel. I want to secure the remote access (outside my network) via SSL.
Yesterday i tried to setup as described in the manual.. al works but still have the red cross in my https.

I'm willing to buy a ssl certificate 8 eur for 3 years. I already own a domain name. But how do i need to set this up.?

Can anyone tell me the easiest way...

[Egregius]

have you heard of letsencrypt?
Free SSL certificates

[stingone]

yes i used that but i used it with a free daplie domain.. and that still gives me the error that the certificate domain and my external wan ip are not verified.

[Egregius]

Then I guess something's wrong with the setup.
I use letsencrypt on my VPS for all my websites and at home on my syno for my phpfloorplan.

[stingone]

have you heard of letsencrypt?
Free SSL certificates

I just created a subdomain domoticz.mydomain.nl i used DNS zone editor to point to my external IP.

It now goed directly to the domoticz. i will try to bind my domain with my ip tonight via the letsencrypt.

BUT.... i also want to create a domain pimatic.mydomain.nl... however withing the dns zone editor i cannot set e.g. port 443 for domoticz and port 444 for pimatic. any idea's?

[Egregius]

I don't think the port number has anything to do with the certificate.
I have 1 certificate that is valid for all sites at my VPS.
And 1 at my Syno.
The Syno's external address is registered as subdomein of one if my registered domains. That's one of the required things for letsencrypt as they verify the hostname against a dns server.

[stingone]

I don't think the port number has anything to do with the certificate.
I have 1 certificate that is valid for all sites at my VPS.
And 1 at my Syno.
The Syno's external address is registered as subdomein of one if my registered domains. That's one of the required things for letsencrypt as they verify the hostname against a dns server.

I know but the issue is that i have 2 raspberry pi's
- domoticz
- pimatic

I want to be able to access my both pi's from outside my netwerk WAN. I did this before by simply typing
https://myexternip:443 (domoticz)
https://myexternip:444 (pimatic)

Using IP forwarding in my router to the desired internal adresses of my 2 Pi's

What i now want to achief is
domoticz.mydomain.nl
pimatic.mydomain.nl

I want to use 1 SSL certificated bound to sub-mydomains.

Correct me if im wrong

[Egregius]

I would think that installing letsencrypt on both pi's and let them handle their own subdomain certificate would work.

[stingone]

I would think that installing letsencrypt on both pi's and let them handle their own subdomain certificate would work.

Great... will test it tonight an let you know.. i can just type the port name after the .nl extension so.

-domoticz.mydomain.nl:443
-pimatic.mydomain.nl:444

[Egregius]

Don't forget to register the subdomains at your domains registrars dns control panel.
Then wait about 30 mins or more to be sure the DNS is propagated. Otherwise you'll end up with errors in letsencrypt that the hostname can't be found.

If you have an advanced firewall with something like HAProxy you could even host 2 subdomains on the same port. But that's usually not something you have at home...

[stingone]

Don't forget to register the subdomains at your domains registrars dns control panel.
Then wait about 30 mins or more to be sure the DNS is propagated. Otherwise you'll end up with errors in letsencrypt that the hostname can't be found.

If you have an advanced firewall with something like HAProxy you could even host 2 subdomains on the same port. But that's usually not something you have at home...

how do you mean register?

I created domoticz.mydomain.nl in my controlpanel and i created an A name in the DNS zone editor using the new subdomain pointing to my external WAN is that what you mean?

[Egregius]

Yep, that's what I mean.
Also do it for the second subdomain.
If you did it already then you're sure dns propagation won't be an issue this evening.

[stingone]

Yep, that's what I mean.
Also do it for the second subdomain.
If you did it already then you're sure dns propagation won't be an issue this evening.

Works like a charm :D many thanks...

[stingone]

Yep, that's what I mean.
Also do it for the second subdomain.
If you did it already then you're sure dns propagation won't be an issue this evening.

Ah now running in small issue. i try to get the second certificate. however portforwarding works only for port 443. how can i change the ssl port on my pimatic raspberry to 444 so that letsencrypt wil use port 444 and not 443?

[Egregius]

You're welcome

[stingone]

You're welcome

Got uw Working for both. Only for 1 pi ï have to put port behind .nl extension once. Workshop great now....The dns update took more time thans expexted.