Using ClouDB: can we install SSL in a VPS server without a domain name?

altagore · April 19, 2021, 2:51pm

I just installed Redis on my VPS server to store data with a CloudDB objetc, and it works fine, thanks to TIMAI2 help with this link:

METRIC RAT AI2 - HOWTO: Setup Redis Server with SSL for use with AI2

however, I had not tried to install the SSL certificate. I just tried, and regarding the installation of CertBot, I followed what is said here:

Get Certbot — Certbot 1.11.0.dev0 documentation (eff.org)

Since I am on Ubuntu and there is no package for Ubuntu 20.04 to install Cerbot, I followed the following link:

Certbot - Ubuntufocal Apache (eff.org)

As well as the link below allowing to install snapd (and not snap ? ...):

Installing snap on Lubuntu | Snapcraft documentation

After all that, by following the steps given in the third link, I managed to install Cerbot on my VPS server, and the test works fine.

Unfortunately, I don't know what to give as domain name and path for root when generating SSL certificate after running sudo certbot certonly command.
To sum up, can we install an SSL certificate on a VPS server that is not linked to the domain name of a website?
Thank you in advance for your help.

TIMAI2 · April 19, 2021, 3:39pm

If, as you previously advised, you are using an IONOS VPS, on the server page it gives you a domain name (DNS host name), mine is like this:

ed5b378.online-server.cloud

I used this for my SSL certificate and it worked OK.

ChrisWard · April 19, 2021, 4:22pm

Hello altagore

That's really not our area of technical support. Is your Server Hosted? (! & !, Go Daddy etc). If so, they are the people to ask.

altagore · April 19, 2021, 4:41pm

Thanks TIMA2. I found it. I have to try to generate the certificate.

altagore · April 19, 2021, 4:44pm

Hello,

It is IONOS, and I asked the question, but no reply for the moment from IONOS. But, TIMAI2 gave me the response.

ChrisWard · April 19, 2021, 4:53pm

Hi again - I'm with IONOS (UK) myself - they provide an SSL certificate as part of the hosting package.........

altagore · April 19, 2021, 5:31pm

Me again .. What did you use for the webroot ? In fact, in your web page about making the SSL certificate, it looks like you didin't have to reply to this question, before generating the certificate:

"Input the webroot for 29e2886.online-server.cloud: (Enter 'c' to cancel): ???"

I tried to use a directory created in /home, and it didn't work

altagore · April 19, 2021, 5:38pm

Well, not for a VPS server in fact

TIMAI2 · April 19, 2021, 6:13pm

You might need to check with LetsEncrypt about this, as you say, I am not asked this question when setting up or renewing....

Or did you select 3 (: Place files in webroot directory (webroot)) instead of 2 ?

ChrisWard · April 19, 2021, 9:03pm

Well I just double-checked and all of their VPS packages have a 'Wildcard' SSL Certificate as standard.

The fact is, it's in the best interests of the Host too. Would it work with the Redis Server? I don't know, but IONOS do.

altagore · April 19, 2021, 9:16pm

In fact, there was only two choices that match de second and third in your example. I tried both solutions, and it failes. I have the same error message in both cases:

Challenge failed for domain 29e2886.online-server.cloud
...
Timeout during connect (likely firewall problem).

Do you think the problem comes from the firewall ?

TIMAI2 · April 19, 2021, 9:20pm

Yep, but I don't have any domains with IONOS, and my server is running 6/7 other domains so it was 'easier' (I say that lightly!) to use LetsEncrypt, and the howto needed to be written for "any server".

(Note: unhelpfully, IONOS only provide installation instructions for the SSL private key to a Windows server, no mention of linux....)

TIMAI2 · April 19, 2021, 9:24pm

Aha, do you have apache (or anything else) running on port 80?

If so you will need to stop apache (or anything else) so that port 80 is available for certbot to do its work.

See the Additional section at the bottom of my howto.

(or check that port 80 is available through the firewall - ufw/IONOS.)

altagore · April 19, 2021, 9:36pm

Sorry if I was wrong, but I found no way to add a SSL to my VPS server on IONOS. I even tried to buy a new one (I stopped before buying), and they never asked me if I wanted a SSL for this server.

easrng · April 19, 2021, 9:56pm

That is needlessly complicated. Use caddy, it handles SSL for you and is easy to install and configure. https://caddyserver.com/
You will need to set it up to serve some simple landing page so the verification will work. Leave caddy always running so it can renew certs. The certs should be in your ~/.caddy folder.

TIMAI2 · April 19, 2021, 9:59pm

For the most part, LetsEncrypt is set and forget.

However, because of the port requirements, I have had to manually update every 90 days for the cert for the redis server. This only takes 5 minutes.

Not complicated.

altagore · April 19, 2021, 10:01pm

It was the problem ... Thanks a lot again I added port 80 to the firewall in the Cloud Panel, and it didn't work again. Then, I did it with ufw, and it works fine now. I can finish your "How to" now

Just a question ... I tried the command to stop apache and it tells me it isn't running. I tried to make it run with the command sudo systemctl start apache2, and it failed, because "Unit apache2.service not found" ... Is it normal ? Maybe the apache version is not apache2 ?

TIMAI2 · April 19, 2021, 10:02pm

If you haven't installed apache, then it won't be there, so no need to stop it. Hopefully opening up port 80 on the firewall should sort things for you.

altagore · April 19, 2021, 10:03pm

Do you think I must let the port 80 in the firewall after generating the SSL ? For now, I don't need it for something else.

altagore · April 19, 2021, 10:08pm

I will have a look at caddy then. Thanks for this information.