https://netmaker.org logo
Powered by
#netmaker
Title
# netmaker
m

mysterious-forest-94789

06/12/2022, 10:36 PM
Hmm.... Is NM usable without a signed certificate? I hit the duplicate limit on letsencrypt trying to fine tune the mod_security settings.
b

bored-island-21407

06/12/2022, 10:39 PM
Yes, in fact you can set up netmaker to run with http but that is a completely different way of running it and requires a completely different setup.
if you are running in cert rate limits, you can set up caddy or traefik to use static certs
w

white-piano-73111

06/12/2022, 10:40 PM
or just switch to staging until you figured it out and then switch back
m

mysterious-forest-94789

06/12/2022, 10:54 PM
limit is already hit, will staging still work?
w

white-piano-73111

06/12/2022, 11:06 PM
yes, limits are separate for staging. you get 30k certs per week and 60 fails per hour. Some absurd number like that.
m

mysterious-forest-94789

06/12/2022, 11:16 PM
how do I set that?
I know how to set it using certbot, how do I set it using nm's docker-compose?
w

white-piano-73111

06/12/2022, 11:21 PM
you can put it as a cli command in the compose file to match yours --certificatesresolvers.http.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
Also, you see where it says: - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json" if you have issues with certs renewing, deleting this file(or volume) and restarting helps since it can't find a cached version and has to pull a new one
m

mysterious-forest-94789

06/12/2022, 11:24 PM
I add to this to traefik command:?
I'm deleting the entire volume, so that's not a problem
Hmm....
I don't know what I did to break it...
Hmph
I can't use it at all now
no cert issue except unknown assigner
The web ui won't connect
Hmm
I found something
web browser says cors request failed
Had to import the LE Root certs into Firefox and Edge before I could use it.
Okay now pairing clients with it comes up with this
x509: certificate signed by unknown authority
Same there there, fixed that copied them to /etc/ssl/certs
Talk about a pain, but at least it is usable for now
Thanks for the help
Powered by