(!) das ist es nicht mehr (!)
c&p von https://forum.qnapclub.de/thread/39039-howto-eigenes-zertifikat-mit-qnap-letsencrypt/
ACHTUNG: souce PATH /etc/profile.d/python2.bash
[NAS Typ:] ARM / Intel
[Firmware:] 4.2.x
[Getestet:] ja – auf diversen Geräten
[Sonstige Modifikationen:] keine
In 5 Minuten zum eigenen Zertifikat mit „qnap-letsencrypt“ !!!
Eine TOP Alternative – getestet und funzt prima!!!
github.com/Yannik/qnap-letsencrypt
Los geht es:
Installiere die APP Python 2.7 auf deinem Qnap NAS
GIT wird auch gebraucht – gibt es wohl nicht als APP für alle Geräte.
Darum die Entware-ng APP (nicht nur „darum“, kann ja noch viel mehr) installieren:
github.com/Entware-ng/Entware-ng/wiki/Install-on-QNAP-NAS
Download:
pkg.entware.net/binaries/other/Entware-ng_0.97.qpkg
Dann mit z.B Putty auf die Konsole verbinden und weiter geht es!
opkg install git-http cd /opt/ wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem git config --system http.sslVerify true git config --system http.sslCAinfo `pwd`/cacert.pem git clone https://github.com/Yannik/qnap-letsencrypt.git mv cacert.pem qnap-letsencrypt cd /opt/qnap-letsencrypt git config --system http.sslCAinfo `pwd`/cacert.pem ./init.sh cd /opt/qnap-letsencrypt/letsencrypt # !! Achtung Schreibfehler in der Anleitung auf "https://github.com/Yannik/qnap-letsencrypt" #-------------------------------------------------------------------------------------------- cp ../openssl.cnf openssl-csr-config.cnf #-------------------------------------------------------------------------------- # hier edit! printf "subjectAltName=DNS:nas.xxx.de,DNS:www.nas.xxx.de" >> openssl-csr-config.cnf #---------------------------------------------------------------------------------- openssl req -new -sha256 -key keys/domain.key -subj "/" -reqexts SAN -config openssl-csr-config.cnf > domain.csr mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig cd /opt/qnap-letsencrypt ./renew_certificate.sh echo "30 3 * * * cd /opt/qnap-letsencrypt/ && ./renew_certificate.sh >> ./renew_certificate.log 2>&1" >> /etc/config/crontab crontab /etc/config/crontab /etc/init.d/crond.sh restart
und dann für Plex auf QNAP
openssl pkcs12 -export -in chained.pem -inkey keys/domain.key -out archive.pfx -name foehn.tzsz.deDas kommt von da: https://forums.plex.tv/t/add-custom-ssl-certs-now-available-for-everyone-how-to/128684
I’m not familiar with pkcs#12.
PKCS#12 is an archive file format, in this case used to bundle your private key and certificates.
I however have been using Letsencrypt to get
my free signed ssl certs for all my standalone and apache web servers.
How can I use does certs in Plex?
Edit: Available cert files from Letsencrypt: cert.pem chain.pem fullchain.pem privkey.pem
You’ll have to create a .pfx file (the PKCS#12 archive) containing both the private key and certificates of your chain. This is done using OpenSSL commands in your terminal:
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out archive.pfx -name "Name for Archive"
You’ll be prompted for a password, this password has to be filled in the Plex’ ‘Custom certificate encryption key’ field. I’m not sure if you had to password protect your private key upon Let’s Encrypt setup, you might be prompted for that as well.
After you’be obtained the .pfx file, store it on your media server computer (e.g. C:\SSL\archive.pfx). Then, occupy the ‘Custom certificate path’ field with the path to the file (C:\SSL\archive.pfx).
Last but not least, fill in the domain the certificate has been created for (e.g. plex.example.com 10).
A quick tip: in the ‘Remote Access’ setting, manually specify port 443 and update your router to point 443 external to 32400 internal. Then, for ‘Custom server access URLs’, fill in: https://plex.example.com:443 8.
You can now visit your custom SSL secured Plex domain using https://plex.example.com. Plex will do the rest. Try testing the domain outside your network the Plex server is hosted in, it might not work accessing the domain internally.
I forgot to mention here:
Last but not least, fill in the domain the certificate has been created for (e.g. plex.example.com 5).
That was ment for the ‘Custom certificate domain’ field.
Somehow forgotful tonight (is it possible to edit earlier posts?): restart your Plex Media Server program after setting up the certificate details. This is needed in order to get the certificate to work.
Schreibe einen Kommentar