SSL / HTTPS Issue

[Chadi]

Just upgraded FreeNAS from 9x to 11x successfully. Then, I generated an SSL CSR. Purchased SSL and then installed it successfully in System > Certificates area.

I updated config to HTTPS protocol and checked on WebGUI HTTP -> HTTPS Redirect. Saved.

Still cannot access https://nas.mydomain.com as SSL was generated for and installed. I get page not found.

I can access via IP obviously but not subdomain method.

The "Issuer" is set to external of course.

 

[danb35]

Purchased SSL

Why? https://www.ixsystems.com/community/resources/lets-encrypt-with-freenas-11-1-and-later.82/

 

[Chadi]

Just tried this method.

Also, on a side note, I cannot enter web GUI any longer since it's in https with a broken SSL apparently. How do I correct this in ssh?

Code:

hu Oct 24 16:41:34 EDT 2019] The domain key is here: /root/.acme.sh/fqdn_of_freenas_box/fqdn_of_freenas_box.key
[Thu Oct 24 16:41:34 EDT 2019] Single domain='fqdn_of_freenas_box'
[Thu Oct 24 16:41:34 EDT 2019] Getting domain auth token for each domain
[Thu Oct 24 16:41:35 EDT 2019] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rejectedIdentifier",
  "detail": "Error creating new order :: Cannot issue for \"fqdn_of_freenas_box\": Invalid character in DNS name",
  "status": 400
}
[Thu Oct 24 16:41:35 EDT 2019] Please add '--debug' or '--log' to check more details.
[Thu Oct 24 16:41:35 EDT 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

 

[danb35]

Cannot issue for \"fqdn_of_freenas_box\": Invalid character in DNS name"

I assume when you ran that command, you substituted your actual domain name? If not, there's your problem.

I cannot enter web GUI any longer since it's in https with a broken SSL apparently

What happens when you try?

 

[Chadi]

Not working.

Code:

Thu Oct 24 17:16:03 EDT 2019] Creating domain key
[Thu Oct 24 17:16:03 EDT 2019] The domain key is here: /root/.acme.sh/nas.mydomain.com/nas.mydomain.com.key
[Thu Oct 24 17:16:03 EDT 2019] Single domain='nas.mydomain.com'
[Thu Oct 24 17:16:03 EDT 2019] Getting domain auth token for each domain
[Thu Oct 24 17:16:05 EDT 2019] Getting webroot for domain='nas.mydomain.com'
[Thu Oct 24 17:16:05 EDT 2019] Adding txt value: ILLzMnJCkjyQ2CpBRxi4zFDjSIrFCsvwMSJbHlJSU5E for domain:  _acme-challenge.nas.mydomain.com
[Thu Oct 24 17:16:06 EDT 2019] Adding record
[Thu Oct 24 17:16:07 EDT 2019] Added, OK
[Thu Oct 24 17:16:07 EDT 2019] The txt record is added: Success.
[Thu Oct 24 17:16:07 EDT 2019] Let's check each dns records now. Sleep 20 seconds first.
[Thu Oct 24 17:16:29 EDT 2019] Checking nas.mydomain.com for _acme-challenge.nas.mydomain.com
[Thu Oct 24 17:16:29 EDT 2019] Not valid yet, let's wait 10 seconds and check next one.
[Thu Oct 24 17:16:41 EDT 2019] Let's wait 10 seconds and check again.
[Thu Oct 24 17:16:53 EDT 2019] Checking nas.mydomain.com for _acme-challenge.nas.mydomain.com
[Thu Oct 24 17:16:53 EDT 2019] Not valid yet, let's wait 10 seconds and check next one.
[Thu Oct 24 17:17:05 EDT 2019] Let's wait 10 seconds and check again.

As for web gui...

Code:

An error occurred during a connection to nas.mydomain.com. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL