Zoneminder add cert

Forum for questions and support relating to the 1.31.x releases only.
Locked
Colfin22
Posts: 5
Joined: Thu May 17, 2018 8:38 pm

Zoneminder add cert

Post by Colfin22 »

I'm trying to change apache back to port 80 so i can run certbot to install a cert. I did as it says below.
You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL
directives found in /etc/httpd/conf.d/zoneminder.conf. You should also
comment out the HTTP -> HTTPS Rewrite rule.
but when i restart apache it's still redirecting to https. Is there another file to edit? I'm running v1.31.43 on Centos 7 btw
User avatar
knight-of-ni
Posts: 2404
Joined: Thu Oct 18, 2007 1:55 pm
Location: Shiloh, IL

Re: Zoneminder add cert

Post by knight-of-ni »

Certbot works just fine with the zoneminder rpm without modification so I'm not sure why you think you have to change anything. In any case, to answer your question about auto redirecting to https, you have to remove the rewrite rule from the config file then restart apache. You either missed that step or you've got another rewrite rule in some other config file.
Visit my blog for ZoneMinder related projects using the Raspberry Pi, Orange Pi, Odroid, and the ESP8266
All of these can be found at https://zoneminder.blogspot.com/
User avatar
knight-of-ni
Posts: 2404
Joined: Thu Oct 18, 2007 1:55 pm
Location: Shiloh, IL

Re: Zoneminder add cert

Post by knight-of-ni »

Double check your firewall has both port 80 and 443 open and they are forwarded to your server. That can cause certbot to fail.
Visit my blog for ZoneMinder related projects using the Raspberry Pi, Orange Pi, Odroid, and the ESP8266
All of these can be found at https://zoneminder.blogspot.com/
Colfin22
Posts: 5
Joined: Thu May 17, 2018 8:38 pm

Re: Zoneminder add cert

Post by Colfin22 »

knight-of-ni wrote: Sat May 26, 2018 2:09 pm Certbot works just fine with the zoneminder rpm without modification so I'm not sure why you think you have to change anything. In any case, to answer your question about auto redirecting to https, you have to remove the rewrite rule from the config file then restart apache. You either missed that step or you've got another rewrite rule in some other config file.
Yes I realise it should just work, as I've already said I've commented out the rewrite rule, restarted apache and still get redirected to 443. I cannot find another redirect
Colfin22
Posts: 5
Joined: Thu May 17, 2018 8:38 pm

Re: Zoneminder add cert

Post by Colfin22 »

I've gotten a little further, I can get certbot to run but as zm isn't runnign on port 80 I get this. Is there somewhere else I set zm to listen on port 80

Code: Select all

Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
User avatar
knight-of-ni
Posts: 2404
Joined: Thu Oct 18, 2007 1:55 pm
Location: Shiloh, IL

Re: Zoneminder add cert

Post by knight-of-ni »

Code: Select all

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
This message can be a bit misleading. In addition to having Apache listen on port 80, the message is telling you certbot is also looking for an apache <VirtuaHost>...</VirtualHost> definition for port 80 as well. This is simply to convince certbot that you are indeed the administrator of the domain. It's not required to make it work from a technical perspective.

In my tests, however, I didn't have to define a virtualhost (not sure why to be honest). The only thing I needed to change in my Apache configuration was the ServerName directive. I set it to match the (dynamic) dns name. This statement assumes a default Apache configuration... if you've changed something not mentioned here then all bets are off.

Keep in mind you've also got to open ports 80 & 443 in any firewall(s) between you and the Internet.

UPDATE: updated content to reflect a question asked in our irc channel.
Visit my blog for ZoneMinder related projects using the Raspberry Pi, Orange Pi, Odroid, and the ESP8266
All of these can be found at https://zoneminder.blogspot.com/
Locked