Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

Using Letsencrypt certificate

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=18339

Page 1 of 1

Using Letsencrypt certificate

PostPosted: Wed Jul 17, 2019 1:29 pm
by jarome
I followed the instructions at https://gist.github.com/alvarow/b691da8768a590b623261c845782f081 to install my letsencrypt certificate. But even after restarting my Subsonic server (OpenSUSE LEAP 15.1), it is still using the self-signed Subsonic certificate. How do I fix this?

Re: Using Letsencrypt certificate

PostPosted: Sat Aug 10, 2019 8:51 am
by MrChimp1
Did you manage to fix this? I use LetsEncrypt and I can send you my instructions for setting this up.

Re: Using Letsencrypt certificate

PostPosted: Sat Aug 10, 2019 9:52 am
by MrChimp1
OK, managed to get near my computer for 5 minutes. I can't take full credit for all this, its a collection of research but it works for me everytime on a raspberry pi.

1) Create CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout subsonic.domainName.key -out subsonic.domainName.csr

2) Complete cert request via LetsEncrypt and save new cert as "YourNewcert.cer"
!!!! Where prompted use password "subsonic"

3) Obtain the LetsEncrypt root and intermediate certs then combine files:
cat subsonic.domainname.key YouNewCert.cer LetsEncryptIntCert.cer LetsEncryptRootCert.cer > subsonicCertBundle.crt
e.g. cat hostname.key hostname.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > subsonic.crt

4) Convert to PKCS12
openssl pkcs12 -in subsonicCertBundle.crt -export -out subsonic.pkcs12

5) Import into keystore:
sudo keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias subsonic
{password 'subsonic'}

6) Place the keystore into Subsonic:
sudo zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore

7) Enable SSL in subsonic:
sudo nano /etc/default/subsonic
SUBSONIC_ARGS="--port=0 --https-port=443 --max-memory=200"

Note when changing port, only root can bind to ports below 1024 by default, so if you run Subsonic under a service account, see my other post here

Re: Using Letsencrypt certificate

PostPosted: Sat Aug 10, 2019 12:42 pm
by jarome
Rebooting the computer changed the subsonic certificate I believe.

Re: Using Letsencrypt certificate

PostPosted: Mon Dec 02, 2019 8:31 pm
by tangert
With ubuntu 19.10 I needed to add "-deststoretype PKCS12" to the keytool command to make this work:

sudo keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -deststoretype PKCS12 -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias subsonic
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/