Revoke or move letsencrypt cerfiicate

TrueNAS General
1

I successfully set up a letsencrypt cert via CloudFare (Acme DNS-Authenticators) for my domain.
After installing Immich, I wanted to access it from the Internet but since I already had a cert for my TrueNAS GUI, adding another one via NGINX fails
(obviously :slight_smile: )
Questions

  1. can this certificate be shared with Immich?-- if not how can I revoke it ?
  2. once revoked is NGINX the preferred way to use a single LetsEncrypt cert for multiple apps hosted on TrueNAS.?

Any links appreciated

2

Revoking a cert isn’t going to solve any of your problems.

If you’re using DNS validation, having an existing cert won’t cause issuance of another one to fail, unless you’ve already hit the rate limits (which would mean you’d issued five identical certs within the past seven days). In that case, wait 34 hours, and you should be able to get a new one.

What’s the exact error you’re getting when you try to get a new cert?

Nginx (by which I assume you mean Nginx Proxy Manager) is a good way to use a single wildcard cert for multiple apps hosted on the NAS.

1 Like
3

I get an internal error, but not sure ‘where to look’ in TrueNas…
/var/log/?
INGINX = Yes I meant NGINX Proxy Manager, which if I had found that first
then I will installed it first… so very simple.
I do have LetsEncrypt dns certs on my FreeBSD email server, which isn’t automatic.
cerbot does exist on the OS give an error when trying to run any command.
I did find the certs I created in /etc/certificates but there isn’t a .pem file only
.key and .crt
My reason for revoking is that I used a wild card for my domain, so I don’t think the 34 hour wait will work…
Much thanks

4

Those are .pem files, but that isn’t going to be the way to use them.

The rate limits don’t have anything to do with whether the certs are wildcards or not.

1 Like
5

Dan.
Thank you…
I am searching for the logs that might tell me why the certs were failing installation on NPM

6

Dan…
Following up…
As you pointed out, my issue was not a rate limit, thanks for that info.
My issue with NGINX was actually simple and completely unrelated to the existing cert on the TrueNAS GUI that I thought was causing the issue.
Found a couple of tutorials …
Followed this tutorial for NGINX – it was awesome… (Someone named Dan… :slight_smile: )
Dans Wiki
Another one that was similar but not as clear, very helpful for Immich
Immich-Help

Lessons learned

  • set up CloudFare DNS
  • created token - per Dan’s wiki
  • NGINX ( i used the TrueNAS app from Docker - iXsystems pool)
    – create the SSL Cert first before you create any proxy hosts. (using DNS-validation)
  • created my proxy host forr the Immich instance…
    Thank you for the Wiki and comments sir…