Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
deluge: enable ssl with letsencrypt?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
thoughtform
l33t
l33t


Joined: 24 May 2004
Posts: 600
Location: east coast USA

PostPosted: Thu Sep 03, 2020 7:47 pm    Post subject: deluge: enable ssl with letsencrypt? Reply with quote

hello,
i have deluge and deluge-web and would like to use my letsencrypt certs with it.
it has two files:
/var/lib/deluge/ssl/daemon.cert
/var/lib/deluge/ssl/daemon.pkey

In letsencrypt, i have these files:
lrwxrwxrwx 1 root root 46 Jun 27 06:47 cert.pem -> ../../archive/vps.amomentofdecay.com/cert1.pem
lrwxrwxrwx 1 root root 47 Jun 27 06:47 chain.pem -> ../../archive/vps.amomentofdecay.com/chain1.pem
lrwxrwxrwx 1 root root 51 Jun 27 06:47 fullchain.pem -> ../../archive/vps.amomentofdecay.com/fullchain1.pem
lrwxrwxrwx 1 root root 49 Jun 27 06:47 privkey.pem -> ../../archive/vps.amomentofdecay.com/privkey1.pem


I am asking which files should be copied to the daemon.cert and daemon.pkey?
Do I have to combine any?

I tried copying cert.pem to daemon.cert and also privkey.pem to daemon.pkey and changed the perms on the files so deluge:deluge owns them but i get ssl errors in deluge.log:


15:33:14 [DEBUG ][deluge.core.alertmanager :135 ] Handling alert: session_stats_alert
15:33:15 [DEBUG ][deluge.core.alertmanager :118 ] Alerts queued: 1
15:33:15 [DEBUG ][deluge.core.alertmanager :130 ] session_stats_alert: session stats (299 values): 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62, 0, 0, 152, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4984, 0, 0, 0, 4312, 0, 0, 0, 154, 0, 178, 0, 31107, 28511, 20, 0, 21, 0, 25, 106, 0, 0, 0, 0, 0, 0, 5, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 84, 8, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
15:33:15 [DEBUG ][deluge.core.alertmanager :135 ] Handling alert: session_stats_alert
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 550

PostPosted: Thu Sep 03, 2020 8:32 pm    Post subject: Reply with quote

Hi
Code:

cert1.pem
privkey1.pem

Or alternatively possibly
Code:

fullchain1.pem
privkey1.pem

I have seen the second being applied to postfix sni.
Just edit the deluge config and replace the stock files with your Letsencrypt ones
Of course your hostname or fqdn should be the same both in the certs and the Deluge config
:D
Back to top
View user's profile Send private message
thoughtform
l33t
l33t


Joined: 24 May 2004
Posts: 600
Location: east coast USA

PostPosted: Fri Sep 04, 2020 1:12 pm    Post subject: Reply with quote

Hi, thanks for the reply!
I tried changing the config and pointing the config to each of the suggested certs, still getting the ssl state error.
I wonder if anyone has gotten this to work?

Thanks!
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15972

PostPosted: Fri Sep 04, 2020 3:50 pm    Post subject: Reply with quote

For the original cert and pkey files, before you replaced them, what is the output of file filename? For the original cert file and for the one from LetsEncrypt, what is the output of openssl x509 -noout -text -in filename? I think this will not show anything private, but you should review the output to confirm that before posting it.
Back to top
View user's profile Send private message
thoughtform
l33t
l33t


Joined: 24 May 2004
Posts: 600
Location: east coast USA

PostPosted: Fri Sep 04, 2020 4:20 pm    Post subject: Reply with quote

original files:
vps /var/lib/deluge/ssl # file daemon.cert
daemon.cert: PEM certificate
vps /var/lib/deluge/ssl # file daemon.pkey
daemon.pkey: ASCII text

vps /var/lib/deluge/ssl # openssl x509 -noout -text -in daemon.cert
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Deluge Daemon
Validity
Not Before: Jul 10 22:40:38 2020 GMT
Not After : Jul 10 22:40:38 2023 GMT
Subject: CN = Deluge Daemon
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:ad:8f:6a:4f:4e:19:4a:2a:1f:0d:9e:1c:eb:
7c:6a:91:4d:01:fa:10:8c:3c:31:c3:88:72:24:6d:
32:43:c4:68:7f:2a:65:2d:13:e3:a5:79:67:06:2a:
2e:29:0c:56:83:c5:75:42:06:f9:ed:66:ea:5f:b2:
4e:4d:e6:b0:22:f0:8c:59:e4:f8:3d:1b:87:6f:49:
b6:bd:e6:bc:c8:a6:9b:30:3d:52:0e:68:5f:41:d3:
10:36:22:14:56:ed:83:a3:b8:34:9a:92:7a:d9:81:
01:e3:66:d0:d2:19:ee:5b:0f:b1:56:6a:38:dc:6f:
9f:9f:7b:80:3a:43:83:b3:02:fb:66:6d:77:a0:c2:
68:7b:e3:77:cc:6b:cf:c5:8a:fd:b8:1a:6d:d6:bc:
0b:6e:b0:6b:ae:21:02:7c:38:e9:5c:d1:c8:43:a3:
48:d9:01:bb:78:0c:81:e2:48:14:62:51:f0:9a:5b:
42:82:c9:b0:36:45:bd:6c:fa:2b:b1:de:6e:91:4b:
f5:9e:67:02:00:19:f8:a8:dd:76:a9:f4:7a:c3:d4:
c2:36:a5:11:19:34:9a:97:7f:f6:82:6b:74:d8:3e:
c6:6b:da:ee:38:6b:c7:07:00:8f:5c:3c:c2:ac:9c:
9e:b9:10:9e:fe:35:fc:b3:11:41:5a:2f:b1:21:20:
ca:ad
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
6d:9e:23:c0:72:9f:84:0f:4f:a5:00:3a:19:7a:90:bb:16:18:
4b:10:97:49:0b:a5:06:46:97:4b:04:1d:bd:6b:96:22:2e:af:
4c:1b:31:4a:f2:21:e6:35:1f:7c:1f:31:b1:5c:6a:32:dd:46:
7f:43:f5:85:18:8b:6e:91:10:07:61:99:f7:be:ff:d2:f1:cc:
3a:1e:b4:e7:5d:ec:f6:58:87:7f:ed:68:52:7c:ff:f1:ba:d2:
cc:44:02:fb:53:86:58:88:dc:67:c6:75:cb:93:88:53:a9:65:
0d:c7:fc:24:ed:e3:0c:22:46:5d:0c:a6:c9:a2:26:8d:a4:90:
aa:0b:f2:de:a2:7e:aa:d8:64:fa:3c:cc:62:88:76:6a:ed:e8:
d1:4c:52:47:bb:19:9c:25:9c:cd:af:8a:68:53:bb:6b:2a:6b:
fb:72:c8:7e:04:28:91:05:fe:b6:2d:72:30:16:c6:9e:d8:f4:
07:6a:93:c1:5f:da:c8:39:2c:93:0e:94:86:18:ac:f1:77:1d:
a6:98:af:00:35:2b:2c:d4:57:77:64:35:cc:02:b8:07:42:29:
91:6d:23:71:41:27:5a:1d:55:19:03:be:77:ad:68:d6:13:9c:
ab:e5:0a:3d:f4:ce:9b:cf:09:28:b9:1a:cc:13:e9:b7:d3:26:
f3:70:97:ba
vps /var/lib/deluge/ssl #

then i moved the originals to backup dir:
mv daemon.* /var/lib/deluge/ssl/backups/

then i did the file cmd on the ssl cert i copied from the letsencrypt dir to the deluge ssl dir:
vps /etc/letsencrypt/archive/vps.amomentofdecay.com # cp cert1.pem /var/lib/deluge/ssl/daemon.cert
vps /etc/letsencrypt/archive/vps.amomentofdecay.com # cp privkey1.pem /var/lib/deluge/ssl/daemon.pkey

vps /var/lib/deluge/ssl # openssl x509 -noout -text -in daemon.cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:c7:ff:e8:c9:4b:dc:ef:00:38:53:37:b5:e2:58:d1:76:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Jun 27 09:47:44 2020 GMT
Not After : Sep 25 09:47:44 2020 GMT
Subject: CN = vps.amomentofdecay.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:12:01:be:de:f4:5e:d2:1d:f0:e7:fc:09:04:
e3:0b:8f:0f:1c:13:d0:8b:cb:02:31:39:0d:b4:fb:
4b:45:48:b1:9d:5d:8a:ae:c0:d7:2a:77:72:4d:82:
a9:d3:2c:b8:01:0b:9f:13:27:7e:da:22:22:bb:34:
6d:7a:18:33:47:9d:01:4e:09:56:dc:03:91:18:13:
d3:cb:9e:24:43:3d:cd:13:d5:ac:5d:46:8a:1e:c5:
0c:22:2b:8d:b9:92:ac:dc:31:fe:35:fd:e5:6d:98:
cc:7f:5d:ef:72:b3:cf:8a:1d:2a:37:c7:9f:da:08:
76:04:e6:c1:05:99:3e:c5:30:cf:b0:46:74:c7:d7:
2c:2d:58:24:d8:3d:15:d0:b2:86:0a:00:35:18:99:
a5:39:9a:2d:4e:14:60:7b:7e:7c:ed:02:96:c3:eb:
6b:f9:79:62:a4:16:39:da:10:79:46:a8:d3:2d:25:
88:83:93:2e:ae:ef:fc:fc:71:6f:33:eb:7b:93:37:
f5:5c:99:10:9a:9c:69:f4:ba:a9:40:74:fc:24:7b:
85:d1:13:cb:15:35:2f:89:64:1c:04:13:69:86:e7:
f0:b5:fb:a9:90:2b:78:1c:c1:3d:de:39:7d:9d:14:
ad:b5:62:4f:aa:ef:85:2b:6c:ce:eb:fa:81:03:a7:
54:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F3:41:8B:28:E5:AD:5C:07:00:80:BB:B2:DC:CE:5A:DD:5F:DF:41:46
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

X509v3 Subject Alternative Name:
DNS:vps.amomentofdecay.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org

CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E7:12:F2:B0:37:7E:1A:62:FB:8E:C9:0C:61:84:F1:EA:
7B:37:CB:56:1D:11:26:5B:F3:E0:F3:4B:F2:41:54:6E
Timestamp : Jun 27 10:47:44.268 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:59:58:13:AE:5C:B2:AF:61:95:79:38:97:
37:6F:B6:AC:DF:66:0E:A3:B6:A9:26:64:E7:AF:10:17:
81:5D:58:0D:02:21:00:B7:A0:41:87:5C:76:CB:1E:56:
95:33:2C:DC:64:37:9F:C6:A3:04:59:4E:71:13:7B:66:
C0:3E:D8:6A:36:82:E5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 07:B7:5C:1B:E5:7D:68:FF:F1:B0:C6:1D:23:15:C7:BA:
E6:57:7C:57:94:B7:6A:EE:BC:61:3A:1A:69:D3:A2:1C
Timestamp : Jun 27 10:47:44.317 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CE:8B:81:9A:62:B1:2C:2F:15:36:06:
50:BD:43:7D:40:B5:51:9C:EB:A6:32:7B:44:C4:8F:9F:
5F:B8:8C:71:EE:02:21:00:D1:28:9E:D8:2C:87:D2:87:
C1:08:FF:CC:A1:51:AC:37:A8:BC:91:8C:56:53:AE:64:
1C:C8:2C:10:3F:02:A1:74
Signature Algorithm: sha256WithRSAEncryption
52:4d:66:11:2a:f3:3b:34:d2:45:0d:42:71:d0:f7:c9:ee:1d:
86:cd:f7:11:75:a4:dc:34:a3:91:3f:4a:bf:5a:c5:c8:81:40:
4f:0f:f3:57:22:21:b0:a3:61:e0:4f:3f:ec:ff:b8:8d:e9:bd:
3d:03:0c:aa:6c:95:be:1a:e4:5d:0a:58:fc:41:7e:99:63:f3:
eb:49:97:d5:7a:d7:21:fb:c1:7e:9a:e9:60:c2:5a:25:cc:04:
0c:8a:d9:33:83:a9:a2:81:49:a8:9d:68:a9:ed:39:02:47:07:
01:9f:00:20:53:80:71:3f:94:6c:99:2e:7b:66:48:52:f7:13:
05:a9:71:6e:66:03:77:31:c2:f8:e1:8f:2b:e8:c6:ad:58:e6:
a0:2e:ac:80:06:9e:7b:a6:35:97:68:94:d7:f3:6c:3d:c0:5b:
7c:10:16:47:27:7e:4b:d7:f2:5d:58:01:a5:d8:a2:3f:4b:6a:
b5:da:fa:11:4d:90:72:8a:fc:95:a0:79:05:a2:c6:9c:42:6b:
16:ad:fb:a5:6a:e7:e7:a3:a5:50:fd:82:ed:0f:d1:8c:68:39:
66:af:46:0d:3a:0c:0f:db:35:c3:2a:b0:56:a9:94:75:3a:3d:
d0:5a:d0:a1:4c:bf:4f:d5:ab:17:45:8a:0f:20:fb:d9:f5:11:
8f:91:69:5b
vps /var/lib/deluge/ssl #
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum