Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post your questions about myQNAPcloud service here.
Post Reply
pattygq
Starting out
Posts: 36
Joined: Fri Oct 09, 2015 2:07 am

Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post by pattygq »

I'm at my wits in trying to get this to work. I've already read this back and forth and can't seem to get it sorted out: viewtopic.php?f=313&t=144434

In the end I want "website1.xyz" and "website2.xyz" inside of virtual hosts to have their own independent automatically renewing Let's Encrypt SSL certs.

========================================

Here's how it's setup now:

========================================

System Administration:
----------------------------

System Port 30000 (HTTP)

Enable HTTP Compression
Enable secure connection (HTTPS)
TLS 1.2 and later
Enable strong cipher suites
Port Number 31000
Force secure connection (HTTPS) only
Do not allow QTS embedding in IFrames
Enable X-Content-Type-Options HTTP header
Enable Content-Security-Policy HTTP header

========================================

Web Server enabled:

HTTP Port Number 40000
Enable HTTP Compression
Enable Secure Connection (HTTPS)
TLS v1.0 and later
HTTPS Port 41000
Max num of clients 2048
Do not allow web server embedding in IFrames


Virtual Hosts are disabled:

|Host Name|Protocol|Port Number|
|website1.xyz|HTTPS|41000|
|website2.xyz|HTTPS|41000|

=========================================

On the router ports 40000 and 41000 are redirected to port 80 and 443 on the qnap. Are they supposed to be redirected to the system ports? 30000 and 31000? That leaves the Web GUI exposed to the net.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've literally tried everything I can think of. Disabled virtual hosts, tried to replace certs via System --> Security --> SSL Certificates & Private Key.
I can see the well-known folder being created in the Web folder but it never populates with files.
A day without sunshine is like, you know, night. -Steve Martin
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post by FSC830 »

pattygq wrote: Mon Dec 05, 2022 3:35 pm ...
On the router ports 40000 and 41000 are redirected to port 80 and 443 on the qnap. Are they supposed to be redirected to the system ports? 30000 and 31000? That leaves the Web GUI exposed to the net.
...
The worst decision someone can do! Even when using unusual port, NEVER expose NAS in such a way to internet!
See the links in my signature what will be happen. Using individual ports will not save you from malware attack, it only extends the time until it will be hacked!

If access to webservices is mandatory for any reason, use a virtual host by a internet provider of your choice.
The NAS at your home should only be access with a VPN server (running at router, no paid service).
This will save you a lot of tears (and most likely your data).
If you decide to keep on using your own webserver(s), prepare at least for multiple backups.

Regards
pattygq
Starting out
Posts: 36
Joined: Fri Oct 09, 2015 2:07 am

Re: Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post by pattygq »

Thanks for the response however I'm not a casual user.

I'm fully aware of the issues and all are a moot point seeing as how this box is setup on the network.

So, going back to my original issue with the software in the qnap, does anyone have a working setup I can follow?
A day without sunshine is like, you know, night. -Steve Martin
Radasaurus
Starting out
Posts: 11
Joined: Wed Jun 16, 2021 10:03 pm

Re: Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post by Radasaurus »

I am able to connect to my NAS through my router WITHOUT any port forwarding whatsoever. I am, however, using SSL that I had to pay a small fortune to QNAP for. The other NAS that I have on my network and connected to myqnapcloud I'm closing up to allowing anyone to log in. For some screwed up reason, however, I need to have it connected to myqnapcloud to be able to even use it as I can't even login because the browsers all tell me that its "security information cannot be verified" if it isn't connected to myqnapcloud - I suspect its because it was at one point registered using the SSL I purchased but when the hacking got out of hand I closed all the port forwards and bought the SSL for just one machine.

I'm just hoping I have the other one zipped up tight enough. The fact that there are zero port forwards should help along with good 2 factor authentications....
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Can someone explain how to setup a Let's Encrypt cert for each individual virtual host?

Post by dolbyman »

cloudlink would use QNAP certs

if you use your own certs, you MUST have the qnap exposed, how else would you connect ? (maybe upnp?) .. and don't be fooled by 2fa, the qnap implementation is so faulty that it did do zilch for deadbolt victims (exloits do not care about web based authentication)
Post Reply

Return to “myQNAPcloud service”