Help Need a SSL Certificate

RavenLunatic · 2025-03-10T13:45:05+0000

I have embarked on a mission to move all my stuff onto a VPN out of curiosity.

I have set up my computer network, phones, and tablets with Tailscale which was very straight forward. Next task was to setup Vaultwarden but here is the problem. I don’t have a verifiable SSL Certificate on my TrueNAS Scale server so the phone, and desktop app refuse to connect. It appears the built in TrueNAS Scale Certificate isn’t good enough.

How do I get a proper SSL Certificate? Looking around it seems very complicated and most of the places i have looked say that people get them from their domain provider. I do not have a domain, but I do have a static IP address.

What are my options?

randal · 2025-03-10T14:00:11+0000

You can pickup xyz domains for peanuts, I'd do that and use LetsEncypt. If you used CloudFlare, you'd get all the benefits of that too.

RavenLunatic · 2025-03-10T14:30:04+0000

Do you mean just a random numbers and letters?

Who is the cheapest registrar there seems to be a lot of them?

#Chri5# · 2025-03-10T14:34:12+0000

RavenLunatic said:
Do you mean just a random numbers and letters?

Who is the cheapest registrar there seems to be a lot of them?

I'd get a domain with Cloudflare. Possibly not the cheapest but reliable. Just under 5/usd for a .uk domain.

RavenLunatic · 2025-03-10T15:20:22+0000

Bagged a good .uk name for $4.82 a year.

Now to find out how to get the certificate...

RavenLunatic · 2025-03-10T16:57:54+0000

Got the cert installed but I am getting this message:

This server could not prove that it is 192.168.1.233; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

any ideas?

Robert T. · 2025-03-10T17:12:23+0000

SSL cert may be missing SAN (Subject Alternative Name) attribuite required by all modern Chromium-based browsers.
It's been pain for quite a while now...

RavenLunatic · 2025-03-10T17:24:04+0000

Firefox detected a potential security threat and did not continue to 192.168.1.233. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

Robert T. · 2025-03-10T18:00:02+0000

If you are sure this is correct, just go to lower part of message where you may get something like 'advanced' or 'not recommended' button that will allow you to 'accept risk and get to page'
Also - did you inserted that certificate to your certificate store as Trusted Root Authority? This may help - thou not overly convinced it would in this scenario..

VersionMonkey · 2025-03-10T19:37:26+0000

It's not clear to me what your configuration is. You mention getting a domain, then getting a certificate; but you are still attempting to access the URL using an IP address?

The name in the certificate (CN and SAN) must match what you type into the address bar. What certificate did you get?

RavenLunatic · 2025-03-10T20:00:14+0000

I followed this video

I am now getting error messages saying the cert belongs to my domain and not my local ip address.

I can access Vaultwarden if I click ignore warning and go to page anyway through Chrom and firefox

I need a work around . Subject Alternative Name is the problem as it won't let me use a local ip address.