Antsle Forum

Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more. 

Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked. 

You need to log in to create posts and topics.

SSL 'This site can’t provide a secure connection' error

I followed the steps on the Access Antlets (accdomain), but since I need a cert for SSL that didn't work. So, I found the ssl.example.com.conf.HTTPS in the /etc/nginx/virtualhosts. My antlet is CentOS with Apache 2.4.6

I enabled port forwarding (80 & 443) on my router to my antsle.

I've verified with the SSL provider that my cert is installed correctly.

I can access the site via myantsle-XX.local and via https get me the red warning line-through on the https with the not secure. (Host name doesn't match cert, which is what I'd expect.)

However, when I try to access via the internet, I get the 'This site can't provide a secure connection' error. 🙁

Has any one tried to configure with SSL?

I am having the same problem please let me know if you figure out something

i let Nginx handle it but it keep giving me key miss match

I spent way too many hours troubleshooting this exact issue. I finally figured it all out, but it wasn't easy. The issue I had was I renamed all my internal servers and computers to a new naming schema I devised. I renamed my Anstle, which broke almost everything, including SSL, which was using a self-signed certificate at the time. I'll post my steps in a new response.

I'll try to explain the steps involved here w/o diving into too much additional tech:

  1. From your Antsle, take note of the hostname of your Antsle device and make sure your Antsle has Internet connectivity
  2. Verify that the 'anthilld' service is running on your Antsle under system services.
  3. Sign into Anthill and confirm that your Antsle and Antill are communicating by checking the 'last seen' heartbeat time.
  4. Also confirm that your hostname seen in Anthill matches the actual hostname of your Antsle.
  5. Click the hyperlink under InstantSSL to setup a new subdomain and generate a LetsEncrypt certificate.
  6. Create your subdomain, naming it the same as your Antsle hostname and click submit
    (This step auto generates the SSL certificate and configures your virtual host mapping in NGINX)
  7. Restart NGINX: #service nginx restart
  8. Open your Antsle console URL with SSL enabled: (https://myantsle-subdomain.antsle.us)

    For troubleshooting purposes, here is where your virtual hosts are maintained on your Antsle:
    Path: \etc\nginx\virtualhosts\

    And here is where your LetsEncrypt certificate files are stored, which should now include two files:
    Path: \etc\letsencrypt\live\
    Filename: privkey.pem / fullchain.pem

    One extra step I had to take was to create a local DNS entry on my Mac, using GasMask. I just created an entry like:
    192.168.100.2 myantsle.antsle.us

That's pretty much it. Here are a couple resources to help:

https://docs.antsle.com/https/
Video instruction: https://antsle.com/freedomcasts/episode-15/

 

Thanks for replying.

I did your steps. (I hadn't installed the InstantSSL cert before, and I'm waiting for it to be available.)

I'm still trying to host my site on an antlet with my own cert, so maybe this can provide some insight.

I am hosting a wordpress site on one of my antlets (the address is https://staging.tulsatownvet.com -- it's a test site for my wife's vet clinic).

Its certificate is from Let's Encrypt.  I store the cert info on the antsle (not in the antlet itself) and added a conf file to the /etc/nginx/virtualhosts directory so the antsle directs traffic to the proper antlet based on the web address (in this case, staging.tulsatownvet.com).

I used this article in the docs (and alot of googling):

https://docs.antsle.com/https/#https-to-antlets

I've uploaded the conf file I'm using [ staging.tulsatownvet.com.conf ], if it helps -- note that the 10.1.1.40 is the address of my wordpress antlet.

(I can't upload the file with .txt at the end, so I'm going to just paste it at the end of this message)

The wordpress site itself is listening to port 80. All the ssl is "above" it at the antsle level.

Also, the port 80 (server { listen 80; ...) section doesn't yet work (I was going to do a re-direct to https, but disabled it for some troubleshooting reason I don't remember and never enabled it).

 

 

File Begins here:

map $http_upgrade $connection_upgrade {
   default upgrade;
   '' close;
}

server {
   listen 80;
   server_name staging.tulsatownvet.com;
   # rewrite ^ https://staging.tulsatownvet.com$request_uri redirect;

   location / {
      proxy_read_timeout 300;
      proxy_connect_timeout 300;
      proxy_redirect off;

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Protocol $scheme;
      proxy_set_header X-Forwarded-Ssl off;
      proxy_set_header X-Url-Scheme $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;

      # Forward WebSocket.
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      proxy_pass http://10.1.1.40; 
   }
}

server {
   listen 443;
   server_name staging.tulsatownvet.com;
   ssl on;
   ssl_certificate /etc/letsencrypt/live/staging.tulsatownvet.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/staging.tulsatownvet.com/privkey.pem;
   # root /var/www/;

   location / {
      proxy_read_timeout 300;
      proxy_connect_timeout 300;
      proxy_redirect off;
      # proxy_redirect http:// https://;

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Protocol $scheme;
      proxy_set_header X-Forwarded-Ssl off;
      proxy_set_header X-Url-Scheme $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;

      # Forward WebSocket.
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      proxy_pass http://10.1.1.40; 
   }
}

ok. I have gotten a bit further. I can now access my antsle via https. So that is one good thing.

I applied the new conf file for nginx and I'm stuck on  this error:

connect:No route to host

connect:errno=113

This appears to be something with the firewall, but I'm not sure.

when I execute netstat -nlp | grep 80 on the antlet I get this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      287/sshd            

tcp6       0      0 :::22                   :::*                    LISTEN      287/sshd            

tcp6       0      0 :::80                   :::*                    LISTEN      311/httpd

when I execute netstat -nlp | grep 80 on the antsle I get this:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      31841/nginx: master

I think one is IPv4 (antsle) and IPv6 (antlet), but I wonder if that is somehow causing the route to fail?

I pretty sure this is the last thing I need to get this to work, but everything appears to be correct as far as I can tell.

powered by proof factor - increase conversions with social proof notifications