Re: [dspace-tech] how to add https support?

[Phillip jan]

Is triny ngrok a good alternative? I do not know how to generate an ssl 
certificate file through ngrok, because I think ssl is already provided 
once i tunnel with it.

On Sunday, March 13, 2022 at 11:15:52 AM UTC+8 Phillip jan wrote:

> Is it a good idea to just use cloudflare? are there like any drawbacks?
>
> On Saturday, March 12, 2022 at 5:48:46 PM UTC+8 alo...@gmail.com wrote:
>
>> It's Impractical but you still can make the domain verification somewhere 
>> else on any publicly accessible server that you control if you point your 
>> domain to that server IP address and ran the same previous command. You 
>> then need to copy the generated 90 days valid certificates to your Windows 
>> 10 workstation!.
>>
>> It's better to go for a self signed certificate instead.
>> On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> Hi!
>>>
>>> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
>>> impossible in my case, are there some alternatives on how to get SSL 
>>> certificates from let's encrypt?
>>>
>>> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>>>
 It's debatable but a bad idea in general unless you doing it for 
 testing purposes and temporarily. It's much safer to get a ( Linux - NO 
 Windows ) server in one of the public clouds and run dspace on it for 
 whatever purpose you intend to run it for.

 Good luck
 On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com 
 wrote:

> Hi!
>
> Thank you for this. The reason why I can't make an SSL certificate 
> using Certbot is that I haven't port forwarded my public IP to my private 
> IP. However, I'm afraid because according to the internet there will be a 
> vulnerability issue with port forwarding, is there a solution that can 
> resolve or lessen these vulnerabilities?
>
> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com 
> wrote:
>
>> If this is a home office network make sure 124.107.184.212 does match 
>> what you get when you visit  https://whatismyipaddress.com 
>> afterwards just redirect traffic coming from the internet to port 80 and 
>> 443 on 124.107.184.212 to go to the private IP address of the Windows 
>> Workstation you installed DSpace on and it should work for you. ( You 
>> should find these settings in the Home Router - See the screenshot 
>> attached 
>> for hints )
>> [image: 2022-03-10_14-54-34.png]
>>
>> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> I directed my A address to my ipv4 through my domain name's dns 
>>> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
>>> private, and public, i did it to both inbound and outbounds. I still 
>>> get 
>>> this error, 
>>> [image: Capture.PNG]
>>>
>>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
>>> wrote:
>>>
 On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 
 phillip...@gmail.com wrote:

> Yes, it asked for a path. I don't know what I should input into 
> it. What path should I include here? thanks!!


 httpd.conf path is what you suppose to write as a path there ( It 
 needs to fetch the ServerName value from the config file ) but it 
 won't 
 work because the installation script will fail to reach your server 
 from 
 the outside to verify you are the real owner of 
 repository-uecal.com. Why? because from what I see from here port 
 80 and 443 on repository-uecal.com is blocked by a firewall. For 
 this to work you have to have an A record in the Authoritative DNS for 
 repository-uecal.com pointing to the IP address of your Windows 
 2019 server and also you have to have port 80 and 443 opened in the 
 firewall/firewalls and both ports are publicly accessible once these 
 are 
 set you can proceed with the lengthy and messy tutorial you were 
 following 
 or you can just install 
 https://dl.eff.org/certbot-beta-installer-win32.exe, stop the 
 apache server and execute this command  ( certbot certonly -n 
 --standalone -d  repository-uecal.com   --agree-tos --email 
 your-email-here ) to generate the certificate and it's key and 
 place them for you as you see them below.

 Successfully received certificate.
 Certificate is saved at: C:\Certbot\live\repository-uecal.com
 \fullchain.pem
 Key is saved at: C:\Certbot\live\repository-uecal.com
 \privkey.pem
 This certificate expires on 2022-06-07.
 These files will be updated when the certificate renews.
 Certbot has 

Re: [dspace-tech] how to add https support?

[Phillip jan]

Is it a good idea to just use cloudflare? are there like any drawbacks?

On Saturday, March 12, 2022 at 5:48:46 PM UTC+8 alo...@gmail.com wrote:

> It's Impractical but you still can make the domain verification somewhere 
> else on any publicly accessible server that you control if you point your 
> domain to that server IP address and ran the same previous command. You 
> then need to copy the generated 90 days valid certificates to your Windows 
> 10 workstation!.
>
> It's better to go for a self signed certificate instead.
> On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com 
> wrote:
>
>> Hi!
>>
>> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
>> impossible in my case, are there some alternatives on how to get SSL 
>> certificates from let's encrypt?
>>
>> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>>
>>> It's debatable but a bad idea in general unless you doing it for testing 
>>> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
>>> server in one of the public clouds and run dspace on it for whatever 
>>> purpose you intend to run it for.
>>>
>>> Good luck
>>> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 Hi!

 Thank you for this. The reason why I can't make an SSL certificate 
 using Certbot is that I haven't port forwarded my public IP to my private 
 IP. However, I'm afraid because according to the internet there will be a 
 vulnerability issue with port forwarding, is there a solution that can 
 resolve or lessen these vulnerabilities?

 On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:

> If this is a home office network make sure 124.107.184.212 does match 
> what you get when you visit  https://whatismyipaddress.com afterwards 
> just redirect traffic coming from the internet to port 80 and 443 on 
> 124.107.184.212 to go to the private IP address of the Windows 
> Workstation 
> you installed DSpace on and it should work for you. ( You should find 
> these 
> settings in the Home Router - See the screenshot attached for hints )
> [image: 2022-03-10_14-54-34.png]
>
> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
> wrote:
>
>> I directed my A address to my ipv4 through my domain name's dns 
>> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
>> private, and public, i did it to both inbound and outbounds. I still get 
>> this error, 
>> [image: Capture.PNG]
>>
>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
>> wrote:
>>
>>> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 Yes, it asked for a path. I don't know what I should input into it. 
 What path should I include here? thanks!!
>>>
>>>
>>> httpd.conf path is what you suppose to write as a path there ( It 
>>> needs to fetch the ServerName value from the config file ) but it won't 
>>> work because the installation script will fail to reach your server 
>>> from 
>>> the outside to verify you are the real owner of repository-uecal.com. 
>>> Why? because from what I see from here port 80 and 443 on 
>>> repository-uecal.com is blocked by a firewall. For this to work you 
>>> have to have an A record in the Authoritative DNS for 
>>> repository-uecal.com pointing to the IP address of your Windows 
>>> 2019 server and also you have to have port 80 and 443 opened in the 
>>> firewall/firewalls and both ports are publicly accessible once these 
>>> are 
>>> set you can proceed with the lengthy and messy tutorial you were 
>>> following 
>>> or you can just install 
>>> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the 
>>> apache server and execute this command  ( certbot certonly -n 
>>> --standalone -d  repository-uecal.com   --agree-tos --email 
>>> your-email-here ) to generate the certificate and it's key and 
>>> place them for you as you see them below.
>>>
>>> Successfully received certificate.
>>> Certificate is saved at: C:\Certbot\live\repository-uecal.com
>>> \fullchain.pem
>>> Key is saved at: C:\Certbot\live\repository-uecal.com
>>> \privkey.pem
>>> This certificate expires on 2022-06-07.
>>> These files will be updated when the certificate renews.
>>> Certbot has set up a scheduled task to automatically renew this 
>>> certificate in the background.
>>>
>>> What you need to add into the apache SSL config file after the 
>>> certificate and it's key is saved in your server:
>>> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
>>> \fullchain.pem"
>>> SSLCertificateKeyFile 

Re: [dspace-tech] SMTP over TLS Failed

[Chalew Tesfaye]

Cristhian's method worked for me too.!
Thank you

On Thursday, December 9, 2021 at 6:52:58 PM UTC+3 redu@gmail.com wrote:

> Cristhian's method worked for me too.!
> Thanks for the help.
>
> Regards,
>
> El viernes, 14 de mayo de 2021 a las 19:03:37 UTC-6, Agboola Raphael 
> escribió:
>
>> Yes,  Cristhian Rey method works for me.
>> Thanks
>>
>> On Thursday, May 6, 2021 at 1:04:42 AM UTC+1 crisan...@gmail.com wrote:
>>
>>> Hi everybody I had the same issue in debian and fixed it adding this in 
>>> dspace.conf:
>>>
>>> mail.extraproperties = mail.smtp.socketFactory.port=587, \
>>>
>>> mail.smtp.starttls.enable=true, \
>>>
>>> mail.smtp.starttls.required=true, \
>>>
>>> mail.smtp.ssl.protocols=TLSv1.2
>>>
>>>
>>> Best Regards,
>>>
>>>
>>> Cristhian Rey
>>>
>>> Colombia
>>>
>>> El miércoles, 17 de marzo de 2021 a las 14:08:24 UTC-5, 
>>> gonza...@gmail.com escribió:
>>>
 Just adding some info I've found troubleshooting the same error 
 (javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is 
 disabled or cipher suites are inappropriate)

 Running DSpace on Centos8 could require that command, depending on your 
 mail provider, as far as TLS 1.0 and 1.1 are deprecated and a legacy mode 
 is needed. 

 This solved the issue to me, using SMTPS under TLS on port 465


 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security


 El Wednesday, December 9, 2020 a la(s) 5:39:39 PM UTC-3, 
 hbla...@gmail.com escribió:

> Hi for all, 
> Today I finally found a solution, the problem was with the operating 
> system. execute the following command 
>
>  update-crypto-policies --set LEGACY  
>
> and after reboot it has worked.
> Thanks to everyone for your support.
>
> El martes, 8 de diciembre de 2020 a la(s) 16:45:42 UTC-5, 
> jacob.cameron escribió:
>
>> That should have said TLS 1.0 and 1.1 support.
>>
>>  
>>
>>  
>>
>> --
>>
>> Jake Cameron, BCS(UNB)
>>
>> Systems Support Specialist III
>>
>> Information Systems and Technical Services University of Lethbridge 
>> Library
>>
>> Phone:(403)329-2756 <(403)%20329-2756>
>>
>> This e-mail, including any and all attachments, is only for the use 
>> of the intended recipient(s) and may contain information that is 
>> confidential or privileged. If you are not the intended recipient, you 
>> are 
>> advised that any dissemination, copying or other use of this e-mail is 
>> prohibited. Please notify the sender of the error in communication by 
>> return e-mail and destroy all copies of this e-mail. Thank you.
>>
>>  
>>
>> *From:* dspac...@googlegroups.com  *On 
>> Behalf Of *Cameron, Jacob
>> *Sent:* Tuesday, December 8, 2020 8:54 AM
>> *To:* Humberto Blanco Castillo ; DSpace Technical 
>> Support 
>> *Subject:* RE: [dspace-tech] SMTP over TLS Failed
>>
>>  
>>
>> Hello Humberto,
>>
>>  
>>
>> Microsoft has ended TLS 1.0 and TLS 1.2 support for all their mail 
>> products.  You need to ensure you are using TLS 1.2 or higher on your 
>> server or the messages will fail.
>>
>>  
>>
>>  
>>
>> --
>>
>> Jake Cameron, BCS(UNB)
>>
>> Systems Support Specialist III
>>
>> Information Systems and Technical Services University of Lethbridge 
>> Library
>>
>> Phone:(403)329-2756 <(403)%20329-2756>
>>
>> This e-mail, including any and all attachments, is only for the use 
>> of the intended recipient(s) and may contain information that is 
>> confidential or privileged. If you are not the intended recipient, you 
>> are 
>> advised that any dissemination, copying or other use of this e-mail is 
>> prohibited. Please notify the sender of the error in communication by 
>> return e-mail and destroy all copies of this e-mail. Thank you.
>>
>>  
>>
>> *From:* dspac...@googlegroups.com  *On 
>> Behalf Of *Humberto Blanco Castillo
>> *Sent:* Tuesday, December 8, 2020 8:26 AM
>> *To:* DSpace Technical Support 
>> *Subject:* [dspace-tech] SMTP over TLS Failed
>>
>>  
>>
>> Caution: This email was sent from someone *outside of the University 
>> of Lethbridge*. Do not click on links or open attachments unless you 
>> know they are safe. Suspicious emails should be forwarded to 
>> phis...@uleth.ca.
>>
>>  
>>
>> My dspace server was working with the following configuration 
>>
>>  
>>
>> *mail.server = outlook.office365.com *
>>
>> *mail.server.username = **myu...@mydomain.com*

Re: [dspace-tech] how to add https support?

[Mohammad S. AlMutairi]

It's Impractical but you still can make the domain verification somewhere 
else on any publicly accessible server that you control if you point your 
domain to that server IP address and ran the same previous command. You 
then need to copy the generated 90 days valid certificates to your Windows 
10 workstation!.

It's better to go for a self signed certificate instead.
On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com wrote:

> Hi!
>
> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
> impossible in my case, are there some alternatives on how to get SSL 
> certificates from let's encrypt?
>
> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>
>> It's debatable but a bad idea in general unless you doing it for testing 
>> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
>> server in one of the public clouds and run dspace on it for whatever 
>> purpose you intend to run it for.
>>
>> Good luck
>> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com wrote:
>>
>>> Hi!
>>>
>>> Thank you for this. The reason why I can't make an SSL certificate using 
>>> Certbot is that I haven't port forwarded my public IP to my private IP. 
>>> However, I'm afraid because according to the internet there will be a 
>>> vulnerability issue with port forwarding, is there a solution that can 
>>> resolve or lessen these vulnerabilities?
>>>
>>> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:
>>>
 If this is a home office network make sure 124.107.184.212 does match 
 what you get when you visit  https://whatismyipaddress.com afterwards 
 just redirect traffic coming from the internet to port 80 and 443 on 
 124.107.184.212 to go to the private IP address of the Windows Workstation 
 you installed DSpace on and it should work for you. ( You should find 
 these 
 settings in the Home Router - See the screenshot attached for hints )
 [image: 2022-03-10_14-54-34.png]

 On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
 wrote:

> I directed my A address to my ipv4 through my domain name's dns 
> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
> private, and public, i did it to both inbound and outbounds. I still get 
> this error, 
> [image: Capture.PNG]
>
> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
> wrote:
>
>> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> Yes, it asked for a path. I don't know what I should input into it. 
>>> What path should I include here? thanks!!
>>
>>
>> httpd.conf path is what you suppose to write as a path there ( It 
>> needs to fetch the ServerName value from the config file ) but it won't 
>> work because the installation script will fail to reach your server from 
>> the outside to verify you are the real owner of repository-uecal.com. 
>> Why? because from what I see from here port 80 and 443 on 
>> repository-uecal.com is blocked by a firewall. For this to work you 
>> have to have an A record in the Authoritative DNS for 
>> repository-uecal.com pointing to the IP address of your Windows 2019 
>> server and also you have to have port 80 and 443 opened in the 
>> firewall/firewalls and both ports are publicly accessible once these are 
>> set you can proceed with the lengthy and messy tutorial you were 
>> following 
>> or you can just install 
>> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
>> server and execute this command  ( certbot certonly -n --standalone 
>> -d  repository-uecal.com   --agree-tos --email your-email-here ) to 
>> generate the certificate and it's key and place them for you as you see 
>> them below.
>>
>> Successfully received certificate.
>> Certificate is saved at: C:\Certbot\live\repository-uecal.com
>> \fullchain.pem
>> Key is saved at: C:\Certbot\live\repository-uecal.com
>> \privkey.pem
>> This certificate expires on 2022-06-07.
>> These files will be updated when the certificate renews.
>> Certbot has set up a scheduled task to automatically renew this 
>> certificate in the background.
>>
>> What you need to add into the apache SSL config file after the 
>> certificate and it's key is saved in your server:
>> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
>> \fullchain.pem"
>> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com
>> \privkey.pem"
>>
>>
>> Good luck
>>
>>
>>  [image: path.PNG]
>>>
>>> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>>>
 Hi Phillip,

 For the verification, did you choose [http-01]