[GH-ISSUE #126] Feature Request: manage SSL from Web GUI #2014

New issue

Closed

opened 2026-03-14 02:05:21 +03:00 by kerem · 3 comments

kerem commented

2026-03-14 02:05:21 +03:00

Owner

Originally created by @dinger1986 on GitHub (Oct 5, 2020).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/126

I have setup a CRON job but it would be good to manage SSL Certs from the portal as well.

Originally created by @dinger1986 on GitHub (Oct 5, 2020). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/126 I have setup a CRON job but it would be good to manage SSL Certs from the portal as well.

kerem

2026-03-14 02:05:21 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-03-14 02:05:37 +03:00

Author

Owner

@wh1te909 commented on GitHub (Oct 9, 2020):

can you post the cron command you used? Im not sure if the TXT challenge option the install script uses can be automated since would have to manually add the TXT record but I know there are other ways like wellknown challenge.

@wh1te909 commented on GitHub (Oct 9, 2020): can you post the cron command you used? Im not sure if the TXT challenge option the install script uses can be automated since would have to manually add the TXT record but I know there are other ways like wellknown challenge.

kerem commented

2026-03-14 02:05:42 +03:00

Author

Owner

@trs998 commented on GitHub (Dec 29, 2020):

I used the following manually, using the DNS TXT record method. The usual standalone method for certbot won't work due to the RMM being a seperate server to the webserver on the primary domain... could make seperate certs for each of the three subdomains and then use standalone on those rather than the existing wildcard certificate which must be verified on a domain not directly hosted by this server?

DOMAIN="mydomain.tld"
certbot certonly --preferred-challenges dns --manual -d *.$DOMAIN --agree-tos --manual-public-ip-logging-ok

Note - this makes a new certificate which must be manually moved into /etc/letsencrypt/live/$DOMAIN/ or the places that refer to the SSL certificate updated. Look in /etc/letsencrypt/live/$DOMAIN-XXXX where XXXX is the highest number for the latest certificate.

Note - there appears to be no documentation or automation of the SSL renewal - possibly add a manual run of this in the update.sh script if required and being run interactively?

@trs998 commented on GitHub (Dec 29, 2020): I used the following manually, using the DNS TXT record method. The usual standalone method for certbot won't work due to the RMM being a seperate server to the webserver on the primary domain... could make seperate certs for each of the three subdomains and then use standalone on those rather than the existing wildcard certificate which must be verified on a domain not directly hosted by this server? DOMAIN="mydomain.tld" certbot certonly --preferred-challenges dns --manual -d *.$DOMAIN --agree-tos --manual-public-ip-logging-ok Note - this makes a new certificate which must be manually moved into /etc/letsencrypt/live/$DOMAIN/ or the places that refer to the SSL certificate updated. Look in /etc/letsencrypt/live/$DOMAIN-XXXX where XXXX is the highest number for the latest certificate. Note - there appears to be no documentation or automation of the SSL renewal - possibly add a manual run of this in the update.sh script if required and being run interactively?

kerem commented

2026-03-14 02:05:47 +03:00

Author

Owner

@dinger1986 commented on GitHub (Feb 21, 2021):

this should be covered in the docs when they come, there is a script for doing this automatically via dns or can manually do it with DNS. Going to close this now

@dinger1986 commented on GitHub (Feb 21, 2021): this should be covered in the docs when they come, there is a script for doing this automatically via dns or can manually do it with DNS. Going to close this now

kerem referenced this issue

2026-03-14 06:51:45 +03:00

[GH-ISSUE #2014] Show more details of the results on the Checks overview. #3203