SSL certificates port 7000 or 6697 ?

The UnrealIRCd team does not officially provide support for any services packages that you may be using or want to use. This forum is provided so the community can help each other with services issues.

Moderator: Supporters

Post Reply
joker
Posts: 7
Joined: Fri Oct 15, 2021 6:39 pm

SSL certificates port 7000 or 6697 ?

Post by joker »

Hello,

I have installed an IRCD chat server that requires login. port 7000 or 6697

I have purchased Wildcard SSL certificates to protect all subdomains.

No SSL certificates were found on REDACTED. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on
your server's firewall.

When adding a subdomain to the chat through the mentioned port, the following error message appears:

Notice that the subdomain is fully protected. Is the picture clear? What is the solution?

Thank you
Syzop
UnrealIRCd head coder
Posts: 2143
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: SSL certificates port 7000 or 6697 ?

Post by Syzop »

The certificate and the key are configured via set::tls::certificate and set::tls::key.

Not all certificate checkers allow specifying the port, the simple ones only check port 443.
Use this one instead: https://www.sslshopper.com/ssl-checker.html and then fill in your hostname followed by :6697 for example irc.example.org:6697
joker
Posts: 7
Joined: Fri Oct 15, 2021 6:39 pm

Re: SSL certificates port 7000 or 6697 ?

Post by joker »

Thank you Syzop
I did this work and the result is as follows?

irc.example.org:2083 ok 2087

irc.example.org:7000

irc.example.org resolves to 77.123.66.234

Server Type: Apache

No SSL certificates were found on irc.chatcool.net. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.

irc.example.org:6697
irc.example.org resolves to 77.123.66.234

Server Type: Apache

The certificate was issued by GlobalSign.

The certificate will expire in 382 days.

The hostname (irc.chatcool.net) is correctly listed in the certificate.

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GlobalSign's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
Common name: *.example.org
SANs: *.example.org, example.org
Valid from December 12, 2024 to January 13, 2026
Serial Number: 437c0ba72cc37f8eda38389d
Signature Algorithm: sha256WithRSAEncryption
Issuer: GlobalSign GCC R6 AlphaSSL CA 2023

In the port 7000 I do not know the reason

But in the port 6697 it seems to me that there is an error in installing the intermediate certificate

Why does an error appear on port 7000?
Syzop
UnrealIRCd head coder
Posts: 2143
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: SSL certificates port 7000 or 6697 ?

Post by Syzop »

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GlobalSign's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
I hope you didn't wait a month for me to comment and tried that already.. or that you joined our irc channel to get help for this :D

If you haven't fixed it yet, or for others: this about the certificate that is specified in set::tls::certificate or listen::tls-options::certificate.
Often when you order an SSL certificate you receive multiple certificate files:
  1. Your own certificate
  2. Intermediate/chain certificate(s)
  3. A "full chain", which is a combination of the above
You should use the latter, so use the full chain. The SSL/TLS provider (GlobalSign in your case, or your supplier) should have given you instructions about which file is what.

You can also create the full chain by yourself by first putting your own certificate and then under that the intermediate/chain certificates (sometimes called bundle). That way, too, you will get the "full chain".
Like:

Code: Select all

-----BEGIN CERTIFICATE-----
..your certificate..
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...the intermediate certificate...
-----END CERTIFICATE-----
And it could even be 3 certificates instead of 2 certificates.

With Let's Encrypt certbot your own certificate is called "cert.pem", the intermediate/chain is called "chain.pem" and the full chain is called "fullchain.pem". It would be fullchain.pem what you want.

With like Sectigo, your own certificate is called "irc_example_org.crt", the intermediate/chain is called "chain.crt"(?) and the full chain is like irc_example_org-fullchain.txt. It is that last file that you want.
Why does an error appear on port 7000?
Why port 7000 would be different I have no idea, depends on your unrealircd conf. However, for IRC the TLS standard port is 6697. And the old plaintext ports are 6667 and sometimes 7000. I would just get rid of the 7000 if I were you, it is only confusing since people would think it would be plaintext and not SSL/TLS.
Post Reply