MobileRead Forums - View Single Post - Trouble configuring SSL for Calibre server on Windows

hollowpoint · 06-19-2021, 09:01 PM

Got this to work, SSL 'https' Internet access to my Calibre content-server. It's nice being able to pull up anything in my library even on mobile phone when away from home, take annotations using Kovid's excellent Calibre reader browser interface, and have all the annotations synced to other devices. And not having to rely on Amazon's cloud and proprietary annotations system.

I will say configuring this is probably not for the non-technical user, unless we can figure out a LOT more streamlined, bulletproof directions for them. Not the hardest thing I've done, but not trivial either, took a couple hours of trial and error this afternoon. In case this is helpful to anyone else, here's the basic steps I went through to get it working on Windows 10.

1. In Calibre Preferences, select Sharing over the Net, enable Require a user name and password, and then create one or more logins on the User Accounts tab.

2. Create an SSL certificate. This sequence of steps was the tricky part, lots of false starts. But the TLDR; version is:

a. Created a free dynamic DNS account at www.no-ip.com. Configure a DNS host name (using one of their provided domains plus a custom server name). This enables you to access to Calibre server without needing to buy a domain name.
b. To get my SSL, I paid for their "Enhanced DNS" service, an annual fee of $24.95 which gives you a number of features, including an SSL certificate: Note: you can optionally create an SSL cert for free here, and in a couple other sites, but I wanted the extra features.
c. Generated a CSR and private key file. For doing this on Windows, there are 2 guides I found most useful
- https://adamtheautomator.com/openssl-windows-10/. Follow the initial install and setup directions to install utilities and create certs locally.
- No-ip's "Generate a CSR" guide, for Apache + OpenSSL (that's the version of the web server that Kovid says is closest to what Calibre runs). https://www.noip.com/support/knowled...pache-openssl/
d. After generating the CSR and key file locally, you select the "Add CSR" option in your no-ip account, select Apache + OpenSSL, and paste in the contents of your CSR file. No-ip then auto-validates your certificate.

3. Install the cert locally. Download the validated cert file from no-ip. I placed both that file, and the private key file, in the .\Calibre2\app folder. Then go into Calibre > Preferences > Sharing over the Net > Advanced, and add the local path to both the cert, and the private key file.

4. In your network router, configure port forwarding to forward from your router's Internet IP to the IP of your Calibre web server. If you don't have a fixed IP (as I don't), then you should ALSO configure dynamic DNS, which you can also get from your no-ip.com account. For me, no-ip is high on convenience because I can do everything I need in one place: create the host/domain name, configure free dynamic DNS server, and generate the SSL cert for my server.

06-19-2021, 09:01 PM	#2
hollowpoint Groupie Posts: 155 Karma: 6672188 Join Date: Apr 2019 Device: Ipad Mini, Kindle PW5, Libra 2	Got this to work, SSL 'https' Internet access to my Calibre content-server. It's nice being able to pull up anything in my library even on mobile phone when away from home, take annotations using Kovid's excellent Calibre reader browser interface, and have all the annotations synced to other devices. And not having to rely on Amazon's cloud and proprietary annotations system. I will say configuring this is probably not for the non-technical user, unless we can figure out a LOT more streamlined, bulletproof directions for them. Not the hardest thing I've done, but not trivial either, took a couple hours of trial and error this afternoon. In case this is helpful to anyone else, here's the basic steps I went through to get it working on Windows 10. 1. In Calibre Preferences, select Sharing over the Net, enable Require a user name and password, and then create one or more logins on the User Accounts tab. 2. Create an SSL certificate. This sequence of steps was the tricky part, lots of false starts. But the TLDR; version is: a. Created a free dynamic DNS account at www.no-ip.com. Configure a DNS host name (using one of their provided domains plus a custom server name). This enables you to access to Calibre server without needing to buy a domain name. b. To get my SSL, I paid for their "Enhanced DNS" service, an annual fee of $24.95 which gives you a number of features, including an SSL certificate: Note: you can optionally create an SSL cert for free here, and in a couple other sites, but I wanted the extra features. c. Generated a CSR and private key file. For doing this on Windows, there are 2 guides I found most useful - https://adamtheautomator.com/openssl-windows-10/. Follow the initial install and setup directions to install utilities and create certs locally. - No-ip's "Generate a CSR" guide, for Apache + OpenSSL (that's the version of the web server that Kovid says is closest to what Calibre runs). https://www.noip.com/support/knowled...pache-openssl/ d. After generating the CSR and key file locally, you select the "Add CSR" option in your no-ip account, select Apache + OpenSSL, and paste in the contents of your CSR file. No-ip then auto-validates your certificate. 3. Install the cert locally. Download the validated cert file from no-ip. I placed both that file, and the private key file, in the .\Calibre2\app folder. Then go into Calibre > Preferences > Sharing over the Net > Advanced, and add the local path to both the cert, and the private key file. 4. In your network router, configure port forwarding to forward from your router's Internet IP to the IP of your Calibre web server. If you don't have a fixed IP (as I don't), then you should ALSO configure dynamic DNS, which you can also get from your no-ip.com account. For me, no-ip is high on convenience because I can do everything I need in one place: create the host/domain name, configure free dynamic DNS server, and generate the SSL cert for my server. Last edited by hollowpoint; 06-19-2021 at 09:04 PM.