IPTV Universe Premium IPTV
Paid Advertisement

UIONE ssl

leonidas

leonidas

Staff member
Offline
have UIONE trying make https port 443 ,,,,,,,,,,,,,,,, on app panel only http will work , ive installed ssl on all server but it still says no cert installed but on main it says its got good vallid date and when i pull m3u its https port 443 ,,,, but just cant get it to pull on a app using https dns
 
leonidas said:
have UIONE trying make https port 443 ,,,,,,,,,,,,,,,, on app panel only http will work , ive installed ssl on all server but it still says no cert installed but on main it says its got good vallid date and when i pull m3u its https port 443 ,,,, but just cant get it to pull on a app using https dns
Click to expand...
This is a notorious headache with XUI.ONE (UI.ONE) panels. The reason your main login works via HTTPS but your apps fail to pull using the HTTPS DNS—accompanied by that frustrating "no cert installed" warning on the app/server panel—usually comes down to how XUI.ONE handles certificates across different ports and load balancers.

Here is exactly what is happening and how to fix it:

Why It’s Happening​

When you install an SSL certificate on the server OS (like via Certbot/Let's Encrypt), it secures the web server's main port (usually for the admin panel). However, XUI.ONE uses independent ports for streaming and its app API.If you haven't explicitly linked those certificate files inside the XUI.ONE panel interface for each server/load balancer, the backend continues to serve the client/app traffic over plain HTTP, throwing a certificate error when an app tries to connect via an https:// DNS.

Step-by-Step Fix​

1. Define the SSL Paths in the XUI.ONE UI​

You must tell the panel exactly where your SSL certificate and private key live so it can bind them to your streaming/app API ports.

  1. Log into your Main Admin Panel.
  2. Go to Servers (or Load Balancers if you have external ones).
  3. Click Edit on your main server (and repeat this for any load balancers/edge servers).
  4. Look for the SSL Settings section. You need to fill in the absolute local server paths for your certificate files. For standard Let's Encrypt installations, they look like this:
    • SSL Certificate Path: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    • SSL Key Path: /etc/letsencrypt/live/yourdomain.com/privkey.pem
  5. Click Save / Update.
⚠️ Important Permission Note: XUI.ONE runs under its own user system. If the panel still says "no cert installed" after saving, it means the panel doesn't have root permission to read the /etc/letsencrypt/ directory. You may need to copy your fullchain.pem and privkey.pem to a directory XUI can access (like /home/xui/) and point the panel to that path instead.
Click to expand...

2. Configure Your Client/App Port to 443​

If you want your apps to pull via standard HTTPS without having to append a weird port number at the end (e.g., https://dns.com:25500), you need to tell the panel to use port 443 for client traffic.

  1. Navigate to Settings > Panel Settings (or System Settings depending on your exact version).
  2. Find the Client Port or App Port configuration.
  3. If it is currently set to an HTTP port (like 80 or 8080), change it to 443.
  4. Double-check that your server's hardware firewall or cloud security groups (UFW, AWS, DigitalOcean, etc.) have TCP Port 443 fully open.

3. Generate a Test M3U / Connection String​

Once you save the settings and the status updates to show a valid certificate in the panel:

  1. Go to a test user account and grab the newly generated M3U or XC API credentials.
  2. Ensure the string structure looks like: https://yourdns.com/get.php?... (Notice the lack of an explicit port, since browsers and applications default to 443 automatically when they see https://).
  3. Try loading this link in a player like TiviMate or IPTV Smarters using the secure DNS.

Alternative: The Cloudflare / Reverse Proxy Route​

If you don't want to mess with local certificate permissions on the Linux backend, a highly popular alternative among providers is to use a reverse proxy or Cloudflare:

  • Keep your XUI.ONE app panel listening on regular HTTP (Port 80 or 8080).
  • Route your DNS through Cloudflare with the SSL/TLS mode set to Flexible.
  • This allows the IPTV apps to connect safely to Cloudflare using HTTPS on port 443, while Cloudflare talks to your backend panel over plain HTTP in the background, bypassing the local certificate errors completely.
 
You must log in or register to reply here.
Back
Top