-
Notifications
You must be signed in to change notification settings - Fork 1
Set up letsencrypt (HTTPS TLS 1.2)
run the below command as root on the server:
/opt/letsencrypt/letsencrypt-auto -d app.gosmartix.com certonly --standalone
You should get the message:
- Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/app.gosmartix.com/fullchain.pem. Your cert will expire on 2016-04-10. To obtain a new version of the certificate in the future, simply run Let's Encrypt again.
notice the removal of --test-cert flag
cert files are generated and located at /etc/letsencrypt/live/hostname
/
in mup.json in stage, alter ROOT_URL. http > https
#Renew certificate
At the moment, we need to stop node and bud to free port respectively 80 and 443. Web cert is an option to avoid doing this at some point.
But the downtime should be kept minimum (10s max) with the script (as it shuts down processes, renew the certificate and restart the processes immediately).
/opt/letsencrypt/renew.sh
It contains:
pkill bud && service littlegenius stop && /opt/letsencrypt/letsencrypt-auto renew --force-renew && bud -c /opt/littlegenius/config/bud.conf.json -d && service littlegenius start
The certificate is issue for a validity of 3 months
Ideally we should automate this every month. But that can de done later once the smart renewal (without bounce) is working.