Skip to content

Security (HTTPS)

Jump to bottom
pollardld edited this page May 10, 2018 · 4 revisions

HTTPS

SSL certificate obtained through Let's Encrypt. Let's Encrypt is a cert authority who provides free HTTPS certificates. Certbot is Let's Encrypt's Client that makes managing certs easier.

Generate & Install HTTPS certificates:

Assumes NGINX + Ubuntu 14.04
Based on medium.freecodecamp.org

  1. Open up ports 80 (HTTP) and 443 (HTTPS) in your AWS instance Security Group

  2. Point domain at EC2 public DNS of Instance

  3. Run the following:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
cd /home/ubtuntu
  1. Run the following replacing www.hoonahstewards.net if needed and as many times as needed for additional certs:
./certbot-auto certonly --standalone -d www.hoonahstewards.net
  1. Change your NGINX configuration by adding
server {
    listen 443 ssl;
    server_name www.hoonahstewards.net;
    ssl_certificate /etc/letsencrypt/live/www.hoonahstewards.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.hoonahstewards.net/privkey.pem;
    add_header Strict-Transport-Security “max-age=31536000”;
}
  1. Restart NGINX
sudo service nginx reload
  1. Set up CRON job to renew cert, because certs obtained through let's encrypt expire every 3 months https://loune.net/2016/01/https-with-lets-encrypt-ssl-and-nginx/

Renew HTTPS certificates manually:

  1. ssh into server and activate the environment 
    ssh hoonah
source /usr/local/apps/marineplanner-core/env/bin/activate

  2. cd /home/ubuntu/

  3. ./certbot-auto renew

If cert won't renew see https://github.com/certbot/certbot/issues/5405#issuecomment-356498627

Clone this wiki locally