Let’s Encrypt is a new free, automated, and open source, Certificate Authority.
Certbot is a console based certificate generation tool for Let's Encrypt.
In this recipe, we will generate a Let's Encypt certificate using Certbot. This certificate will then be deployed for use in the Minio server.
- Port 443 for https needs to be open and available at time of executing
certbot
. - Certbot needs root access while executing because only root is allowed to bind to any port below 1024.
- We will be using our own domain
myminio.com
as an example in this recipe. Replace with your own domain under your setup.
Install Certbot by following the documentation at https://certbot.eff.org/
# certbot certonly --standalone --preferred-challenges tls-sni -d myminio.com --staple-ocsp -m test@yourdomain.io --agree-tos
List your certs saved in /etc/letsencrypt/live/myminio.com
directory.
$ ls -l /etc/letsencrypt/live/myminio.com
total 4
lrwxrwxrwx 1 root root 37 Aug 2 09:58 cert.pem -> ../../archive/myminio.com/cert4.pem
lrwxrwxrwx 1 root root 38 Aug 2 09:58 chain.pem -> ../../archive/myminio.com/chain4.pem
lrwxrwxrwx 1 root root 42 Aug 2 09:58 fullchain.pem -> ../../archive/myminio.com/fullchain4.pem
lrwxrwxrwx 1 root root 40 Aug 2 09:58 privkey.pem -> ../../archive/myminio.com/privkey4.pem
-rw-r--r-- 1 root root 543 May 10 22:07 README
The certificate and key generated via Certbot needs to be placed inside user's home directory.
$ cp /etc/letsencrypt/live/myminio.com/fullychain.pem /home/user/.minio/certs/public.crt
$ cp /etc/letsencrypt/live/myminio.com/privkey.pem /home/user/.minio/certs/private.key
$ sudo chown user:user /home/user/.minio/certs/private.key
$ sudo chown user:user /home/user/.minio/certs/public.crt
Start Minio Server on port "443".
$ sudo ./minio server --address ":443" /mnt/data
If you are using dockerized version of Minio then you would need to
$ sudo docker run -p 443:443 -v /home/user/.minio:/root/.minio/ -v /home/user/data:/data minio/minio server --address ":443" /data