Cockpit with LetsEncrypt - cockpit-project/cockpit GitHub Wiki

Overview

Deploy the Cockpit with LetsEncrypt without a webserver. Cockpit will be run as daemon from systemd
For the configuration with apache follow this guide: Proxying Cockpit over Apache with LetsEncrypt

TLS/SSL certificate with Let's Encrypt

• Documentation: https://certbot.eff.org/lets-encrypt/debianbuster-other

• Install certbot: sudo apt-get install certbot

• Get certificate, replace E-Mail and Domain with yours:

  sudo certbot certonly --standalone --agree-tos --email YOUR-EMAIL-ADDRESS -d COCKPIT.YOUR-DOMAIN.COM
  

cockpit configuration

Create /etc/letsencrypt/deploy/update_cockpit_certificate.sh and replace your domain:

DOMAIN=COCKPIT.YOUR-DOMAIN.COM

# Copy cert for cockpit
install -m 644 /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/cockpit/ws-certs.d/1-letsencrypt.cert
install -m 640 -g cockpit-ws /etc/letsencrypt/live/$DOMAIN/privkey.pem /etc/cockpit/ws-certs.d/1-letsencrypt.key

# force a restart to pick up new certificate; this will interrupt existing sessions!
# if you don't do this, cockpit.service will idle-timeout a minute ,after the last session closed
systemctl stop cockpit.service

After that, ensure that the script is executable:

chmod a+x /etc/letsencrypt/deploy/update_cockpit_certificate.sh