Appendix K Adding LetsEncrypt certificates to Genmon - jgyates/genmon GitHub Wiki

Installing your own signed certificate to use with Genmon

Even though most GENMON users don’t make their sites available outside their local area network, having an actual (non-self) signed certificate makes Chrome and other browsers happy. The first step is to make sure that your generator has a resolvable domain name (even if it is on your 192.168.xx.xx network). For example, mine is genmon.mydomain.com with an A record of 192.168.2.209.

The next step is to install the certbot software on your Raspberry Pi. In order to get it to install, I had to generally update things first:

 sudo apt-get update

And then you can get certbot

sudo apt-get install certbot

Since the genmon webserver is built into itself rather than running apache, you’ll need to do everything manually.

 sudo certbot certonly --manual --preferred-challenges dns

When it asks for your domain name you enter the name of your genmon:

 Please enter in your domain name(s) (comma and/or space separated): genmon.mydomain.com

Answer Yes to the question about having your IP address logged.

It will then give you a long string to install in your name server to verify your identity. Go to wherever your DNS records are maintained and add it. Make sure it’s propagated (try nslookup) before hitting enter in certbox to proceed.

If you’ve done everything right, you’ll get a message saying your certificates are stored in /etc/letsencrypt/live/genmon.mydomain.com/. Go to the genmon settings panel and tick the “Use self-signed certificate” under web-server security settings to OFF. Two fields will appear “https key file” and “https certificate file.” Enter the two filenames certbot returned:

 https Key File: /etc/letsencrypt/live/genmon.mydomain.com/privkey.pem https Certificate File: /etc/letsencrypt/live/genmon.mydomain.com/fullchain.pem

Press save on the settings screen. Refresh your browser. You should now show a properly protected https page. The certificate expires in three months. Just repeat the certbot command above to refresh (it overwrites the existing files, so you shouldn’t need to go back to the settings screen again).