Create letsencrypt cert on AWS VM - myantandco/RA-BitnobiPilotJuly2020 GitHub Wiki

By default, Bitnobi is bundled with self-signed certificates to support HTTPS. These will generate browser warnings the first time that a user connects to your Bitnobi site. For a proper configuration, the Bitnobi customer should obtain proper CA signed certificates to be install into the Bitnobi server.

The following instructions describe the steps to obtain a letsencrypt certificate for an Azure VM running linux. More details on letsencrypt can be found on their website "https://letsencrypt.org/" and their documentation site "https://letsencrypt.org/docs/". Instructions for the certbot software were derived from "https://certbot.eff.org/lets-encrypt/ubuntubionic-other" and "https://certbot.eff.org/docs/using.html".

1. Setting an FQDN for your AWS VM.

A fully qualified domain name is required to get a CA signed certificate. Note that letsencrypt will not work with the default FQDN generated for an AWS VM. It is necessary to register a domain name with a service like GoDaddy, and then attach it the public IP address of your AWS VM.

2. Temporarily open up port 80

The certbot software temporarily starts up a website to prove to letencrypt that you have control of this FQDN. To do this, port 80 must be accessible on your VM.

The initial instructions for creating the AWS VM included opening up port 80 and 443 so this should be sufficient.

3. Install Certbot into your VM

The certbot software (certbot.eff.org) is what generates and renews certificates for your VM.

First you need to connect to your VM via SSH.

You'll need to add the Certbot PPA to your list of repositories. To do so, run the following commands:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

Run this command to install Certbot.

sudo apt-get install certbot

Run this command to get a certificate. Certbot will temporarily spin up a webserver on your machine. It will prompt you to for an email address, request agreement of license, and the FQDN of your VM (e.g. aws1.bitnobi.com).

sudo certbot certonly --standalone

All generated keys and issued certificates can be found in the /etc/letsencrypt/live/<domain name> folder where the domain name is something like "aws1.bitnobi.com".

4. Examine certificate contents

For example if your VM's FQDN is aws1.bitnobi.com , you can check the certificate with the following command:

sudo openssl x509 -in /etc/letsencrypt/live/aws1.bitnobi.com/fullchain.pem -noout -text
⚠️ **GitHub.com Fallback** ⚠️