How to create and install SSL certificate
By Eugene Luzgin @ EOS Tribe
1. Install certbot from Let's Encrypt
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot -y
2. Make sure nothing is running on port 80 prior to next step and it's accessible if firewall is installed.
netstat -an | grep " 80"
sudo ufw enable 80 *
*) Can be disabled/switched off later.
3. Generate your SSL certificate and private key:
sudo certbot certonly --standalone --preferred-challenges http -d [SERVER DOMAIN NAME]*
Example: sudo certbot certonly --standalone --preferred-challenges http -d api.eostribe.io
*) Note: DNS must resolve this domain name to your server IP or otherwise this step won't work.
If all goes well - you should see an output like this:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/node.blockmatrix.network/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/node.blockmatrix.network/privkey.pem
Your cert will expire on [DATE]. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
Fetch and use the created files:
You could find the created certificate and private key file under the your domain folder:
/etc/letsencrypt/live/[SERVER DOMAIN NAME]/*.pem
You will find two files there:
- fullchain.pem - contains your SSL certificate
- private.pem - contains your private key
Copy those files and use them where you need them.
Note: For HAProxy configuration I had to combine fullchain.pem and private.pem content into a single pem file.