Skip to main content
HashnodeVictor AbzVictor Abz

Command Palette

Search for a command to run...

ERPNext Wildcard SSL generation process

Updated
2 min read
A
Abizeyimana Victor

I will raise your revenues or decrease your costs using solutions based on logic and in most cases, it will involve a computer. Design - Build - Improve.

I design solutions to your business problem, build it with you and your team and finally scale the solution to fix other related problems.

I use Javascript and Python as the main languages for development but I am eager and faster to learn anything that would be put a solution on the table.

Part of seriesQuick Bits

Automated Process

Add custom domain to your site

bench setup add-domain www.example.com
bench setup add-domain example.com

Setup lets encrypt for the site

sudo -H bench setup lets-encrypt site.org --custom-domain *.example.com

Setup NGINX

bench setup nginx 
sudo service nginx restart

Manual Process

Run this to generate Wildcard SSL

sudo certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com, example.com"

  • After the ssl creation with certbot,

  • check in the nginx.conf and see if the certs has been applied correctly (it should because the certbot does it automatically).

  • don’t run bench setup nginx yet (this will remove the cert path from nginx.conf)

  • enter the cert paths into site_config.json (for single domain) or common_site_config.json (for wildcard) then run bench setup nginx

For cert path insertion you can see follow these formats (choose which suit your need):

In common_site_config.json for wildcard certs:

"wildcard": {
  "domain": "*.example.com",
  "ssl_certificate": "/etc/letsencrypt/live/example.com/fullchain.pem",
  "ssl_certificate_key": "/etc/letsencrypt/live/example.com/privkey.pem"
 }

In site_config.json for site with custom domain (when there are multi domains or subdomains with each own ssl):

 "domains": [
    {
   "domain": "site1.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site1.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site1.example.com/privkey.pem"
    },
    {
   "domain": "site2.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site2.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site2.example.com/privkey.pem"
    }
  ]

then run sudo service nginx restart

After that you can create a crontab to renew your certificate automatically

  • as root user run crontab -e

then Add the following lines:

# Renew Let's encrypt
0 12 * * * certbot renew --quiet
#ssl#framework

Comments

Join the discussion

No comments yet. Be the first to comment.

Quick Bits

Part 6 of 12

This series include short articles and tutorials. The purpose of these articles is to help you quickly solve an issue or learn an easy concept.

Up next

Fix Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432?

Most likely it's because your system shutdown unexpectedly Try postgres -D /opt/homebrew/var/postgres # for Intel M1 postgres -D /usr/local/var/postgres # for Silicon You might see FATAL: lock file "postmaster.pid" already exists HINT: Is another ...

More from this blog

V

Victor Abz

12 posts

Hello, I am Victor. I am a software engineer with corporate experience. Solution provider for #startups and #enterprise using Javascript (Node JS and React) | Python.