Let's Encrypt: Free SSL Certificates
Let's Encrypt is a free, automated, and open Certificate Authority for generating SSL certificates for your ISLE environment.
Time required: approximately 30 minutes.
Prerequisites
- An internet accessible ISLE server with a fully qualified domain name (FQDN).
- The FQDN set in your .env file's
BASE_DOMAINis the FQDN we're requesting for SSL certificates.
Steps
Note: You do not need to stop your stack to complete these steps.
- Open a terminal on your personal computer and ssh to the server or VM that is hosting your ISLE environment.
- Change to the "ISLE" directory that contains the "docker-compose.yml":
cd /opt/ISLE - Change to the "config/proxy" directory:
cd config/proxy - Create a blank file called "acme.json":
touch acme.json - Modify the permissions of "acme.json" to be user read-write ONLY:
chmod 600 acme.json - Use a text editor (emacs, nano, vi, etc.) to open "traefik.toml" (note: this file is in your "config/proxy" folder)
-
Locate the following lines
[[entryPoints.https.tls.certificates]] certFile = "/certs/isle.localdomain.cert" keyFile = "/certs/isle.localdomain.key" -
Comment the three lines out by adding a
#to the beginning of the line:# [[entryPoints.https.tls.certificates]] # certFile = "/certs/isle.localdomain.cert" # keyFile = "/certs/isle.localdomain.key" -
On a new line add the following, substituting in your email address:
[acme] email = "your-email@my-institution.org/edu" storage = "acme.json" entryPoint = "https" onHostRule = true onDemand = false [acme.httpChallenge] entryPoint = "http" -
Save and close the file.
-
Change back to the directory with your "docker-compose.yml" in terminal.
-
Use a text editor to open "docker-compose.yml".
-
Locate the section for "traefik" and under the "volumes" area for "traefik" add:
- ./config/proxy/acme.json:/acme.json ## Automated cert storage. -
Save and close the file.
-
Reload your ISLE environment by running
docker-compose up -d. -
Visit your website and inspect your certificates.