How to setup Let's Encrypt SSL Certificate on Openshift?
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
Step 2: Since the tool is designed for automation on local web servers like Apache, we cannot benefit much from all the goodies, but however there is a manual way of generating certificates so we will generate them manually and upload them to the Openshift panel.
sudo ./letsencrypt-auto certonly -a manual -d l2interlude.info -d www.l2interlude.info --server https://acme-v01.api.letsencrypt.org/directory
where "l2interlude.com" to be your domains. It may ask for root account permissions.
This is the first warning you will have to agree with:
@app.route('/.well-known/acme-challenge/as0OmLmtfajtcquH2i2ZTdvOAC_aflyaOdyyqoEfbc8', methods=['GET'])
def well_known_main():
try:
return 'as0OmLmtfajtcquH2i2ZTdvOAC_aflyaOdyyqoEfbc8.fDgNHUUOZuy0G4NuUUMLK9T83QRQlyOyS7v6gXksY4Q', 200
except:
abort(503)
@app.route('/.well-known/acme-challenge/47oNbyTy6QJO_sXy8ZZ_7OXwetuQcLBzvWaAY6hbpd4', methods=['GET'])
def well_known_www():
try:
return '47oNbyTy6QJO_sXy8ZZ_7OXwetuQcLBzvWaAY6hbpd4.fDgNHUUOZuy0G4NuUUMLK9T83QRQlyOyS7v6gXksY4Q', 200
except:
abort(503)
I have two routes because I am validating two domains. The root domain @ and the www sub domain.
Redeploy the app with the new routs and hashes setup before to proceed with the Let's Encrypt tool and "Press ENTER to continue". Test if your new routs .
sudo firefox
to be able to visually browse the certificates in Ubuntu.
Login your Openshift account and navigate to your app:
Comments
anonymous user
| 18 Feb 2017
Thanks for a helpful article! One suggestion I'd make is to copy the cert files into somewhere accessible by the logged in user (and chmod them if necessary) so that you don't have to run your web browser as root. That seems like a serious security issue, and unnecessary.