Skip to content

Setting up TLS SSL certificates Let's Encrypt for ERPNext sites

Jump to bottom Edit New page
Christopher G. Purbaugh edited this page Aug 17, 2016 · 15 revisions

Using Let's Encrypt to setup HTTPS

##Prequisites

  1. You need to have a DNS Multitenant Setup
  2. Your site should be accessible via a valid domain
  3. You need root permissions on your server

Note : Let's Encrypt Certificates expire every three months

Using Bench Command

Just run:

sudo bench setup lets-encrypt [site-name]

You will be faced with several prompts, respond to them accordingly. This command will also add an entry to the crontab of the user that will attempt to renew the certificate every month.

To renew certificates manually you can use:

sudo bench renew-lets-encrypt

Manual Method

Download the appropriate Certbot-auto script into /opt

https://certbot.eff.org/

Stop nginx service

$ sudo service nginx stop

Run Certbot

$ ./opt/certbot-auto certonly --standalone

After letsencrypt initializes, you will be prompted for some information. This exact prompts may vary depending on if you've used Let's Encrypt before, but we'll step you through the first time.

At the prompt, enter an email address that will be used for notices and lost key recovery:

Then you must agree to the Let's Encrypt Subscribe Agreement. Select Agree:

Then enter your domain name(s). Note that if you want a single cert to work with multiple domain names (e.g. example.com and www.example.com), be sure to include all of them:

Certificate Files

After obtaining the cert, you will have the following PEM-encoded files:

  • cert.pem: Your domain's certificate
  • chain.pem: The Let's Encrypt chain certificate
  • fullchain.pem: cert.pem and chain.pem combined
  • privkey.pem: Your certificate's private key

These certificates are stored under /etc/letsencrypt/live/example.com folder

Configure the certificates for your site(s)

Go to your erpnext sites site_config.json

$ cd frappe-bench/sites/{{site_name}}

Add the following two lines to your site_config.json

"ssl_certificate": "/etc/letsencrypt/live/example.com/fullchain.pem",
"ssl_certificate_key": "/etc/letsencrypt/live/example.com/privkey.pem"

Regenerate the nginx configuration

$ bench setup nginx

Restart the nginx server

$ sudo service nginx restart

Auto renewal (experimental)

Login as root or a user with superuser privileges, run crontab -e and enter:

# renew letsencrypt certificates on 1st monday of every month and get an email if it gets executed
MAILTO="mail@example.com"
0 0 1-7 * * [ "$(date '+\%a')" = "Mon" ] && sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start
Add a custom footer

ERPNext

####Community Wiki

External Links

Wiki Navigation

Installation Guides

  • [Install ERPNext on Debian based systems](Install ERPNext on Debian based systems)
  • [Install ERPNext on RedHat based systems](Install ERPNext on RedHat based systems)

Release Notes

Information Pages

  • [Country wise Chart of Accounts](Country wise Chart of Accounts)
  • [Developer Docs](Developer Docs)
  • [Some Useful Aliases](Some Useful Aliases)
  • [Test Checklists](Test Checklists)
  • [Community Developed Custom Scripts](Community Developed Custom Scripts)

Legacy Print Formats

  • [Legacy Print Formats (Category)](Legacy Print Formats (Category))

Legacy Information Pages

  • [WSGI Production Deployment](WSGI Production Deployment)
  • [Version 4 Permission Use Cases](Version 4 Permission Use Cases)
  • [Adding Custom Form to Website](Adding Custom Form to Website)
  • [Apache HTTP Settings for Mac OS](Apache HTTP Settings for Mac OS)
  • [ERPNext Upgrade to Version 5](ERPNext Upgrade to Version 5)
  • [Feature Suggestions](Feature Suggestions)
  • [How to Install ERPNext Version 3](How to Install ERPNext Version 3)
  • [Future Development: Tracking Productivity](Future Development: Tracking Productivity)
  • [Improve Precision of Stock Valuation](Improve Precision of Stock Valuation)
  • [Integrating Emails in ERPNext](Integrating Emails in ERPNext)
  • [Migrating your erpnext instance to wsgi](Migrating your erpnext instance to wsgi)
  • [MySQL configuration file](MySQL configuration file)
  • [Restoring From ERPNext Backup](Restoring From ERPNext Backup)
  • [Setting up Backup Manager](Setting up Backup Manager)
  • [Setting up TLS SSL certificates Let's Encrypt for ERPNext sites](Setting up TLS SSL certificates Let's Encrypt for ERPNext sites)
  • [Ubuntu HA Cluster with lsyncd, remote MariaDB, Apache Reverse Proxy Setup Guide](Ubuntu HA Cluster with lsyncd, remote MariaDB, Apache Reverse Proxy Setup Guide)
  • [Updating ERPNext Instance](Updating ERPNext Instance)

Blueprints

  • [Agri Farm ERPNext](Agri Farm ERPNext)

Troubleshooting Guides

  • [Troubleshooting Guide Template](Troubleshooting Guide Template)
  • ["Expense or Difference account is mandatory for [YOUR ITEM HERE] as it impacts overall stock value"]("Expense or Difference account is mandatory for [YOUR ITEM HERE] as it impacts overall stock value")
Clone this wiki locally