Using Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) encryption on short-lived websites to encourage automatic renewal and reduce the time a compromised cert could be abused. PlexTrac is designed to work best with Let's Encrypt and recommends it instead of self-signed certificates.
Let's Encrypt is operated by the Internet Security Research Group (ISRG), a non-profit organization that aims to secure the Internet by providing free and open digital certificates. Let's Encrypt certificates are trusted by all major browsers and can be used for any website.
Prerequisites
Command-line access to the server with PlexTrac installed and running
Ensure that port 80/443 is open inbound AND outbound for Let’s Encrypt to pull a certificate
Installing Certificate
Step 1: Navigate to the installation directory of Plextrac (e.g., /opt/plextrac) as the plextrac user.
Step 2: Edit the .env file.
Ensure that the CLIENT_DOMAIN_NAME={DNS A Record} and LETS_ENCRYPT_EMAIL={valid email address}. Verify that USE_CUSTOM_CERT=false.
Step 4: Save and exit.
Step 5: In the docker-compose.override.yml, verify that lines governing a custom certificate are commented out.
<< local key path here >>:/etc/ssl/app.plextrac.key
<< local cert path here >>:/etc/ssl/app_cert_chain.crt
Step 6: Run plextrac update to implement the changes.
Last updated
