Using Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) encryption on short-lived websites to encourage automatic renewal and reduce the time a compromised cert could be abused. PlexTrac is designed to work best with Let's Encrypt and recommends it instead of self-signed certificates.

Let's Encrypt is operated by the Internet Security Research Group (ISRG), a non-profit organization that aims to secure the Internet by providing free and open digital certificates. Let's Encrypt certificates are trusted by all major browsers and can be used for any website.


  • Command-line access to the server with PlexTrac installed and running

  • Ensure that port 80/443 is open inbound AND outbound for Let’s Encrypt to pull a certificate

Installing Certificate

Step 1: Navigate to the installation directory of Plextrac (e.g., /opt/plextrac) as the plextrac user.

Step 2: Edit the .env file.

nano .env

Ensure that the CLIENT_DOMAIN_NAME={DNS A Record} and LETS_ENCRYPT_EMAIL={valid email address}. Verify that USE_CUSTOM_CERT=false.

Step 4: Save and exit.

Step 5: In the docker-compose.override.yml, verify that lines governing a custom certificate are commented out.

  • << local key path here >>:/etc/ssl/app.plextrac.key

  • << local cert path here >>:/etc/ssl/app_cert_chain.crt

Step 6: Run plextrac update to implement the changes.

plextrac update

Last updated

© 2024 PlexTrac, Inc. All rights reserved.