Links

Using Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) encryption on websites that are short-lived to encourage automated renewal and reduce the time a compromised cert could be abused.
Let's Encrypt certificates are issued and managed using free, automated, and open-source software, simplifying the process of obtaining and renewing certificates. Let's Encrypt is operated by the Internet Security Research Group (ISRG), a non-profit organization that aims to secure the Internet by providing free and open digital certificates. Let's Encrypt certificates are trusted by all major browsers and can be used for any website, including commercial and non-commercial sites.
PlexTrac is optimized to use Let's Encrypt and recommends it over self-signed certificates.

Prerequisites

  • Command-line access to the server with PlexTrac installed and running
  • Ensure that port 80/443 is open inbound AND outbound for Let’s Encrypt to pull a certificate

Installing Certificate

Step 1: Navigate to the installation directory of Plextrac (e.g., /opt/plextrac) as the plextrac user.
Step 2: Edit the .env file
nano .env
Ensure that the CLIENT_DOMAIN_NAME={DNS A Record} and LETS_ENCRYPT_EMAIL={valid email address}. Verify that USE_CUSTOM_CERT=false.
Step 4: Save and exit.
Step 5: In the docker-compose.override.yml, verify that lines governing the use of a custom certificate are commented out.
  • << local key path here >>:/etc/ssl/app.plextrac.key
  • << local cert path here >>:/etc/ssl/app_cert_chain.crt
Step 6: Run plextrac update to implement the changes.
plextrac update
© 2023 PlexTrac, Inc. All rights reserved.