Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) encryption on short-lived websites to encourage automatic renewal and reduce the time a compromised cert could be abused. PlexTrac is designed to work best with Let's Encrypt and recommends it instead of self-signed certificates.
Let's Encrypt is operated by the Internet Security Research Group (ISRG), a non-profit organization that aims to secure the Internet by providing free and open digital certificates. Let's Encrypt certificates are trusted by all major browsers and can be used for any website.
Command-line access to the server with PlexTrac installed and running
Ensure that port 80/443 is open inbound AND outbound for Let’s Encrypt to pull a certificate
Step 1: Navigate to the installation directory of Plextrac (e.g., /opt/plextrac) as the plextrac
user.
Step 2: Edit the .env file.
Ensure that the CLIENT_DOMAIN_NAME={DNS A Record} and LETS_ENCRYPT_EMAIL={valid email address}. Verify that USE_CUSTOM_CERT=false.
Step 4: Save and exit.
Step 5: In the docker-compose.override.yml, verify that lines governing a custom certificate are commented out.
<< local key path here >>:/etc/ssl/app.plextrac.key
<< local cert path here >>:/etc/ssl/app_cert_chain.crt
Step 6: Run plextrac update
to implement the changes.