3.2 – HTTPS and WSS (WebSocket secure connection)

Set up Let’s Encrypt (letsencrypt.org) certificate:

  1. Apply for the certificate from letsencrypt.org and you’ll get the certificate files: cert.perm, privkey.perm, chain.pem etc in /etc/letsencrypt/live/yourDomain/.
  2. openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname anyFriendlyName
  3. Add following entries in gateway.conf:
    keyStore=/etc/letsencrypt/live/domain/cert_and_key.p12
    keyStorePassword = yourExportPasswordInStep3
    ssl = true
    port = 443
    
  4. Restart the gateway.

Renew and update the certificate automatically:

Create a cron job to update check the certificate every day at 2:30AM (crontab -e):

30 2 * * * certbot renew --post-hook "sh /etc/letsencrypt/live/startme.biz/update.sh"

update.sh:

#!/bin/bash
cd /etc/letsencrypt/live/domain/
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name spark -CAfile chain.pem -caname startme -passout pass:mypassword
systemctl stop SparkGateway
systemctl start SparkGateway
exit 0

Revision #3
Created 5 April 2022 08:14:30 by Julian
Updated 6 July 2023 13:50:44 by Julian