Try ERPNext Buy Support Partners Foundation

Lets Encrypt SSL Setup

Good Day

I saw the following link:

https://frappe.io/docs/user/en/bench/guides/lets-encrypt-ssl-setup.html

If i have the following senario would this still work:

I have a local Server connected to internet connection having a static ip.
I have a domain in cloud (domain.co.za)
I have other A records like pop.domain.co.za . . . , but also one portal.domain.co.za referencing my local static ip.

I can access my ERPNext server using portal.domain.co.za, but would like to know would it be possible to install Lets Encrypt on such a setup?

I see Prequisites:

1. You need to have a DNS Multitenant Setup - (This OK)
2. Your site should be accessible via a valid domain - (NOT Sure)
3. You need root permissions on your server - (This OK)

Thank You

Albertus Geyser

if your server is hosted in a vps and you have set up ip address to direct to domain.com via changing the server names then this is possible.
am using lets encrypt and works great for me… I have a vps then installed erpnext,change serveName to direct to the domain.com and was able to set up lets encrypt via…

https://github.com/frappe/erpnext/wiki/Setting-up-TLS-SSL-certificates-Let's-Encrypt-for-ERPNext-sites

I think those poits you mentioned are required to be fulfilled.

1 Like

Im struggling with the exact same Problem.

Installed on Digital Ocean VPS (CentOS7).
Added frappe user to wheel
renamed site to erp.mysite.com
Created A record on my domains DNS pointing to DO Public IP (works).

Here I add my output from:
sudo bench setup lets-encrypt erp.mydomain.com (my site name is the same)

File “/usr/lib/python2.7/site-packages/virtualenv.py”, line 796, in call_subprocess
% (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pip wheel failed with error code 1
INFO:bench.utils:sudo systemctl start nginx
There was a problem trying to setup SSL for your site

Any help is very appreciated!

Any advance in here?

You may have issue of python3 vs python2.7. ERPNext still uses python2.7 certbot version while python3 for v12. You will need to install python3-certbot and then run the commands manually.

Instead I suggest use the DNS challenge method. It is easier and you dont need to update nginx.conf each time.

First install certbot manually for your OS as per instructions at certbott.eff.org. Summarized:
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt-get install certbot

Now run the certbot command. You can use wildcard * for all subdomains and including www or specify a specific subdomain:

sudo certbot -d *.domain.com --manual --preferred-challenges dns certonly

You will be asked to install a DNS of type TXT record for your domain. The host will be _acme_challenge.sub.domain.com with a value that is a long key… for example FXbTE0_wG7LxIVmhcD_5wIMDuwH0XGvirPTaR7Z6QFc

If your registrar permits - set the propogation time for 1 minute. After 1 minute continue to hit enter on your server and the certificates (.pem files) will be installed to the default location as I recall /etc/letsencrypt/live/sub.domain.com/. You can then ensure that the /frappe-bench/config/nginx.conf file points to the same certificates for your site…

1 Like