ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Setup LetsEncrypt Wildcard SSL certificate

Please has anyone successful install on Ubuntu 20.04 fresh install certificate on bench frappe and erpnext version 13.x
I run below code
sudo bench setup wildcard-ssl erpnext.xyz --email test@example.com
But it doesn’t run and no error

I have search the forum and can’t seems to find any solution

Please anyone done or install wildcard cert, I need hint or pointer in the right direction

After using manual install and all done
and i ran
sudo certbot certificates

Found the following certs:
Certificate Name: mydomain.co
Domains: *.mydomain.co
Expiry Date: 2022 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.co/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.co/privkey.pem

am stuck at making bench or certbot apply the cert to my sub domain any help from here?
sudo bench setup wildcard-ssl erpnext.xyz still not doing anything or giving me error
PLEASE any help, anyone
THANK YOU

As I remember, some of bench commands are meant just to modify the config files.

In your case, (by assuming key/crt files are ready) just edit nginx to add TLS directives or modify to point to key/crt file location.

/etc/letsencrypt/live/mydomain.co/fullchain.pem
/etc/letsencrypt/live/mydomain.co/privkey.pem

Also, edit site config so that site URL to be https://mydomain.co

“just edit nginx to add TLS directives or modify to point to key/crt file location.”

How do I achieve this for each subdomain or can you give an example or pointer

"edit site config so that site URL to be https://mydomain.co"

For each subdomain I guess and please how to do this

The bench command doesn’t work anymore because the certbot auto had been deprecated.
The alternative is to use direct certbot command as you do.

The trick is on setting up the site_config.json (for single domain) or common_site_config.json (for wildcard).

  • after the ssl creation with certbot,
  • check in the nginx.conf and see if the certs has been applied correctly (it should because the certbot does it automatically).
  • don’t run bench setup nginx yet (this will remove the cert path from nginx.conf)
  • enter the cert paths into site_config.json (for single domain) or common_site_config.json (for wildcard)
  • then run bench setup nginx

For cert path insertion you can see follow these formats (choose which suit your need):

In common_site_config.json for wildcard certs:

"wildcard": {
  "domain": "*.example.com",
  "ssl_certificate": "/etc/letsencrypt/live/example.com/fullchain.pem",
  "ssl_certificate_key": "/etc/letsencrypt/live/example.com/privkey.pem"
 }

In site_config.json for site with custom domain (when there are multi domains or subdomains with each own ssl):

 "domains": [
    {
   "domain": "site1.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site1.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site1.example.com/privkey.pem"
    },
    {
   "domain": "site2.example.com",
   "ssl_certificate": "/etc/letsencrypt/live/site2.example.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/site2.example.com/privkey.pem"
    }
  ]
1 Like

Thank you, this is what am asking for especially the subdomain with each own SSL will consider it later, it because can’t figure out how to have more than one individual cert that we consider wildcard,
Thank

You can keep adding subdomains whenever you add a new site.
sudo certbot certonly -a nginx -d example.com -d site1.example.com

later
sudo certbot certonly -a nginx -d site2.example.com
this will add new subdomain to the first certificate.

this is how we manage multiple sites . details here