Follow the instruction and you will succeed.
You must already have a registered domain and configured for your IP address.
- installing certbot
cd /root
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --install-only
- adding a domain (example myflussonic.domain)
./certbot-auto certonly --manual --preferred-challenges dns -d myflussonic.domain
- next, it will ask you to publish your IP address.
Are you OK with your IP being logged?
- press Y
(Y)es/(N)o: Y
- next it will ask you to create a TXT record for your domain
Please deploy a DNS TXT record under the name
_acme-challenge.myflussonic.domain with the following value:
lJC_SOME_TEXT_TolcA
Don’t press ENTER!
- go to your domain settings and create a TXT record with the specified value
name: _acme-challenge.myflussonic.domain
type: txt
rdata: lJC_SOME_TEXT_TolcA
you need to wait some time for the data to be applied. you can check this with the command
host -t txt _acme-challenge.myflussonic.domain.
the answer will be
_acme-challenge.myflussonic.domain descriptive text “lJC_SOME_TEXT_TolcA”
- when the data is updated press ENTER
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations!..
- now we need to put the certificates in the right place. we will do this using symlink, because the certificate will be updated automatically by the cron and you will not need to copy it
cd /etc/flussonic
mv flussonic.key flussonic.key.origin
ln -s /etc/letsencrypt/live/myflussonic.domain/cert.pem /etc/flussonic/flussonic.crt
ln -s /etc/letsencrypt/live/myflussonic.domain/privkey.pem /etc/flussonic/flussonic.key
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -O /etc/flussonic/flussonic-ca.crt
- now you can specify the SSL port in the Flussonic settings and restart the service
service flussonic restart
- add a cron task to automatically update the certificate
0 0 * * 1 root /root/certbot-auto renew > /dev/null 2>&1
Now Flussonic will have to be accessible by domain and a non-standard SSL port