Setting up TLS SSL certificates Let's Encrypt for ERPNext sites

Clone the letsencrypt repo from GitHub

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Stop nginx service

$ sudo service nginx stop

Run Let's Encrypt

$ cd /opt/letsencrypt

$ ./letsencrypt-auto certonly --standalone

After letsencrypt initializes, you will be prompted for some information. This exact prompts may vary depending on if you've used Let's Encrypt before, but we'll step you through the first time.

At the prompt, enter an email address that will be used for notices and lost key recovery:

Then you must agree to the Let's Encrypt Subscribe Agreement. Select Agree:

Then enter your domain name(s). Note that if you want a single cert to work with multiple domain names (e.g. example.com and www.example.com), be sure to include all of them:

If everything was successful, you should see an output message that looks something like this:

Output:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
  e-mails sent to [email protected]
- Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your
cert will expire on <cert_expiry_date>. To obtain a new version
of the certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

Certificate Files

After obtaining the cert, you will have the following PEM-encoded files:

cert.pem: Your domain's certificate
chain.pem: The Let's Encrypt chain certificate
fullchain.pem: cert.pem and chain.pem combined
privkey.pem: Your certificate's private key

These certificates are stored under /etc/letsencrypt/live/example.com folder

Configure the certificates for your site(s)

Go to your erpnext sites site_config.json

$ cd frappe-bench/sites/{{site_name}}

Add the following two lines to your site_config.json

"ssl_certificate": "/etc/letsencrypt/live/example.com/fullchain.pem""
"ssl_certificate_key": "/etc/letsencrypt/live/example.com/privkey.pem"

Regenerate the nginx configuration

$ bench setup nginx

Restart the nginx server

$ sudo service nginx restart

Setting up TLS SSL certificates Let's Encrypt for ERPNext sites

Clone the letsencrypt repo from GitHub

Stop nginx service

Run Let's Encrypt

Certificate Files

Configure the certificates for your site(s)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!