V3 Generate SSL certificate with Let's Encrypt
- XCALLY Knowledge (Unlicensed)
- Product Knowledge
The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt with Debian.
Backup private key and certificate
Before running the SSL certificate generation, backup the existing private key and the certificate:
mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak
mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak
Install package dependencies
Connect to your server through SSH console and install the following packages:
apt -y install certbotObtaining a Certificate
TCP port 80 must be open to your server in order to obtain the certificate
Â
Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:
systemctl stop nginx Â
Once you installed the certbot package, you can run the command in SSH console and follow the instructions:
Â
At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.
Install the certificate
Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):
Restart services
Restart Asterisk and Nginx services in order to apply changes:
Â
Related contents
https://xcally.atlassian.net/wiki/spaces/KB/pages/676364290 (Knowledge Base)
https://xcally.atlassian.net/servicedesk/customer/portal/1/topic/4f0725a1-706f-47ab-8969-e30ddb4c285c/article/1851654509 (Advanced Wiki - required credentials)