You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

We use certbot for renewing certificates. Currently certbot is installed in frontend dashboard server and backend dashboard prod server. But, we just need to use this from one place(usage from frontend dashboard is recommended).

Next expiry: Saturday, January 13, 2024 at 7:40:09 AM

Do the following steps while you are watching the tutorial videos in our box folder under Diaper app Documents/ SSL certs update Tutorial. https://cornell.app.box.com/folder/137191416997

Step 1: Run the following command in frontend dashboard server to generate new fullchain.pem and privkey.pem files

Renewal of SSL certs
sudo certbot certonly --manual --preferred-challenges=dns --email diapertestemail@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d diaper-project.com -d *.diaper-project.com


Step 2: Add the DNS record: TXT at Google Domains. Login using the diapertestemail@gmail.com.


Step 3: Copy these certs into all the following 6 servers: (Note: privkey.pem should have a permission level 600 → use chmod 600 <file-path>)

use the following command to upload fullchain and privkey to cloud server.

scp -i "DIAPER-production-key.cer" privkey.pem [ec2-user@ec2-3-234-254-227.compute-1.amazonaws.com:/home/ec2-user/]


use the following command to save fullchain and privkey to local machine.

scp -i "DIAPER-production-key.cer" ec2-user@ec2-54-227-6-7.compute-1.amazonaws.com:/home/ec2-user/certs/fullchain.pem ./

  • Frontend dashboard

  • Backend dashboard prod
  • Backend mobile prod
  • Backend dashboard test
  • Backend mobile test
  • Jenkins

If the SSL certs are expired, there are 2 email alerts which come daily which will stop working and also the credentials will be compromised and mobile app stops to work


Step 4: Save fullchain.pem and privkey.pem to box


Troubleshoot

Jenkins Prod Server

//Check the status of the server
sudo systemctl status jenkins 

//Restart the server
sudo systemctl restart jenkins

//Restart nginx
sudo systemctl restart nginx


Mobile Prod server

//Check the status of docker
sudo systemctl status docker 

//Restart docker
sudo systemctl restart docker


Frontend Dashboard server

//Check the status of httpd
sudo systemctl status httpd 

//Restart httpd
sudo systemctl restart httpd
  • No labels