We use certbot for renewing certificates. Currently certbot is installed in frontend dashboard server and backend dashboard prod server. But, we just need to use this from one place(usage from frontend dashboard is recommended).
Next expiry: Saturday, January 13, 2024 at 7:40:09 AM
Do the following steps while you are watching the tutorial videos in our box folder under Diaper app Documents/ SSL certs update Tutorial. https://cornell.app.box.com/folder/137191416997
Step 1: Run the following command in frontend dashboard server to generate new fullchain.pem and privkey.pem files
sudo certbot certonly --manual --preferred-challenges=dns --email diapertestemail@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d diaper-project.com -d *.diaper-project.com
Step 2: Add the DNS record: TXT at Google Domains. Login using the diapertestemail@gmail.com.
Step 3: Copy these certs into all the following 6 servers: (Note: privkey.pem should have a permission level 600 → use chmod 600 <file-path>)
use the following command to upload fullchain and privkey to cloud server.
scp -i "DIAPER-production-key.cer" privkey.pem [ec2-user@ec2-3-234-254-227.compute-1.amazonaws.com:/home/ec2-user/]
use the following command to save fullchain and privkey to local machine.
scp -i "DIAPER-production-key.cer" ec2-user@ec2-54-227-6-7.compute-1.amazonaws.com:/home/ec2-user/certs/fullchain.pem ./
Frontend dashboard
- Backend dashboard prod
- Backend mobile prod
- Backend dashboard test
- Backend mobile test
- Jenkins
If the SSL certs are expired, there are 2 email alerts which come daily which will stop working and also the credentials will be compromised and mobile app stops to work
Step 4: Save fullchain.pem and privkey.pem to box
Troubleshoot
Jenkins Prod Server
//Check the status of the server sudo systemctl status jenkins //Restart the server sudo systemctl restart jenkins //Restart nginx sudo systemctl restart nginx
Mobile Prod server
//Check the status of docker sudo systemctl status docker //Restart docker sudo systemctl restart docker
Frontend Dashboard server
//Check the status of httpd sudo systemctl status httpd //Restart httpd sudo systemctl restart httpd