Contact info
Yueteng | yh958@cornell.edu
SSL Certs Expire on: March 25th 2022
Root domain is:
diaper-project.com |
(Note: Do NOT use this root domain directly. Instead, use the subdomains (for instance, xyz.diaper-project.com
under the Domains to use table below.
Registered as a free domain (renewable every 12 months) at https://domains.google.com/registrar/diaper-project.com/dns?authuser=4&_ga=2.49913062.1133395760.1674578263-1913509637.1674050734
access using the google email diapertestemail@gmail.com
Please refer to the tables in ❌ Deploy Services on AWS (Deprecated) |
---|
For API callers (i.e. frontend web/app)
Choose the domain accordingly, prepend it with http or https, and append it with port number and path.
https://dashboard.diaper-project.com
(If you visit via http://
(without secure) , you'll be automatically redirected to https://
(with secure))
Note: More details about this, go to the doc "Deploy React on AWS"
The free SSL cert from Let's Encrypt is used for this purpose.
Let's Encrypt website (no need to visit for this purpose, though): https://letsencrypt.org/
SSL certs are required wherever there is a https
and domain (Mind the s at the end)
We currently have 5 https domains
Please refer to the two docs about how to deploy them to find details of using SSL certs.
Tutorial video (named "SSL renew Part 1" and "SSL renew Part 2") are uploaded in this box folder. You will need to ask Liz to share with you for access.
https://cornell.box.com/s/qgq5fpwyen6mos9ndj8f64drksgp9qdx
[Tutorial: Configure SSL/TLS on Amazon Linux 2 - Amazon Elastic Compute Cloud]
(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#letsencrypt)
On section "Certificate automation: Let’s Encrypt with Certbot on Amazon Linux 2", Use this to instal `certauto`, but not to create
Stop after done sudo yum install -y certbot python2-certbot-apache
Do the following steps
-d diaper.cf -d *.diaper.cf
(where * is a wildcard)Note: (The order is important) Command line to use
sudo certbot certonly --manual --preferred-challenges=dns --email diapertestemail@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d diaper.cf -d *.diaper.cf |
Cert information
Upon success, you'll see some information similar to below
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/diaper.cf/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/diaper.cf/privkey.pem Your certificate will expire on 2021-08-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" |
As shown above, current SSL cert expires on 2021-12-26 (December 26) (Must renew by the command given "certbot renew" before expiration; Might need to run with "sudo")
Note SSL cert is a separate thing to register besides domain. These two need to be renewed separately.
How to renew?
Note: You only need to renew on the machine with certbot
installed, and copy the generated certs to other servers. – If you need to instal first, start with "[Tutorial: Configure SSL/TLS on Amazon Linux 2 - Amazon Elastic Compute Cloud]" above.
Redo the steps under "Do the following steps" above; And copy the new cert as in "Copy cert files to somewhere docker can access and give permission" below
Copy cert files to somewhere docker can access and give permission
Create a cert
folder under project path, and copy both .pem files into the folder. Then change the permissions by:
sudo chown ec2-user:ec2-user ./certs/* |
This will allow flask and docker to access the cert files.
For dashboard frontend, refer to the doc ❌ Deploy React (Deprecated) to know what to do after renewing SSL on dashboard frontend server.