From 2fff692eaecc4a202ab340dd4482e58933e1ee43 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 15 Sep 2022 17:45:46 -0400 Subject: [PATCH] docs - simplifying ssl LE instructions --- docs/docs/meshcentral/SSLnletsencrypt.md | 32 +++++++++++++++++++----- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/docs/docs/meshcentral/SSLnletsencrypt.md b/docs/docs/meshcentral/SSLnletsencrypt.md index 03e653e831..742682a9bd 100644 --- a/docs/docs/meshcentral/SSLnletsencrypt.md +++ b/docs/docs/meshcentral/SSLnletsencrypt.md @@ -2,16 +2,36 @@ ## MeshCentral supports SSL using self generated certs, your own certs or Letsencrypt -### To enable Letsencrypt do the following in your config.json file: +### Enabling letsencrypt -1. Under Settings, change `"_redirPort"` to `"redirPort"` and `"_cert" to `"cert": "yourdomain.com", -2. Under letsencrypt change `"_letsencrypt"` to `"letsencrypt"`, enter your email address at `"email"` and yourdomain.com for `"names"` and change `"production"` to true. -3. Restart meshcentral and it will get a cert for you, the process will need to restart to apply the cert. +Make sure you match and/or adjust all the following settings appropriately in your config.json file: + +```json +{ + "settings": { + "redirPort" + "cert": "yourdomain.com" + }, + "domains": { + "letsencrypt": { + "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", + "email": "myemail@myserver.com", + "names": "myserver.com,customer1.myserver.com", + "skipChallengeVerification": false, + "production": true + }, + } +} +``` + +If you need further clarification to know what each of these settings are + +Then restart meshcentral and it will get a cert for you, the process will need to restart to apply the cert. ### Useful resources/troubleshooting -To check letsencrypt is working properly please use https://letsdebug.net/ +To check letsencrypt is working properly please use https://letsdebug.net/. We are using the [HTTP-O1 challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) method with these instructions. -Also make sure you have port 80 open and pointing to your meshcentral server, IT WILL NOT work if port 80 isnt open and it HAS to be port 80. +Also make sure you have port 80 open and pointing to your meshcentral server, **IT WILL NOT WORK** if port 80 isn't open and it **HAS** to be port 80. You can read more about Letsencrypt and meshcentral [here](https://ylianst.github.io/MeshCentral/meshcentral/#lets-encrypt-support).