How to make HTTPS for my ERPNext?

Hello all,

This is my first post, I am quite new for unix/linux system ! ERPNext was amazing for me because I can make my ERPNext with 30 min as step from the web GitHub - frappe/bench: CLI to manage Multi-tenant deployments for Frappe apps by used two command on google cloud 1) wget https://raw.githubusercontent.com/frappe/bench/master/playbooks/install.py and 2) sudo python install.py --production

After that I have my ERPNext on http://www.mycompany.com web, but I can not make https://www.mycompany.com, I try to follow https://frappe.github.io/frappe/user/en/bench/guides/lets-encrypt-ssl-setup.html it not work for me, I donā€™t know why? I have problem with first command in this page ā€œsudo -H bench setup lets-encrypt [site-name]ā€ because I donā€™t know what is [site-name] I try www.mycompany.com, site1.localhost, defaule_server, localhost all of them have error ā€œNo site named localhostā€.

-Cloud google
-ubuntu 16.04

Do you have and suggestion?
Thanks
Tudtude

2 Likes

Do an ls sites/* from the bench directory. It will list the directory you have in there. The [site name] is the name of the directory that erpnext has been installed in. The default that all the instructions use is site1.local.

1 Like

Dear James_Robertson,

Below is my output to used ls sites/* from many location, it is not working. Maybe I donā€™t know what is bench directory, where is it? I try many thing following manual but almost not working, I think maybe it is not update to lasted version.

What should I do to solve this problem ? Sorry to asking you basic question due with I donā€™t know what is the right question?

tudtude@testsystem:/$ pwd
/
tudtude@testsystem:/$ ls sites/*
ls: cannot access 'sites/': No such file or directory
tudtude@testsystem:/$ whereis bench
bench: /usr/local/bin/bench
tudtude@testsystem:/$ cd /usr/local/bin
tudtude@testsystem:/usr/local/bin$ ls sites/

ls: cannot access ā€˜sites/*ā€™: No such file or directory
tudtude@testsystem:/usr/local/bin$ cd \

tudtude@testsystem:~$ pwd
/home/tudtude
tudtude@testsystem:~$ ls sites/*
ls: cannot access ā€˜sites/*ā€™: No such file or directory
tudtude@testsystem:~$

You need to run the command from the frappe-bench folder

1 Like

Wow, now I can used ls sites/*. I will try another process to make HTTPS:// for ver 7.2 if have any problem and let you know.

Thanks,
Tudtude

Step 1: Rename Site folder name

Switch to frappe user, if SSHā€™ed as root

          sudo su - frappe
	 cd frappe-bench/sites
	 mv site1.local mycompany.com

Step 2: Add hostname

 nano mycompany.com/site_config.json
 
Add the following line.

 "host_name": "http://mycompany.com",

It should look like below
	{
		"db_name": "site1.local",
		"db_password": "*********",
		"host_name": "http://domain.org"
	}

Be sure to add "," at the end of "db_password": "........",

 bench setup nginx

Step 3: Install Letsencrypt

	You need to have a DNS Multitenant Setup
		bench config dns_multitenant on

	cd /frappe/frappe/bench
	sudo -H bench setup lets-encrypt mycompany.com
6 Likes

Dear Javid_Hussain and all friend,

Now, it work I can used https://mycompany.com.

Dear new ERPNext user,

If you are new for Linux/google cloud/ERPNext donā€™t panic and stay clam. ERPNext are easy to setup in google cloud. Below are my step that it work for me (I donā€™t understand it but it work)

run command in your google ssh (yourname : accouut in google)

  1. yourname@testsystem:~$ apt-get update
  2. yourname@testsystem:~$apt-get upgrade
  3. yourname@testsystem:~$wget https://raw.githubusercontent.com/frappe/bench/master/playbooks/install.py
    sudo python install.py --production
  4. yourname@testsystem:~$sudo python install.py --production

If you have no any error you will have http://ipaddress for ERPNext, if you map you ipaddress with DNS service you will have http://youcompany.com as ERPNext web service

Next we need to make it to Https://yourcompany.com for your safety.

  1. yourname@testsystem:~$ sudo su - frappe
  2. frappe@testsystem:~$ cd frappe-bench/sites
  3. frappe@testsystem:~/frappe-bench/sites$ mv site1.local mycompany.com
  4. frappe@testsystem:~/frappe-bench/sites$ nano mycompany.com/site_config.json

nano just like text edit if you never used like me just check at youtobe, change text to

Add the following line.
ā€œhost_nameā€: ā€œhttp://mycompany.comā€,

It should look like below
{
ā€œdb_nameā€: ā€œsite1.localā€,
ā€œdb_passwordā€: ā€œ*********ā€,
ā€œhost_nameā€: ā€œhttp://domain.orgā€
}
Save and exit
9) frappe@testsystem:~/frappe-bench/sites$ cd ā€¦
10) frappe@testsystem:~/frappe-bench$ sudo -H bench setup lets-encrypt mycompany.com

After this step will request you to put some information just put ā€¦ woww, you will get https://

*** now still need to set auto renew *** I will try and update!

10 Likes

Hello Tudtube, Its really works.

Can you please update, how to auto renew this certificate.

Dear All,
This discussion thread was very useful. Iā€™m very new to all of these (EPRNext setup, Ubuntu OS, configuring network protocols) stuff. So, it may seem that I ask a silly question.
Can anyone advise what Iā€™m missing trying to setup HTTPS but on AWS?

  • UBUNTU 14.04.5 LTS
  • EC2 instance type: T2.MICRO

During my first attempt everything seemed to go well until I got the next error:

Creating virtual environmentā€¦
Installing Python packagesā€¦
Installation succeeded.
_The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead._
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter ā€˜cā€™ to
cancel): myemailhere@gmail.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/(C)ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Letā€™s Encrypt project and the non-profit
organization that develops Certbot? Weā€™d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.

(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for mysitename.in.ua
Waiting for verificationā€¦
Cleaning up challenges
Failed authorization procedure. coocoo.in.ua (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested b8adc4d295ee97b364c401b7f5172598.cafe9103d39809cac27b84840dafdfe1.acme.invalid from [2a00:7a60:0:104c::1]:443. Received 1 certificate(s), first certificate had names ā€œssl.hosting-admin.netā€

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: mysitename.in.ua
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
b8adc4d295ee97b364c401b7f5172598.cafe9103d39809cac27b84840dafdfe1.acme.invalid
from [2a00:7a60:0:104c::1]:443. Received 1 certificate(s), first
certificate had names ā€œssl.hosting-admin.netā€

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    INFO:bench.utils:sudo service nginx start
    There was a problem trying to setup SSL for your site
    gandolf@ip-172-31-42-54:~/frappe-bench$ cd sites/

Later I changed back everything to other site name and then changed back to site1.local but I now get this error:

> gandolf@ip-172-31-42-54:~/frappe-bench$ sudo -H bench setup lets-encrypt site1.local
> Running this will stop the nginx service temporarily causing your sites to go offline
> Do you want to continue? [y/N]: y
> INFO:bench.utils:sudo service nginx stop
> INFO:bench.utils:/opt/certbot-auto --config /etc/letsencrypt/configs/site1.local.cfg certonly
> The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead.
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Obtaining a new certificate
> An unexpected error occurred:
> The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
> Please see the logfiles in /var/log/letsencrypt for more details.
> INFO:bench.utils:sudo service nginx start
> There was a problem trying to setup SSL for your site
> gandolf@ip-172-31-42-54:~/frappe-bench$ 

Will appreciate any piece of advice from community?
Thanks

This may be helpful. I do this to enable https and use letsecrypt on default site (site1.local) on frappe bench:

  1. Set DNS Multitenancy on by running sudo bench config dns_multitenant on
  2. Add custom domain to site1.local by running sudo bench setup add-domain erp.example.com and enter site1.local when asked
  3. Setup letsecrypt by running sudo -H bench setup lets-encrypt site1.local --custom-domain erp.example.com
10 Likes