Installing SSL on v13

Hi,
Has anyone tried installing Lets Encrypt / SSL on VPS based installation of ERPNext v13 beta?? How did it go? Could you please share steps to successfully install it after fresh ERP installation?

TIA

1 Like

Follow the steps below:

Install Certbot

sudo apt install certbot python3-certbot-nginx

Modify your Nginx file to add your domain to server_name using your preferred editor (I prefer nano but you can use vi or any other editor).

sudo nano /etc/nginx/sites-available/default

Add your domain name(s) to the server_name field:

server_name yourdomain.com;

Save the change and exit the editor. Then test your Nginx config to ensure your changes are correct:

sudo nginx -t

If you see Syntax is ok then you’re good to move on. Reload your Nginx config:

sudo systemctl reload nginx

The last step is to run the command to install the certificate:

sudo certbot --nginx -d yourdomain.com

If all the steps above were carried out successfully then your certificate will be installed. Also, Certbot will auto-enable renewal of the certificate so you never have to bother yourself again. But if you want to be sure that the auto renewal is enabled, run the following command:

sudo systemctl status certbot.timer

You can also test the renewal process by running the following command:

sudo certbot renew --dry-run

I hope this helps.

6 Likes

Thanks !! Followed the entire process but unfortunately I am still accessing the site only on http and on https I get error that site can not be reached :frowning:
I had run all the commands through root.

i think there has been changes from certbot side regarding the installation procedures. try this if on ubuntu :

If snapd is not installed,

sudo apt install snapd

Update snapd

sudo snap install core; sudo snap refresh core

Remove existing installations of certbot

sudo apt-get remove certbot

Install certbot

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

For one-step automatic ssl installation

sudo certbot --nginx

or, if you prefer manual installation

sudo certbot certonly --nginx

Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. So no further steps are required. If necessary, you can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run
6 Likes

I followed the instructions given at this link:

Now ssl / https does work - However, the page looks like the screenshot. Any help to fix this plz?

@usmanalikhan
This error is not related to ssl. I was able to replicate this error on a fresh test install now and I am unable to figure out a fix for the issue. Perhaps someone else might have a better insight into the error and how to fix it.

I suggest opening your browser’s debugging tools. Examine the output to console. Also examine the Network traffic.

My guess is that certain HTTP calls are not successful (code != 200). Most likely failed calls to CSS/JS would make your page appear like that.

The root cause might be firewall rules on the VPS, blocking certain traffic. Or the contents of nginx.conf, which control how routes and resources are loaded when using Nginx + TLS + ERPNext.

Once you have a better idea of browser errors, that should lead you toward Next Steps.

you can install webmin on your fresh ubuntu server to use its file manager and editor as well

@usmanalikhan UPDATE: I just confirmed that this issue of the page looking like this is not related to ssl or version 13. I just installed version 12 and got the same issue.

Yes - i tried it on v12 and had same issue too. I was using 1MB RAM VPS. When i changed it to 2MB RAM server, the issue got resolved on v12.
On v13, I just reinstalled (on 1MB RAM VPS) and this time issue didn’t show up.

Thanks @flexy2ky for your proactive support!!!

bench build will fix this.
If your server doesn’t have enough RAM, this command fails as JS builds are memory intensive.

1 Like

Indeed you’re right. building js fails due to the VPS running out of memory. Increasing the memory fixed it. I guess there should be a revision for minimum hardware requirements because 1GB RAM certainly won’t work anymore.

I think many members here recommend min of 2GB RAM.

This worked for me with alot of ease… no renaming of site name required… this was important since whenever I changed the site name it threw some errors that site not found… error 404.

Thank you @flexy2ky

Yes and it also doesn’t require you to run DNS multitenant (although this recommended for security reasons) if you do not wish to so you can access your site via IP address if for any reason you can’t access via your domain url.

1 Like

after recent updates when i run the command bench setup add-domain, it shows the domain is already added to site1.local but when installing certbot it does not appear in list.

image

Ok…so I found out whats happening. the Bench setup add-domain followed by bench setup nginx are not adding the domain to the nginx.conf file in frappe-bench. I had to manually had to the domain to the server_name list. Mentioning here so may be it helps someone else.

3 Likes

Problem solved

thank you… it worked well for me