I am recently making wonderful progress with ERPNext as I’ve managed to move away from Apache, get Nginx working and have added a domain for my site as all I had was site1.local. The site is now accessible from my domain but I don’t have SSL setup yet.
I am familiar with and have used, LetsEncrypt in the past so I was hoping to use:
I’m guessing/thinking maybe I need to run the command with site1.local instead of my domain but…isn’t that going to cause a problem with LetsEncrypt…? Or will the domain get sent to them instead of site1.local?
I was about to experiment but then remembered spending a day fixing a messed up SSL certificate with LetsEncrypt (thanks to amazing real time volunteer support they provided) and would like to avoid that again if possible.
Edit/Addition:
Ok, as I search I’ve realized there is some additional information that should be included here.
I setup an additional domain using:
bench setup add-domain mydomain.com --site [site]
bench config dns_multitenant on
bench setup nginx
sudo service nginx restart
which didn’t work initially because the Nginx config was not simlinked to sites-enabled. After adding the simlink everything works.
I see that maybe changing the site1.local directory to mydomain.com and then also changing site1.local in currentsite.txt (found in the sites directory) to mydomain.com will then enable me (hopefully) to run: sudo bench setup lets-encrypt [site-name]
but I also see that the nginx.conf in /frappe-bench/config maps mydomain.com to site1.local.
So, I’m guessing (doing a lot of that ) that I will need to also edit the nginx.conf file or will the mapping simply be ignored…as there are also multiple listings in there for server_name?
Thanks but I’m afraid I’m stuck back at renaming my site. I tried renaming the site, as recommended elsewhere here on the forums, as follows:
Changed the name of the sites directory from site1.local to mydomain.com
Changed the current site listed in currentsite.txt to www.mydomain.com
Restarted Nginx and tried to access my instance of ERPNext but got the error site1.local does not exist. I’m guessing this is because I did not modify the nginx.conf file…?
So, I’ve returned everything to it’s previous state (site1.local) and am again able to access ERPNext.
Note - I ran the
sudo bench setup lets-encrypt my domain.com
and it shut down Nginx and did some work but did not obtain certificates. I have the directory /etc/letsencrypt but it only contains a “configs” directory with a cfg file titled mydomain.com and a cli.ini file. There are no .pem files.
My question is, I guess, at this point, how to do I change the site name to reflect my domain so I can then run a LetsEncrypt script?
Thanks again for your help. I returned everything to its original state (site1.local etc.) and went through the process of installing SSL certificates as specified on the LetsEncrypt site. It all worked (almost all) and I’m up and running now with SSL on ERPNext at my domain. I have an issue with a different web app (Moodle) but that is outside of the scope of these forums.
There is a newer and easier way to get the Lets Encrypt SSL certificates done without all of the renaming headaches. I spelled it out HERE in one of my tutorial posts about how to get up and running quickly. The process uses a package called “snapd” and it really simplifies everything. I recommend it for all newbies and experienced users as well.
Here is the relevant portion of the instructions for doing this. It assumes that ERPNExt is already up and running using python3. Just follow along and you will never have to rename anything:
Now login to the server using your favorite ssh client as the [USER] you used to install ERPNext above and then perform the following commands cd frappe-bench bench config dns_multitenant on bench setup add-domain --site site1.local [your.new.URL] bench setup nginx (answer Y to the question about replacing the config file) sudo service nginx restart cd ~
Now it is time to work on the SSL certificate. First we need to make sure that ‘certbot’ is not already installed, so we will attempt to remove it just in case sudo apt-get remove certbot
Now we are going to install the package bundle provider and make sure it is all up-to-date with the latest release of ‘snapd’ and let it handle the certbot for us sudo apt install snapd sudo snap install core sudo snap refresh core
Now we use ‘snap’ service to automatically install and configure certbot to work perfectly with your new ERPNext server sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot
Now we can safely use the pre-configured certbot to install your SSL certificate sudo certbot --nginx
(The system will pause at some point and ask you to select the site name you wish to install the certificate from a list of names it found. Be sure to select the URL you used and not ‘site1.local’ at this point)
Once this is done, you can close your ssh client, open a browser and type the URL of your server into the address bar and it should take you to the secured version of your ERPNext server.
One final note here. This method specifically does NOT rename bench or the site directories in order to provide flexibility later in the event you need to have multiple URL’s pointing to the same instance of ERPNext or if you need to change your URL for some reason in the future. Using the bench setup add-domain command makes this much simpler. The SSL certificate instructions I provided above are tailored to support this configuration.
@Touseef
To make sure we are clear about what is going on here I will restate the purpose of DNS Multi-tenant settings. This is used to add additional independent ERPNext sites to a single VPS server. Hosting multiple instances of ERPNext from a single server is one of the strong points of the package.
Okay. The rest would take some reading of the bench command syntax (and I suggest you do that at your earliest opportunity).
The command:
bench setup add-domain
This command is used to add domain names to already existing sites. For example, if you had “erp1.zyx.com” as a valid site, then the following example is how you would add additional URL’s to the site:
This would allow you to have 2 URL’s pointing to the same ERPNext site. So if you typed either erp1.zyx.com or erp.abc.com into a browser they would both take you to the exact same site.
That is an example of how to use: bench setup add-domain
The example I posted in the above referenced thread was an example of how to add a URL to the default site that the easy install script creates. When you turn on the dns multitenant, you need to be able to assign a URL to the default site. All other additional tenant sites require more work.
On the other hand…
If you want to add sites to an ERPNext multi-tenant server the command is different.
To do this, you would use the following commands: (using your example URL)
(assuming the dns multitenant is already turned on)
The above adds the site to the multi-tenant server. Then you can use the “snapd” client to install your TLS (SSL) certificates for the additional sites.
It may be helpful to do a search on the forum here for the tutorial or “how to” post regarding exactly how to setup DNS Multi-tenant sites. There are a few of them posted here.
Thank you for clarifying things. I did everything right. SSL was setup correctly. But I couldn’t access via https. I figured the issue was bench setup nginx. After setting up SSL if I run bench setup nginx this was wiping off the SSL configurations and so was unable to access https. So I reinstalled the SSL and this time did not run bench setup nginx.
Now all 3 website are accessible via https.
And I thank you once again for posting such a detailed explanation. Would definitely help someone for sure.