Get a certificate using sudo certbot certonly --nginx and setup nginx with bench setup nginx after adding the ssl_certificate and ssl_certificate keys in the site_config.json.
I noticed that methods 1 and (2, 3) outputs a slightly different frappe-bench.conf file and so I tried both.
There seems to be no problem with the config file as nginx runs fine with methods 1 and (2, 3):
System runs on Ubuntu 20.04. Frappe, ERPNext, bench versions are:
Last year, I have successfully enabled Let’s Encrypt Certificate in ERPNext using the command bench setup lets-encrypt in Ubuntu 18.04 but I’m at Ubuntu 20.04 now and certbot-auto seems to be deprecated already.
I have run out of ideas. Has anyone here experienced the same? I may have just missed something trivial. Is there anything else I could try?
I’ve been doing this for multiple sites today this is the way I did it:
sudo certbot certonly --nginx
Then
add to the ssl paths to the site_config.json
Then run
bench setup nginx
Then
sudo service nginx reload
Just as a side note: Don’t run sudo certbot --nginx because it creates it own configuration (as you noticed) which is not the configuration needed. If you do run it… run bench setup nginx followed by sudo service nginx reload to undo it.
I do remember I’ve tried these commands in my attempts: sudo service nginx reload sudo service nginx restart sudo service nginx stop; sudo service nginx start;
I’ll try again. Thanks!
Btw, not sure if it matters but are you also running on the same Ubuntu version?
No reason, just that this is an old installation that I have just picked up. I would update it but I will have to check first how that would impact the current environment.
I see so I should be able to do it too granting we have the same specs. Updating is something I could try next. Thanks!
Btw, the reload does not work for me I’m guessing there may be traces of certbot configs or files from my attempts to install the cert that should not be in the server.
I tried to clean up everything by running sudo certbot delete to delete the cert and uninstalled certbot through snap sudo snap remove certbot and manually deleted the letsencrypt files and folders.
And then again installed certbot and the cert/config nginx, but still no luck. Have I cleaned up the certbot files properly?
Should I resort to backup and restore the database in a newly set up ERPNext instance from a clean OS instead?
Ok, Here is what I do with the “snapd” version of running certbot. I will start with the process I use to install the snapd and finish with how I get my cert. BTW… This process automatically sets up the site_config.json to work properly and no additional edits are needed.
Here is the process (from one of my Tutorials):
Now it is time to work on the SSL certificate. First we need to make sure that ‘certbot’ is not already installed, so we will attempt to remove it just in case sudo apt-get remove certbot
Now we are going to install the package bundle provider and make sure it is all up-to-date with the latest release of ‘snapd’ and let it handle the certbot for us sudo apt install snapd sudo snap install core sudo snap refresh core
Now we use ‘snap’ service to automatically install and configure certbot to work perfectly with your new ERPNext server sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot
Now we can safely use the pre-configured certbot to install your SSL certificate sudo certbot --nginx (The system will pause at some point and ask you to select the site name you wish to install the certificate from a list of names it found. Be sure to select the URL you used and not ‘site1.local’ at this point)
I have been using this method now for about 3 months and I have done over 20 sites with it. I did one just this morning with v13.8.0 erpnext 13.8.1 frappe.
The only prerequisite is to have already run the “bench config dns_multitenant on” command before attemtping to install a SSL Cert.
Hi @karrycreativ. I’ve attempted to set up everything from scratch and followed your instructions and got the same result (site cannot be reached). Then I realized that there is another layer of firewall that I had to set up to allow inbound connection to the https port 443.
So I’m marking your answer as the solution. Thank you so much!