You can setup Lets Encrypt SSL certificate - You just need to follow the commands -
$ bench config dns_multitenant on
$ bench new-site example.com
$ bench setup nginx
$ sudo service nginx reload
$ sudo -H bench setup lets-encrypt example.com
2 Likes
When i enable dns multitenant on, i am not able to browse to my erpnext website using public domain. When i disable the multitenant, i am able to browse the erpnext website using public domain eg: erp.example.com:8090. i have use port 8090 and trying to install lets encrypt ssl certificate but i couldnt. Your help will be higly appreciate please.
Hi Can you explain me in details. Where you have hosted your site and all. I will try to help you for sure.
- I have a physical server machine and hosted two website (eg: site1.com and erp.site1.com). site1.com is hosted in windows server in physical machine and erp.site1.com is hosted in ubuntu server in virtual machine using virtual box.
i have installed Lets encrypted SSL certificate for site1.com and port forwarded port 443 to site1.com in my router and everything works fine.
i have used port 8090 (erp.site1.com:8090) and port forwarded port 8090 to erp.site1.com from my router and work fine untill when multitenant is in off. i can even access from outside network to my erp.site1.com:8090. But the problem is, after enabling multitenant on and installing ssl certificate, i am not able to browse my erp.site1.com:8090. i have done bench setup nignix, sudo service nginx restart also.
Using port 443 in erp.site1.com is working fine. but i cant forwards same port for two website. therefore, i want to used port 8090 for erp.site1.com.
Please help me. i have even installed ssl in erp.site1.com:8090 using DNS as per video tutorial Create an SSL Certificate Without Ports 80 and 443 (Certbot/LetsEncrypt) (youtube.com) but i am still not able to browse when multitenant is in on.
Thank you
Hi @Yongstars:
There are 2 multitenant modes: port based and DNS based.
Read this.
https://frappeframework.com/docs/user/en/bench/guides/setup-multitenancy#port-based-multitenancy
Anyway, as you said above … your frappe environment just host 1 site, the other one is hosted in your windows machine … so … there is no multitenant scenario here?
Maybe I missunderstand something.
Thank you for you prompt reply sir. With Port based multitenancy, i am able to browse my site with URL. http://erp.site1.com:8090. i want to secure my web page with ssl. i tried to install ssl with “bench config dns_multitenant off” scenario. i am not able to detect my real domain name. Instead detected my site name/folder name site1.com. Its should detect erp.site1.com. in other scenario “bench config dns_multitenant on” i am able to detect my site folder name site1.com and erp.site1.com and i am able to install lets encrypted SSL in erp.site1.com. after installing SSL certificate and i tried to browse with URL:http://erp.site1.com:8090, but its not reachable. What would be the issue? any idea pleas.
Hi @Yongstars:
I guess, your router have some NAT rules:
443 → Your VM machine (frappe) local IP address
8090 → Your host (web server) local IP address
Domain DNS (for erp.site1.com and site1.com) records pointing to your public IP address.
Your frappe machine have NGINX running, and listening to 443 port, with SSL certificate for erp.site1.com installed properly.
Your web server machine is running and listening on 8090 port, and ready to receive requests for site1.com
If this is correct … frappe-side NGINX is not managing 8090 traffic …