Difference between revisions of "Let's Encrypt"

Line 10: Line 10:
 
*Port 80 on the primary IP must be available. This is required by Let's Encrypt the verification process.
 
*Port 80 on the primary IP must be available. This is required by Let's Encrypt the verification process.
 
** [Linux] Port 80 must not be used by other web servers.
 
** [Linux] Port 80 must not be used by other web servers.
 +
** [Linux] On masters the control panel website must use the built in web server not nginx. If you are using nginx [[Configure_the_TCAdmin_website_to_run_with_Nginx#Get_a_certificate_from_Let.27s_Encrypt_.28optional.29|follow these instructions]].
 
** [Windows] Port 80 may be used by IIS but not by other web servers.
 
** [Windows] Port 80 may be used by IIS but not by other web servers.
  

Revision as of 00:11, 22 March 2021

TCAdmin 2.0.162 and greater supports automatically creating Let's Encrypt certificates for the control panel website and remote server. This feature requires the MVC control panel.

Features

  • Supports custom domain or subdomain (make sure it resolves to your server's primary IP).
    • If you don't specify a subdomain the primary IP's reverse DNS name will be used. If this fails it will fall back to [server-ip].dyn.tcadmin.net
  • Improved speed in file manager uploads and downloads.
    • When using the control panel with https the file manager upload/downloads go directly to the remote server instead of being uploaded to the master first then to the remote. This improves performance when the master and remote are on different datacenters.

Requirements

  • Port 80 on the primary IP must be available. This is required by Let's Encrypt the verification process.
    • [Linux] Port 80 must not be used by other web servers.
    • [Linux] On masters the control panel website must use the built in web server not nginx. If you are using nginx follow these instructions.
    • [Windows] Port 80 may be used by IIS but not by other web servers.

Configure Let's Encrypt

  • Go to Sever Management > Servers > Select your server
  • Under "Let's Encrypt Configuration" check "Enable support for Let's Encrypt"
  • Specify a custom domain or sub domain. If it's not specified it will be generated automatically.
  • Save then select Tools > Restart Monitor.
  • The certificate will be generated in less than 5 minutes.
    • If you didn't specify a domain you should see the autogenerated domain in the server settings after it has been configured correctly.
  • You should be able to access your control panel using https://domain:secureport

Troubleshooting (Windows)

Open a command prompt as administrator and execute these commands to check for errors while creating a certificate. Replace <your-ip> with your server's primary IP.

cd C:\Program Files\TCAdmin2\Monitor\Tools\LetsEncrypt-Windows
create.bat <your-ip>.dyn.tcadmin.net


Troubleshooting (Linux)

Execute these commands from SSH to check for errors while creating a certificate. Replace <your-ip> with your server's primary IP.

cd /home/tcadmin/Monitor/Tools/LetsEncrypt-Linux
./create.sh <your-ip>.dyn.tcadmin.net

How to...

Use the control panel without the port (https://domain)
[Windows] Set the monitor's secure port to 443, save and restart.
[Linux] Edit /home/tcadmin/Monitor/tcadmin-config and set SECURE_WEB_PORT to 443. Then restart the monitor.


Enable Let's Encrypt for many remote servers.
Execute this command on your database:
UPDATE tc_servers SET direct_fileman_allowed=1 WHERE server_id <> 1;
Then go to Server Management > Servers > Restart Remotes.


Force https
Go to Settings > Security Settings. Set SSL Access = All pages
Retrieved from "https://help.tcadmin.com/index.php?title=Let%27s_Encrypt&oldid=2412"