experimental version of collectionbuilder, probably don't use! We've started to call this version CollectionBuilder-ES (Elastic!).
0
stars
1
forks
source link
Elasticsearch SSL is going to require an official (not-self-signed) certificate, which requires a domain name #37
Open
derekenos opened 4 years ago
Steps to get a working, valid cert
Create an "A" DNS record that points to the Droplet IP
Open port 80 on the Droplet as required by
certbot
Install and run the Let's Encrypt
certbot
(instructions)Cert files are generated in:
/etc/letsencrypt/live/<domain>
Copy cert files into Elasticsearch directory With some guidance from: https://www.elastic.co/fr/blog/x-pack-security-for-elasticsearch-with-lets-encrypt-certificates
In
/etc/elasticsearch/elasticsearch.yml
, replace:with
Restart Elasticsearch
It works!
Close port 80 on the Droplet
TODO
Schedule automatic renewal (need to have 80 open all the time?) Certs are valid for 90 days. Every < 90 do via CRON:
certbot renew