Enable SSL certifiactes in ginkgo-edx-platform (vagrant box)

[sivashankerN]

Enable SSL certificates in ginkgo-edx-platform (vagrant box).

For this to be done, we can approach two methods

1. letsencrypt
2. Self signed certificates

[sivashankerN]

chose letsencrypt. Working on this, performing the steps mentioned here

[sivashankerN]

unable to add PPA sudo add-apt-repository ppa:certbot/certbot we are getting below error ERROR: '~certbot' user or team does not exist.

Looking into this

[sivashankerN]

The above problem is solved. Th problem was network proxy.

[sivashankerN]

Executed following commands on edx-platform vm

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

[sivashankerN]

when we run following command certbot --nginx It asks for email address for regular updates to be notified to.

Like bellow

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):

For this test,not given any email id.. If we don't give email address it suggests as follows

If you really want to skip this, you can run the client with
--register-unsafely-without-email but make sure you then backup your account key
from /etc/letsencrypt/accounts

 (Enter 'c' to cancel): 

[sivashankerN]

So, executed certbot --register-unsafely-without-email

[sivashankerN]

Followed the instructions and completed the steps. one of the step is asked for domain name. Given alpha.vlabs.ac.in but output says as follows Cannot find a VirtualHost matching domain alpha.vlabs.ac.in. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

checking this issue

[sivashankerN]

Added domain name alpha.vlabs.ac.in in /etc/nginx/sites-enabled/lms as a server_name and executed certbot --register-unsafely-without-email

[sivashankerN]

this time there is another problem Failed authorization procedure. alpha.vlabs.ac.in (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for alpha.vlabs.ac.in

[sivashankerN]

So for this, we may need to add A record in our DNS server.

making entry for alpha.vlabs.ac.in in private DNS server

[sivashankerN]

Still same problem exists even after giving A record in DNS server

[sivashankerN]

There is a problem with Letsencrypt configuration. We will look into this later

As Enabling SSL certificates in edx-platform is an urgent, we are enabling Self-Signed certificates

[sivashankerN]

Reference for enabling SSL self signed certificates in Ubuntu 16.04 on nginx service. Digital Ocean

[sivashankerN]

We were unable to access the web using domain name "alpha-openedx.vlabs.ac.in" from browser.

checked this link https://www.vagrantup.com/docs/networking/public_network.html There is a problem with default route in Virtualbox( vagrant box), so add the line use_dhcp_assigned_default_route: true in Vagrantfile and reloaded the box

then we are able to access the web page.

[sivashankerN]

LDS service is not loading iframe links with https( Self-signed certificates).

So, we are going to apply purchased certificates in the openedx-platform vagrant box.

[sivashankerN]

@ksripathi and @travula

As per our requirement

Purchased SSL certificates are enabled for "alpha-openedx.vlabs.ac.in" domain.

Please check and confirm.

for how to install ssl certificates in edx platform, please check the link https://gitlab.com/vlead-systems/port-labs-to-openedx/blob/master/src/platform-install-configure/index.org