static/minio-cookbook
1
0
Fork 0
mirror of https://github.com/astaxie/cookbook.git synced 2025-09-11 04:10:41 +03:00
Code Activity
Files
deekoder-patch-2
minio-cookbook/docs/generate-lets-encypt-certificate-using-concert-for-minio.md

88 lines
2.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Generate Let's Encrypt certificate using Concert for Minio [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/minio/minio?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[Lets Encrypt ](https://letsencrypt.org/) is a new free, automated, and open source, Certificate Authority.
[Concert ](https://docs.minio.io/docs/concert) is a console based certificate generation tool for Lets Encrypt. It is open source & one of the related project from Minio.
In this recipe, we will generate a Let's Encypt certificate using Concert. This certificate will then be deployed for use in the Minio server.
## 1. Prerequisites
* Install Minio Server from [here](https://docs.minio.io/docs/minio).
* Install Golang from [here](https://docs.minio.io/docs/how-to-install-golang).
## 2. Dependencies
* Port 443 for https needs to be open and available at time of executing `concert`.
* Concert needs root access while executing because only root is allowed to bind to any port below 1024.
* We will be using our own domain ``churchofminio.com`` as an example in this recipe. Replace with your own domain for your needs.
## 3. Recipe Steps
### Step 1: Install concert as shown below.
```sh
$ go get -u github.com/minio/concert
```
### Step 2: Generate Let's Encrypt cert.
```sh
$ sudo concert gen --dir my-certs admin@churchofminio.com churchofminio.com
2016/04/04 07:10:01 Generated certificates for churchofminio.com under my-certs will expire in 89 days.
```
### Step 3: Verify Certificates.
List certs saved in `my-certs` directory.
```sh
$ ls -l my-certs/
total 12
-rw------- 1 root root 227 Apr 4 07:10 certs.json
-rw------- 1 root root 1679 Apr 4 07:10 private.key
-rw------- 1 root root 3448 Apr 4 07:10 public.crt
```
### Step 4: Set up SSL on Minio Server with the certificates.
The generated keys via Concert needs to be placed inside users home directory at ``${HOME}/.minio/certs``
```sh
$ cp my-certs/private.key /home/supernova/.minio/certs/
$ cp my-certs/public.crt /home/supernova/.minio/certs/
```
### Step 5: Change ownership of certificates.
```sh
$ sudo chown supernova:supernova /home/supernova/.minio/certs/private.key
$ sudo chown supernova:supernova /home/supernova/.minio/certs/public.crt
```
### Step 6: Start Minio Server using HTTPS.
Start Minio Server as shown below.
```sh
$ ./minio server export/
```
### Step 7: Visit https://churchofminio.com:9000 in the browser.
![Letsencrypt](https://github.com/minio/cookbook/blob/master/docs/screenshots/letsencrypt-concert-minio.jpg?raw=true)
View Git Blame Copy Permalink