Cockpit with LetsEncrypt

Overview

Deploy the Cockpit with LetsEncrypt without a webserver. Cockpit will be run as daemon from systemd
For the configuration with apache follow this guide: Proxying Cockpit over Apache with LetsEncrypt

TLS/SSL certificate with Let's Encrypt

Documentation: https://certbot.eff.org/lets-encrypt/debianbuster-other
Install certbot: sudo apt-get install certbot

Get certificate, replace E-Mail and Domain with yours:

sudo certbot certonly --standalone --agree-tos --email YOUR-EMAIL-ADDRESS -d COCKPIT.YOUR-DOMAIN.COM

cockpit configuration

Create /etc/letsencrypt/deploy/update_cockpit_certificate.sh and replace your domain:

DOMAIN=COCKPIT.YOUR-DOMAIN.COM

# Copy cert for cockpit
install -m 644 /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/cockpit/ws-certs.d/1-letsencrypt.cert
install -m 640 -g cockpit-ws /etc/letsencrypt/live/$DOMAIN/privkey.pem /etc/cockpit/ws-certs.d/1-letsencrypt.key

# force a restart to pick up new certificate; this will interrupt existing sessions!
# if you don't do this, cockpit.service will idle-timeout a minute ,after the last session closed
systemctl stop cockpit.service

After that, ensure that the script is executable:

chmod a+x /etc/letsencrypt/deploy/update_cockpit_certificate.sh

Home / About / Contributing / Cockpit project website

Home

About

Contributing

Design Guidelines

Team/Project guidelines

User Experience Research

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cockpit with LetsEncrypt

Overview

TLS/SSL certificate with Let's Encrypt

cockpit configuration

Clone this wiki locally