Generate SSL Certificates using Letsencrypt

Generate certificates

Install letsencrypt and certbot.

sudo apt install certbot

Generate Certificate.

sudo certbot certonly --agree-tos --manual --preferred-challenges=dns -d *.openg2p.sandbox.net -d openg2p.sandbox.net

The above command will ask for _acme-challenge, since the chosen challenge is of type DNS. Create the _acme-challenge TXT DNS record accordingly, and continue with the above prompt to certs generation.
The generated certs should be present in /etc/letsencrypt directory.

Renew certificates

Run the same generate certs command to renew certs.

sudo certbot certonly --agree-tos --manual --preferred-challenges=dns -d *.openg2p.sandbox.net -d openg2p.sandbox.net

The above command will generate new pair of certificates. The DNS challenge needs to be performed again, as prompted.
Run the following to upload new certs back to Kubernetes Cluster. Adjust the certs path in the below command.

kubectl delete secret tls-openg2p-ingress -n istio-system
kubectl create secret tls tls-openg2p-ingress -n istio-system \
  --cert=/etc/letsencrypt/live/openg2p.sandbox.net-renewed/fullchain.pem \
  --key=/etc/letsencrypt/live/openg2p.sandbox.net-renewed/privkey.pem

PreviousAdditional Guides NextPackaging OpenG2P Docker

Last updated 6 days ago