Skip to main content

Setup Web SSL

Currently your website should be running on http://YOUR_DOMAIN which is not secure. In this section we will enable HTTPS on the web with help of LetsEncrypt so you can access your site like https://YOUR_DOMAIN.

tip
  1. If you are using CloudFlare as your DNS Provider. You can use it's free SSL feature by enabling it from their dashboard and ignore this section. Read more about it here.

  2. If you are using MineTrax with Docker, Don't follow this section.

Certbot Installation & Issue Certificate

Follow the install and certificate issue process for your webserver either Apache2 or Nginx.

Install Certbot and it's Apache2 plugin with apt.

sudo apt install -y certbot python3-certbot-apache

Find what domain you have setup in your apache2 config file for minetrax minetrax.conf. In our case it was your_domain.com and www.your_domain.com.

Run the certbot to issue certificates for these domains. Make sure to replace your_domain.com with your own domain.

sudo certbot --apache -d your_domain.com -d www.your_domain.com

Finally incase it ask you if you want to Redirect all your traffic to https. Select the option to redirect (option 2 in most cases).

Now you should be able to access your website with https://YOUR_DOMAIN.

Update .env to use HTTPS

Now that we have HTTPS enabled on the website. We need to update our .env file to use HTTPS instead of HTTP.

Open the .env file in your favorite editor and update the APP_URL from http://YOUR_DOMAIN to https://YOUR_DOMAIN.

cd /var/www/minetrax
nano .env
APP_URL=https://YOUR_DOMAIN

Save the file and that's it.

Verify Certbot Auto-Renewal

LetsEncrypt certificates are valid only for 3 months. The certbot package we installed takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that's within thirty days of expiration.

Check the status of the timer.

sudo systemctl status certbot.timer

To check if auto renew will succeed.

sudo certbot renew --dry-run

If you see no errors, you're all set.