Installation and configuration of automatic renewal, free Let’s Encrypt SSL certificate, for a domain on the CRYSTAL v1.0 project

Before working with this instruction, you need to connect the domain.

1. Changing the .env.prodDomain file in the frontend part to work via the ‘https’ protocol, and building the project for domain.

Change the sample text to the name of your domain and enter the command:

cd /var/www/crystal/frontend && rm -vr ./env/.env.prodDomain && echo VITE_BASE_URL=https://YourDomain/api > ./env/.env.prodDomain && pnpm buildProdDomain

Example:

cd /var/www/crystal/frontend && rm -vr ./env/.env.prodDomain && echo VITE_BASE_URL=https://crysty.ru/api > ./env/.env.prodDomain && pnpm buildProdDomain

2. Changing the .env.prodDomain file in the backend part of the project.

For secure operation of the Cookie, the attribute – ‘Secure’, will be assigned the status – ‘true’. The status will be assigned through the variable – ‘COOKIE_SECURE_STATUS’.

Enter the commands sequentially:

cd /var/www/crystal/backend && rm -vr ./env/.env.prodDomain && echo PRODUCTION_STATUS=true > ./env/.env.prodDomain

echo COOKIE_SECURE_STATUS=true >> ./env/.env.prodDomain && pm2 restart 0

3. Installing certbot.

Enter the command:

apt-get install certbot && apt install python3-certbot-nginx

4. Let’s Encrypt SSL certificate generation.

Enter the command and replace the sample text with your domain:

sudo certbot --nginx -d YourDomain -d www.YourDomain

example:

sudo certbot –nginx -d crysty.ru -d www.crysty.ru

Next, enter your email address. After entering the email, you need to read the questions and give some consent.

When the certificate is ready, you will see a text like this in the console:

Successfully received certificate.

Nginx will reboot with the new settings.

Twice a day, the timer – certbot, will check the certificate status, and automatically renew the certificate if its expiration time is approaching.

You can make sure that the timer is present by entering the command:

sudo systemctl status certbot.timer

After entering the command, there should be a message like this:

● certbot.timer – Run certbot twice daily Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; preset: enabled) Active: active (waiting) since Tue 2024-01-23 04:50:45 UTC; 1h 23min ago Trigger: Tue 2024-01-23 20:06:16 UTC; 13h left Triggers: ● certbot.service Jan 23 04:50:45 crystal-vm-1 systemd[1]: Started certbot.timer – Run certbot twice daily.

5. Restart certbot timer after VM reboot.

Enter the command:

systemctl enable --now certbot.timer

Open the project site with your domain, via the protocol – ‘https’, the SSL certificate should work.

You can make the site much more secure by adding some rules to the Nginx server, according to this instructions.