How to create Aqueduct Server key and cert file?

NTMS2017 · October 3, 2018, 8:08am

Hi,

I am developing mobile app and I am using aqueduct server on backend. https://aqueduct.io/docs/application/configure/#configuring-https explains to get cert and pem files from this site. But I don’t know how to apply to get server.key.pem and server.cert.pem?

I am using Ubuntu 18.04 and install the openssl 1.1.1_pre8

Any help please?

JuergenAuer · October 3, 2018, 9:23am

Hi @NTMS2017

first you have to start with an ACME-Client, that orders a new certificate. See

If you can use certbot, then you may use the certonly - option to get a certificate without installation.

Then you have two files, you can use these as server.key.pem and server.cert.pem.

NTMS2017 · October 3, 2018, 9:25am

Hi, Juergen

what is the best to use for Ubuntu 18.04 Desktop, ACME-Client or certbot?

Thanks

JuergenAuer · October 3, 2018, 9:26am

Certbot is an ACME-Client. So please read first

and

NTMS2017 · October 3, 2018, 9:56am

Thanks Juergen,

Problem is that I don’t use web site domain. Its a local machine with runs the Aqueduct Server via command terminal (https://aqueduct.io/docs/application/configure/#configuring-https). In their website talks about letsencrypt.org, so does letsencrypt.org did similar for aqueduct? Or without web site domain how to get cert and pem files?

I install Certbot to my Ubuntu 18.04 and in Certbot site state that " **Certbot’s DNS plugins are also available for your system which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server.**" but I cannot find any plugin for aqueduct server.

I guess only part is to use certonly - option but I am new to Certbot so I have no idea to get any help.

JuergenAuer · October 3, 2018, 10:14am

You need a public domain www.your-domain-name.com. Then there are two challenges (http-01 or dns-01 - validation) and three options:

You create an A-record www.your-domain-name.com to your local machine (via dynamic dns or something else), then you can use certbot to spin up a temporary webserver (with the --standalone - option) to validate your ownership of the domain.
Your dns-provider supports an api, so your local certbot uses a plugin to create a special dns text entry. That should work if your local machine is able to create outbound connections.
You create that dns entry manual (using the --manual - option). But you have to repeat that every 60 - 90 day, because Letsencrypt certificates only 90 days valide. So this is painful.

So you can use (3) to test it. But it's not really a solution.

https://certbot.eff.org/docs/using.html

NTMS2017 · October 3, 2018, 10:26am

Thank you very much. I will read the User Guide to get solution to my server. Kind Regards

system · November 2, 2018, 10:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.