Installing SSL on simple Ruby/Sinatra web app

soundsessential · August 31, 2020, 6:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: test.soundsessential.com - just temporary and not actually set up yet

I ran this command: n/a

It produced this output: n/a

My web server is (include version): ?

The operating system my web server runs on is (include version): Ubuntu 18.04 with Ruby 2.5.1 and Sinatra

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Latest

I’m very new to this and could do with some help. I have a very simple web app that is using Ruby and Sinatra and I’d like to have SSL set up on it. Here’s what’s happened so far:
Launch AWS Ubuntu 18.04 server
Run updates
Install rvm
Install Ruby
Upload app files to data folder
Run gem install bundler
Then bundle install
Then start the app running

The app is then available and works on the IP address. I’ve been trying to figure out getting the SSL on there and I used Certbot from here: https://certbot.eff.org/lets-encrypt/ubuntubionic-other and went through the instructions. I was successful in getting a certificate and then it said ‘install your certificate’ - I’m stuck because I don’t know how to do this and can’t find any instructions out there.

So, I’m hoping someone can help with:
Step by step instructions for how to install the certificate for a complete newbie!
Same for how to have the certificate auto renew so I never need to worry about it expiring.

Many thanks for taking the time.

griffin · August 31, 2020, 6:52pm

Welcome to the Let’s Encrypt Community

I’m not exactly sure what parameters you used for certbot, but in guessing they might have included certonly. Since you haven’t supplied your actual domain name, I can’t see much. Let’s Encrypt certificates are publicly visible at https://crt.sh, so not listing your actual domain name doesn’t provide any real privacy.

soundsessential · August 31, 2020, 7:11pm

Thanks for the reply. I used:
sudo certbot certonly --standalone
to start the certificate process as per the instructions and as above succeeded. I used the subdomain above when submitting the request as I was just testing things. But the issue is I haven’t installed the certificate and don’t know how to. The server is actually shut down right now too.

So the question is more what steps do I take to install the certificate and what config files (maybe?) do I have to change within the Ruby/Sinatra environment and under these conditions will Certbot auto renew for me and how do I make that happen.

Sorry, super basic questions here!

griffin · August 31, 2020, 7:16pm

For your webserver, are you using apache or nginx or ?

soundsessential · August 31, 2020, 7:35pm

So, again newbie here, but I don’t think either. I did try running those certbots and they didn’t like it which is why I used the None Of The Above certbot version for Ubuntu 18.04. It’s a Ruby/Sinatra web app - like Ruby on Rails but different I believe.

griffin · August 31, 2020, 7:37pm

Back in a bit my friend.

griffin · August 31, 2020, 10:35pm

Sinatra is a framework and Ruby is a language. Are you actually running a webserver that's serving your app? Take a look around on your server. If you can get to a default page at your ip address there should be some indication.

soundsessential · August 31, 2020, 11:04pm

I really appreciate the help. Yeah I just booted it up, started the app, which runs over a certain port and if I go to the ip and port number, I see the very basic html page I set up. And I know the app does what it is supposed to when it’s running. If I go to just the IP address, I get server not found. Should I maybe head to a Ruby community?

griffin · August 31, 2020, 11:45pm

We can probably help you to a good extent though we do redirect people from time to time when they have an issue that’s very specific. If you just go to the ip address in a browser without the port, usually you’ll be directed to port 80, which seems to not be configured to serve anything, but I can’t say for sure working blind. When you used --standalone, a server instance was created for you that listened on port 80 to get the certificate. We still need to determine what is actually serving your app to the world though in order to properly enable SSL/TLS and install your private key and certificate.

Just a thought: AWS might have a certificate manager you can use:

https://itnext.io/using-letsencrypt-ssl-certificates-in-aws-certificate-manager-c2bc3c6ae10

soundsessential · September 1, 2020, 2:37pm

As far as I know it’s the Ruby/Sinatra app. I can change the port it gets served up on. @unixcharles has done some client stuff in Ruby but again it’s way over my head. I don’t see any private messaging within this community software and I’m hesitant to put too many details here publicly.

griffin · September 1, 2020, 4:28pm

You don't need to worry about the programming language in which the client is written. The only reason I am trying to determine your configuration is to properly guide you to install your certificate and private key, which requires some minor changes to your configuration. I'm probably overly-cautious about this step, but since it can cause troubles, I feel the caution is necessary, especially working blind with a newbie. To go a little further, certbot is able to make these changes for you to "install" your certificate, but not knowing your webserver platform can make this process imprecise. It can also rollback the changes if anything goes awry.

If you click on my griffin avatar, a box should pop up with a Message button.

soundsessential · September 1, 2020, 4:43pm

I don’t mind what we do to this server. I can just trash it and spin up a new one. Got that process down and is super quick. I’ll message next.

soundsessential · September 29, 2020, 7:11pm

I got an email alert that Pistle had responded saying to use rack-ssl, but I don't see that reply in the thread here.

I've looked that up and seems like I would need to install that gem and then in my app run the code provided to force ssl, but I'm still not sure how or where to copy the SSL to and keep it up to date.

Clearly in over my head(!) but if anyone can help with some super basic instructions, I'd be very grateful.

Thanks

system · October 29, 2020, 7:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.