Setting up SSL with LetsEncrypt and MeteorUp

carlosbaraza · February 7, 2016, 7:48pm

For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!

https://github.com/arunoda/meteor-up/pull/873

Thank you,
Carlos.

haraldloydl · February 9, 2016, 10:17am

the solved issue is here: https://github.com/arunoda/meteor-up/issues/651

selaias · February 10, 2016, 1:39pm

As I couldn’t make it work with stud, I end up using Nginx for that. It seems to be working fine now.
I guess I should switch to mupx which uses Nginx anyway.

humberto · March 9, 2016, 4:57pm

Hello, I’m using this more nginx to proxy the meteor port to the port 80/443.

There are any way to remove nginx ? I can’t run meteor on port 80 because I have a few apps runing on the same server, that why I need nginx.

thanks
Humberto

massimosgrelli · April 26, 2016, 8:06am

Do you have any cronjob sample for this?

waiholiu · May 5, 2016, 12:39pm

I’m attempting to try this on my prod server.

I can’t do this on my test server (I don’t own the domain name there) so I’m a little nervous.

Just a few questions,

if it all goes pear shape, how do I revert out of this? Do I just need to do “meteor deploy” again without the SSL stuff in mup.json?
I have another prod server that I plan to do this in the future, and it consists of a whole bunch of meteor apps all being served from port 80 using nginx. Will this process just SSH all of my sites on this server? And do I need to make changes to my nginx config to let in 443?
Someone already asked this but can someone post a sample of crontab job?

carina · May 6, 2016, 4:47pm

I’m just reading up on this myself, but here are some answers from what I understand.

Adding the SSL values in mup.json simply gets mup to use an additional front-end nginx server in front of the same bundled app you had before adding SSL. So yes, I would think you can revert your mup.json to remove the SSL key, do “mup deploy”, and get back your old deployment. mup also has a mechanism for falling back to a previous deployment in case the current deployment fails.
For similar reasons, unless your 2nd prod server somehow uses mup to set up nginx, you probably need to configure your nginx separately from mup. In that case I think you wouldn’t need to set up SSL for each individual app, assuming they’re all under the same domain.
The cron job solution is typically recommended for installations that are able to use the “webroot” option, which allows the cert to be issued without starting and stopping the server. So, a cron job may not make sense for the manual process discussed in this thread, where you need to stop and re-run mup deploy.

Again, this is all pretty new to me so anyone feel free to provide more info. Good luck, let us know how it goes!

sahandissanayake47 · June 13, 2016, 9:15am

is it ssl.pm or ssl.pem ?

elie · June 13, 2016, 4:02pm

Not sure it matters. Whatever you named the file

choemi · June 28, 2016, 4:58am

I tried to install LetsEncrypt on AWS EC2 instance, but I am failing here, aber downloading git and cd letsencrypt.

The error I get:

-bash: ./bootstrap/install-deps.sh: No such file or directory

Anyone with the same problem?

energistic · June 28, 2016, 1:04pm

@choemi You need to install letsencrypt on the machine that you do your development on. It’s likely your own laptop and not an EC2 instance. You can also try sh ./bootstrap/install-deps.sh instead.

choemi · June 28, 2016, 3:21pm

It doesn’t matter if I execute it on my MacBook or per SSH on an AWS ubuntu. I always get the same error message when trying to install it. Is there anything else I need to install?

login to your prod box ssh root@xx.xx.xx.xx
get the letsencrypt utility git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
compile letsencrypt with the next few commands
./bootstrap/install-deps.sh --> fails
./bootstrap/dev/venv.sh --> fails
source venv/bin/activate --> fails
…

energistic · June 28, 2016, 7:37pm

Looks like things have changed a lot. I wrote this guide 6 months ago and have switched to Galaxy, which has auto letsencrypt support.

Check out the updated documentation:

vigorwebsolutions · June 28, 2016, 7:40pm

I know that DO and AWS aren’t exactly the same, but if you spin up an ubuntu instance on AWS, I’m thinking most of this guide should work for you. I just walked through it last week, and with the exception of the fact that Docker installed out of the gate with mupx, it was exactly the same.

ajaxsoap · July 12, 2016, 12:38pm

General question:

I do have a meteor app on DO (app.domain.com) and a CMS website (www.domain.com) on top of Joomla on other hosting server.

I deploy my app on DO thru mup not mupx.

I want the two have ssl certificate, should I generate separate certificate for both even if they have the same domain?

Thanks!

energistic · July 12, 2016, 2:04pm

You can but you need to specify both the www and app version when you
create the certificate. I think you enter them comma separated or something.

choemi · July 12, 2016, 8:54pm

@vigorwebsolutions Thx for the guide! Works like a charm. Only problem I had was to download the key files from AWS because I could not access the folders on ubuntu (some problems with root access…). I finally could do it now by copy them from AWS to another server and then download them from their to my local machine.

xvendo · September 6, 2016, 7:22am

You will have a downtime in your APP with the STANDALONE version of letsencrypt. You should use webroot plugin instead! https://letsencrypt.readthedocs.io/en/latest/using.html#plugins