Skip to main content

Enable HTTPS

OrangeHRM Administrator
Updated

Learn how to generate SSL certificates using OrangeHRM AWS CLI. Make sure you have installed OrangeHRM Starter before continuing.

 

OrangeHRM AWS CLI uses Certbot to generate industry-standard SSL certificates. First, check the prerequisites below before proceeding.

Prerequisites for SSL

Elastic IP:

You should associate an Elastic IP with your EC2 instance. This prevents the IP from changing if the instance restarts. See Amazon’s documentation for more information.

Domain:

Certbot requires a fully qualified domain name (FQDN) to generate SSL certificates. Point your domain to your EC2 Instance IP before continuing.

Change Password After Installation:

The mobile application will not work with a weak password (like the one generated during installation). Change your password as described previously.

 

Generating the SSL Certificates

Run orangehrm ssl enable after meeting the prerequisites above.

Press ENTER to continue after reading the information about Certbot.

a3cef7a1-c82e-4745-b931-2fb31ec1e6bb.png

Certbot will request the following:

  • Email Address
  • Terms of Service Agreement
  • Mailing List Agreement
  • Comma-separated list of FQDNs

 

Certbot will then generate a certificate for the provided FQDNs. OrangeHRM AWS CLI will automatically configure the server for HTTPS.

You can use the domains in the given list to access your OrangeHRM Starter System.

Renewing Certificates Automatically

Let’s Encrypt Certificates expire in 3 months. You can run orangehrm ssl renew to manually renew them when this happens. 

Alternatively, you can run orangehrm ssl auto-renew to set up automatic certificate renewal.

fe742d5d-65bb-4568-9145-fd1f7f4d343c.png

Two files will be generated. Copy and run the command given at the end to move these files into the correct directory (this requires superuser privileges which is why it is not done automatically).

3f5e2e70-fac7-4a7a-9d11-08921b97369e.png

You have now successfully set up automatic certificate renewal.

 

Directly using Certbot to manage SSL Certificates

WARNING: Unless you have experience with Certbot and Docker, please stick to the commands given in the previous sections.

You can run Certbot commands using docker exec and the certbot container (which will be running after installing OrangeHRM Starter).

 

For example, 

certbot certificates 

becomes

docker exec certbot certbot certificates (the word “certbot” repeats because the container’s name is “certbot”)

 

You have to provide the webroot (/var/www/html) to generate SSL certificates.

 

Please see the Certbot documentation for more commands.

 

What’s Next?

You can go through the System Maintenance guide to get a better understanding of OrangeHRM AWS CLI.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.