LetsEncrypt SSL

 Top  Previous  Next

CirrusPrint on Linux will recognize a previously configured LetsEncrypt SSL certificate configuration.  This depends on several things:

 

A public domain address is provided that points to the CirrusPrint server machine.  You need a machine environment with a static IP address for this.  This can be an A or CNAME DNS record.  LetsEncrypt will not issue certificates for IP addresses or domain names that are often temporary, such as an Amazon AWS ec2 address.  You must use a domain name provided through a public DNS service.
 
CirrusPrint is listening on standard ports (80 and 443), or you have another web server configured to listen on the above domain, port 80.
 
LetsEncrypt's certbot is installed and has been used to request a certificate for the domain.  This can be done using their 'webroot' command line syntax.  The webroot directory is the CirrusPrint server's "web" directory (i.e. /opt/cp20/web), or the webroot of the external web server listening on port 80.  Be sure to also configure automatic renewal.  For example:
 
certbot certonly --webroot -w /opt/cp20/web/ -d cp20.example.com
 
This would request certificates for the domain cp20.example.com, using the CirrusPrint server installed at /opt/cp20.  The server would have to be listening on port 80 for HTTP requests.  The certbot program offers a testing mechanism (the --dry-run option) to verify configuration before committing to a live certificate install.  See their website for documentation.
 
A public domain URL is listed in the CirrusPrint configuration for Public Host Names (i.e. https://cp20.example.com).  Note that the server will auto-assign a public domain if the system's host name appears to be non-local.  However, in some cloud hosting environments, this name will reflect a data center host name rather than a public one, so you should verify that a truly public hostname is configured.  Configure the public host names first, then restart the server.
 
As long as no SSL certificate configuration has been configured, CirrusPrint will look for a LetsEncrypt certificate configuration in their standard location: /etc/letsencrypt/live/domain.  If a public hostname domain is found in /etc/letsencrypt/live, the certificate paths appropriate for either Apache or Nginx are configured.  This auto-configuration occurs when CirrusPrint is started up.