TLS/SSL Certificates

Provisioning TLS/SSL Certificates 🔐

Based on the "certs" variable present in the inventory file, it is possible to specify SSL certificates other than the "self-signed" ones generated by the default installation procedure.

The possible options are:

• selfsigned: will deploy a self-signed certificate (not recommended for production environments).

• custom: If the idea is to implement custom certificates, you should place the corresponding certificate and private key files under the instances/tenant_folder directory, named cert.pem and key.pem, respectively.

• certbot: will deploy an instance with a certificate generated by Let's Encrypt SSL.

In addition to that, port 80 must be accessible from the CA on the Internet (Certificate Authority), and we must have a valid email to receive renewals from the Let's Encrypt provider. When working with self-generated certificates using Certbot, we must ensure that our instance has a valid FQDN (Fully Qualified Domain Name) and its corresponding DNS resolution.

certs: certbot
fqdn: omlinstance.domain.com
notification_email: [email protected]

All methods apply to both new installations and updates, _except for Certbot (not available for upgrade procedures