TLS/SSL Certificates
Provisioning TLS/SSL Certificates 🔐
Based on the "certs" variable present in the inventory file, it is possible to specify SSL certificates other than the "self-signed" ones generated by the default installation procedure.
The possible options are:
selfsigned: will deploy a self-signed certificate (not recommended for production environments).
custom: If the idea is to implement custom certificates, you should place the corresponding certificate and private key files under the instances/tenant_folder directory, named cert.pem and key.pem, respectively.
certbot: will deploy an instance with a certificate generated by Let's Encrypt SSL.
In addition to that, port 80 must be accessible from the CA on the Internet (Certificate Authority), and we must have a valid email to receive renewals from the Let's Encrypt provider. When working with self-generated certificates using Certbot, we must ensure that our instance has a valid FQDN (Fully Qualified Domain Name) and its corresponding DNS resolution.
All methods apply to both new installations and updates, _except for Certbot (not available for upgrade procedures
Última actualización