Applying Let's Encrypt certificates on the Meeting server
About this task
The Sametime Meeting server is preconfigured with a self-signed certificate. This topic describes how to replace the self-signed certificate with a third-party certificate.
Note: Let's Encrypt certificates expire every 90 days. To
automatically renew the certificates, users can use Certbot.
Otherwise, users can renew certificates when they expire. Refer to the Let's Encrypt
documentation for details on using Certbot.
Kubernetes
About this task
Obtain one or more certificates and private key. Afterward, run the following commands to configure the Ingress to use them.
Procedure
-
For KEY_FILE specify the private key file and for CERT_FILE specify the certificates file.
kubectl -n ingress-nginx delete secret ingress-tls-cert export CERT_NAME=ingress-tls-cert export KEY_FILE=privkey.pem export CERT_FILE=fullchain.pem kubectl -n ingress-nginx create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE} kubectl patch deployment nginx-ingress-controller -n ingress-nginx --patch "$(cat kubernetes/ingress/nginx-tls-patch.yaml)"
-
Restart the ingress controller:
kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=0 kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=1
Docker
About this task
Generate a Let's Encrypt certificate. Afterward, apply the encryption certificate on the Sametime Meeting server.
Procedure
- Set ENABLE_LETSENCRYPT to 1 in the docker-compose.yml file.
-
Retrieve the PEM files provided by Let's Encrypt and locate the following
files.
- fullchain.pem
- privkey.pem
-
Copy the specified files into the following folder:
jitsi-config/web/letsencrypt/live/
Note: If you set a value for the LETSENCRYPT_DOMAIN, the path isjitsi-config/web/letsencrypt/live/<LETSENCRYPT_DOMAIN >/.
-
Restart the server to apply the changes.
docker-compose down
docker-compose up -d