SSL Geo-DNS

Let’s encrypt offers a method DNS method to request a SSL certificate which is recommended for a distributed EnterMedia installation. We require to install Certbot tool for Nginx.

Depending on your distribution nodes you should request the certificate from the closest node to Letsencrypt ACME endpoint. Verify Letsencrypt ACME protocol documentation for updates.

Request or renew a certificate:

sudo certbot certonly --manual --preferred-challenge=dns --email help@MYEMAIL.ORG --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d MYDOMAIN.entermediadb.net

Once you get your certificate deployed you need to copy it to your distribution nodes. You will find these 2 files under:

/etc/letsencrypt/live/YOURDOMAIN.entermediadb.net/fullchain.pem
/etc/letsencrypt/live/YOURDOMAIN.entermediadb.net/privkey.pem

 
Put this two files in the same location in your distribution nodes and configure Nginx to read certificate from that specific place:

server {
...
listen 443 ssl; #Global Certificate
ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.entermediadb.net/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.entermediadb.net/privkey.pem; 
...
}

Finally reload your nginx configuration:

sudo nginx -s reload