Configure HTTPS/SSL

**this page in a work in progress**

This is an optional, but highly recommended, step that will keep your data secure when using MyCRT. Before getting started, ensure that you have already followed this guide and that you can access your MyCRT instance over http. The rest of this guide will assume you have an ssh session onto the EC2 instance.

This guide will use letsencrypt and certbot to obtain an SSL certificate.

1: Ensure MyCRT is serving static files

curl localhost:80/api/ping
# Should return OK

curl localhost:80/test.txt 
# Should return:
# this is a test
# this is a test again

2: Obtain a Domain

Register a domain with Route 53, create a hosted zone, and a record set that points your domain to your EC2 instance. This needs to be done in order to obtain an SSL certificate fom letsencrypt. The URL provided below cannot be a default EC2 instance domain name because letsencrypt black lists those domains.

You should now be able to access MyCRT at 

http://your.domain.com/

3: Prepare Your Site for The ACME Challenge

4: Install Certbot

This can be done with

5: Obtain SSL Certificate

Certbot will ask a series of questions, and then procede to challenge the domain. If it passes, it will output some information about where your certificates can be found. This will usually be in /etc/letsencrypt/live/<your_domain>.

Now, link the certificates to mycrt

6: Modify MyCRT Settings

Change ssl in mycrt/service/mycrt.config.json to true

Restart MyCRT with

7: Modify EC2 Inbound Rules

Remove the HTTP inbound rules for your EC2 instance's security group.

Add HTTPS inbound rules for your EC2 instance's security group.

Verify these:

8: Access MyCRT through HTTPS

Now, open the MyCRT server with https as the protocol in place of http

Congratulations! Your MyCRT installation is now being served over HTTPS!

PreviousConfigure and Launch MyCRTNextMyCRT Configuration

Last updated