Configure HTTPS/SSL
**this page in a work in progress**
This is an optional, but highly recommended, step that will keep your data secure when using MyCRT. Before getting started, ensure that you have already followed this guide and that you can access your MyCRT instance over http. The rest of this guide will assume you have an ssh session onto the EC2 instance.
This guide will use letsencrypt and certbot to obtain an SSL certificate.
1: Ensure MyCRT is serving static files
2: Obtain a Domain
Register a domain with Route 53, create a hosted zone, and a record set that points your domain to your EC2 instance. This needs to be done in order to obtain an SSL certificate fom letsencrypt. The URL provided below cannot be a default EC2 instance domain name because letsencrypt black lists those domains.
You should now be able to access MyCRT at
3: Prepare Your Site for The ACME Challenge
4: Install Certbot
This can be done with
5: Obtain SSL Certificate
Certbot will ask a series of questions, and then procede to challenge the domain. If it passes, it will output some information about where your certificates can be found. This will usually be in /etc/letsencrypt/live/<your_domain>.
Now, link the certificates to mycrt
6: Modify MyCRT Settings
Change ssl in mycrt/service/mycrt.config.json to true
Restart MyCRT with
7: Modify EC2 Inbound Rules
Remove the HTTP inbound rules for your EC2 instance's security group.
Add HTTPS inbound rules for your EC2 instance's security group.
Verify these:
8: Access MyCRT through HTTPS
Now, open the MyCRT server with https as the protocol in place of http
Congratulations! Your MyCRT installation is now being served over HTTPS!
Last updated