Skip to main content
Interania

Implementing Let's Encrypt SSL with Interana

0votes
4updates
23views

If you follow the Quick Start Guide, you'll be able to install and run an Interana instance but your site will show a "Not Secure" SSL error. This happens because the default installation includes an SSL certificate that won't include your URL / IP address (no offense, we just have no way of knowing what URL / IP address you'll be using!). 

If you'd like to fix this issue, you can use Let's Encrypt with your Interana instance. Let's Encrypt is a certificate authority that provides free SSL certificates.

To configure your instance to use Let's Encrypt certificates, follow the instructions in How To Secure Nginx with Let's Encrypt on Ubuntu 14.04, with the following changes: 

Changes to Step 2: Obtain a Certificate

  • You have already installed Nginx; ignore the instructions about installing it again. 
  • Your Nginx configuration file is located at /etc/nginx/sites-enabled/default
  • When you add the location ~ /.well-known... block to the configuration file, add it before the following lines: 

location / {
 rewrite ^ https://$http_host$request_uri? permanent;

 }

For example: 

server {
listen 80;
server_name ia.blueotterx.com;
access_log /var/log/interana/nginx-access.log interana_pipes;
location ~ /.well-known {
allow all;
}
location / {
rewrite ^ https://$http_host$request_uri? permanent;
}
location /api/v1/ {
return 403;
}
location /add_events {
uwsgi_pass unix:/tmp/streaming_postapi.sock;
include uwsgi_params;
}
}

Changes to Step 3: Configure TLS/SSL on Web Server (Nginx)

  • Your Nginx configuration file is located at /etc/nginx/sites-enabled/default
  • Comment out the interana certs and add the following lines to the configuration file:

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  • Use the following comments to test the configuration file and restart Nginx:

    • sudo nginx -t

    • sudo service nginx restart

  • Was this article helpful?