Let’s Encrypt with Gunicorn
- Install certbot1
sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot
There’s a notification while adding repository which shows the repository is for Debian, and needs your confirmation before adding it. We can follow the link in the notification to check it supports certain version of Ubuntu or not.
- generate keys by using dns challenging in manual mode. Gunicorn doesn’t support accessing a local file from web by redirecting a certain URL, so http, in default, challenge doesn’t work. We don’t need to set the webroot since the key files are not automatically stored in it for the challenge later. Using the following command to generate keys.2
sudo certbot certonly --manual -d <domain name> --preferred-challenges dns
- set up TXT recording for challenge. During last step, certbot requires a DNS TXT record to be set before moving on. Set the TXT record accordingly and check its availability manually3.
dig -t txt <challenge domain>
- copy generated pem files under `/etc/letsencrypt/live/ to start gunicorn with following parameters4
--keyfile "privkey.pem" --certfile "cert.pem" --ca_certs "chain.pem"