pterodactyl/documentation
1
0
Fork 0
mirror of https://github.com/pterodactyl/documentation.git synced 2025-12-10 10:44:43 -06:00
Code Issues Packages Projects Releases Wiki Activity
documentation/tutorials/creating_ssl_certificates.html

127 lines
39 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Creating SSL Certificates | Pterodactyl</title>
<meta name="generator" content="VuePress 1.9.10">
<link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" href="/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicons/favicon-16x16.png" sizes="16x16">
<link rel="mask-icon" href="/favicons/safari-pinned-tab.svg" color="#0e4688">
<link rel="manifest" href="/favicons/site.webmanifest">
<link rel="shortcut icon" href="/favicons/favicon.ico">
<meta name="description" content="Pterodactyl is an open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.">
<meta name="msapplication-config" content="/favicons/browserconfig.xml">
<meta name="theme-color" content="#0e4688">
<link rel="preload" href="/assets/css/0.styles.894cd3e9.css" as="style"><link rel="preload" href="/assets/js/app.b423fbf1.js" as="script"><link rel="preload" href="/assets/js/4.1c05de3a.js" as="script"><link rel="preload" href="/assets/js/2.638bc23b.js" as="script"><link rel="preload" href="/assets/js/68.06aa0e75.js" as="script"><link rel="prefetch" href="/assets/js/1.364681bc.js"><link rel="prefetch" href="/assets/js/10.08b9c98e.js"><link rel="prefetch" href="/assets/js/11.e264572d.js"><link rel="prefetch" href="/assets/js/12.a4261b01.js"><link rel="prefetch" href="/assets/js/13.43a16fbd.js"><link rel="prefetch" href="/assets/js/14.ed610c4a.js"><link rel="prefetch" href="/assets/js/15.2fc81408.js"><link rel="prefetch" href="/assets/js/16.80d778f6.js"><link rel="prefetch" href="/assets/js/17.aa66495a.js"><link rel="prefetch" href="/assets/js/18.57b733fd.js"><link rel="prefetch" href="/assets/js/19.ec92bd63.js"><link rel="prefetch" href="/assets/js/20.a720acbc.js"><link rel="prefetch" href="/assets/js/21.d99db7fa.js"><link rel="prefetch" href="/assets/js/22.8f7ee701.js"><link rel="prefetch" href="/assets/js/23.4a3e5e0b.js"><link rel="prefetch" href="/assets/js/24.14d17171.js"><link rel="prefetch" href="/assets/js/25.b2ca157b.js"><link rel="prefetch" href="/assets/js/26.55d35d4f.js"><link rel="prefetch" href="/assets/js/27.005f34ff.js"><link rel="prefetch" href="/assets/js/28.a5eb93d2.js"><link rel="prefetch" href="/assets/js/29.26f1f5b0.js"><link rel="prefetch" href="/assets/js/30.d2985bea.js"><link rel="prefetch" href="/assets/js/31.acd28f7f.js"><link rel="prefetch" href="/assets/js/32.f259a483.js"><link rel="prefetch" href="/assets/js/33.7c770712.js"><link rel="prefetch" href="/assets/js/34.e93e5695.js"><link rel="prefetch" href="/assets/js/35.a04be06d.js"><link rel="prefetch" href="/assets/js/36.9e445fd9.js"><link rel="prefetch" href="/assets/js/37.c39b55c9.js"><link rel="prefetch" href="/assets/js/38.e108ac1d.js"><link rel="prefetch" href="/assets/js/39.867da03c.js"><link rel="prefetch" href="/assets/js/40.34edc760.js"><link rel="prefetch" href="/assets/js/41.368a213d.js"><link rel="prefetch" href="/assets/js/42.ea03a576.js"><link rel="prefetch" href="/assets/js/43.74132eec.js"><link rel="prefetch" href="/assets/js/44.f5ae5bdc.js"><link rel="prefetch" href="/assets/js/45.4bb149c0.js"><link rel="prefetch" href="/assets/js/46.c1ed9730.js"><link rel="prefetch" href="/assets/js/47.0f24220f.js"><link rel="prefetch" href="/assets/js/48.07ebc20a.js"><link rel="prefetch" href="/assets/js/49.342049a1.js"><link rel="prefetch" href="/assets/js/5.8c798c34.js"><link rel="prefetch" href="/assets/js/50.0b4f4dc4.js"><link rel="prefetch" href="/assets/js/51.f11b077a.js"><link rel="prefetch" href="/assets/js/52.8e320849.js"><link rel="prefetch" href="/assets/js/53.944dc699.js"><link rel="prefetch" href="/assets/js/54.d6bff428.js"><link rel="prefetch" href="/assets/js/55.a226dbb6.js"><link rel="prefetch" href="/assets/js/56.f682278e.js"><link rel="prefetch" href="/assets/js/57.3b5f3f55.js"><link rel="prefetch" href="/assets/js/58.8fe9d86f.js"><link rel="prefetch" href="/assets/js/59.d3aa2768.js"><link rel="prefetch" href="/assets/js/6.cd87a2b3.js"><link rel="prefetch" href="/assets/js/60.6a6972b5.js"><link rel="prefetch" href="/assets/js/61.78ebf38b.js"><link rel="prefetch" href="/assets/js/62.53e80a9f.js"><link rel="prefetch" href="/assets/js/63.dfe26c31.js"><link rel="prefetch" href="/assets/js/64.58b54b08.js"><link rel="prefetch" href="/assets/js/65.372034bb.js"><link rel="prefetch" href="/assets/js/66.6040c100.js"><link rel="prefetch" href="/assets/js/67.275f5b02.js"><link rel="prefetch" href="/assets/js/69.e57354fd.js"><link rel="prefetch" href="/assets/js/7.f17059bf.js"><link rel="prefetch" href="/assets/js/70.d1a2a03a.js"><link rel="prefetch" href="/assets/js/71.023c6d55.js"><link rel="prefetch" href="/assets/js/8.758e7e8b.js"><link rel="prefetch" href="/assets/js/9.90f962cd.js">
<link rel="stylesheet" href="/assets/css/0.styles.894cd3e9.css">
</head>
<body>
<div id="app" data-server-rendered="true"><div><div class="theme-container"><header class="nav"><div class="sidebar-button block md:hidden flex-no-shrink"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <div class="logo-container"><a href="/" class="home-link router-link-active"><img src="/logos/pterry.svg" class="logo"> <span class="site-name hidden md:inline can-hide">Pterodactyl</span></a></div> <div class="w-full"><div class="flex"><div class="search-box"><input aria-label="Search" placeholder="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links flex-no-shrink hidden md:flex"><div class="nav-item"><a href="/project/introduction.html" class="nav-link">Documentation
</a></div><div class="nav-item"><a href="/community/about.html" class="nav-link">Community Guides
</a></div><div class="nav-item"><a href="https://discord.gg/pterodactyl" target="_blank" rel="noopener noreferrer" class="nav-link external">
Get Help
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://dashflo.net/docs/api/pterodactyl/v1/" target="_blank" rel="noopener noreferrer" class="nav-link external">
API
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <div class="nav-item"><a href="https://github.com/pterodactyl/panel" target="_blank" rel="noopener noreferrer" class="nav-link">
GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div></nav></div></div></header> <div class="sidebar-mask"></div> <div class="sidebar"><nav class="nav-links flex-no-shrink block md:hidden"><div class="nav-item"><a href="/project/introduction.html" class="nav-link">Documentation
</a></div><div class="nav-item"><a href="/community/about.html" class="nav-link">Community Guides
</a></div><div class="nav-item"><a href="https://discord.gg/pterodactyl" target="_blank" rel="noopener noreferrer" class="nav-link external">
Get Help
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://dashflo.net/docs/api/pterodactyl/v1/" target="_blank" rel="noopener noreferrer" class="nav-link external">
API
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <div class="nav-item"><a href="https://github.com/pterodactyl/panel" target="_blank" rel="noopener noreferrer" class="nav-link">
GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div></nav> <ul class="sidebar-links"><li><div class="sidebar-group first"><p class="sidebar-heading"><span>Project Information</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/project/introduction.html" class="sidebar-link">Introduction</a></li><li><a href="/project/about.html" class="sidebar-link">About</a></li><li><a href="/project/terms.html" class="sidebar-link">Terminology</a></li><li><a href="/project/community.html" class="sidebar-link">Community Standards</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Panel</span> <!----> <div tabindex="0" class="version-select custom-select float-right"><div class="selected"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div> <span class="arrow"></span></div> <div class="items hidden"><div class="item"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div></div></div></div></p> <ul class="sidebar-group-items"><li><a href="/panel/1.0/getting_started.html" class="sidebar-link">Getting Started</a></li><li><a href="/panel/1.0/webserver_configuration.html" class="sidebar-link">Webserver Configuration</a></li><li><a href="/panel/1.0/additional_configuration.html" class="sidebar-link">Additional Configuration</a></li><li><a href="/panel/1.0/updating.html" class="sidebar-link">Updating the Panel</a></li><li><a href="/panel/1.0/troubleshooting.html" class="sidebar-link">Troubleshooting</a></li><li><a href="/panel/1.0/legacy_upgrade.html" class="sidebar-link">Legacy Upgrades</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Wings</span> <!----> <div tabindex="0" class="version-select custom-select float-right"><div class="selected"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div> <span class="arrow"></span></div> <div class="items hidden"><div class="item"><div class="inline-block">
1.11
<span class="rounded-full ml-2 text-green-dark">current</span></div></div></div></div></p> <ul class="sidebar-group-items"><li><a href="/wings/1.0/installing.html" class="sidebar-link">Installing Wings</a></li><li><a href="/wings/1.0/upgrading.html" class="sidebar-link">Upgrading Wings</a></li><li><a href="/wings/1.0/migrating.html" class="sidebar-link">Migrating to Wings</a></li><li><a href="/wings/1.0/configuration.html" class="sidebar-link">Additional Configuration</a></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading open"><span>Tutorials</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/tutorials/mysql_setup.html" class="sidebar-link">Setting up MySQL</a></li><li><a href="/tutorials/creating_ssl_certificates.html" aria-current="page" class="active sidebar-link">Creating SSL Certificates</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/tutorials/creating_ssl_certificates.html#creating-a-certificate" class="sidebar-link">Creating a Certificate</a></li></ul></li></ul></div></li><li><div class="sidebar-group"><p class="sidebar-heading"><span>Guides</span> <!----> <!----></p> <ul class="sidebar-group-items"><li><a href="/guides/mounts.html" class="sidebar-link">Using Mounts</a></li></ul></div></li></ul> </div> <div class="page"> <div class="content content__default"><h1 id="creating-ssl-certificates"><a href="#creating-ssl-certificates" class="header-anchor">#</a> Creating SSL Certificates</h1> <p>This tutorial briefly covers creating new SSL certificates for your panel and wings.</p> <div class="tabs-component"><ul role="tablist" class="tabs-component-tabs"></ul> <div class="tabs-component-panels"><section aria-hidden="true" id="method-1:-certbot" role="tabpanel" class="tabs-component-panel" style="display:none;"><p>To begin, we will install certbot, a simple script that automatically renews our certificates and allows much
easier creation of them. The command below is for Ubuntu distributions, but you can always check <a href="https://certbot.eff.org/" target="_blank" rel="noopener noreferrer">Certbot's official
site<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> for installation instructions. We have also included a command below to install certbot's
Nginx/Apache plugin so you won't have to stop your webserver.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> <span class="token function">apt</span> update
<span class="token function">sudo</span> <span class="token function">apt</span> <span class="token function">install</span> <span class="token parameter variable">-y</span> certbot
<span class="token comment"># Run this if you use Nginx</span>
<span class="token function">sudo</span> <span class="token function">apt</span> <span class="token function">install</span> <span class="token parameter variable">-y</span> python3-certbot-nginx
<span class="token comment"># Run this if you use Apache</span>
<span class="token function">sudo</span> <span class="token function">apt</span> <span class="token function">install</span> <span class="token parameter variable">-y</span> python3-certbot-apache
</code></pre></div><h2 id="creating-a-certificate"><a href="#creating-a-certificate" class="header-anchor">#</a> Creating a Certificate</h2> <p>After installing the certbot, we need to generate a certificate. There are a couple of ways to do that, but the easiest
is to use the web server-specific certbot plugin you just installed. For Wings-only machines that don't need a web server, use the standalone or DNS method of the certbot as you don't need a web server for it.</p> <p>Then, in the command below, you should replace <code>example.com</code> with the domain you would like to generate a certificate
for. When you have multiple domains you would like certificates for, simply add more <code>-d anotherdomain.com</code> flags to the
command. You can also look into generating a wildcard certificate but that is not covered in this tutorial.</p> <p>When you are using certbot's Nginx/Apache plugin, you won't need to restart your webserver to have the certificate
applied assuming that you've already configured the webservers to use SSL as instructed in the <a href="https://pterodactyl.io/panel/1.0/webserver_configuration.html" target="_blank" rel="noopener noreferrer">web server configuration step<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>.</p> <h3 id="http-challenge"><a href="#http-challenge" class="header-anchor">#</a> HTTP challenge</h3> <p>HTTP challenge requires you to expose port 80 for the challenge verification.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token comment"># Nginx</span>
certbot certonly <span class="token parameter variable">--nginx</span> <span class="token parameter variable">-d</span> example.com
<span class="token comment"># Apache</span>
certbot certonly <span class="token parameter variable">--apache</span> <span class="token parameter variable">-d</span> example.com
<span class="token comment"># Standalone - Use this if neither works. Make sure to stop your webserver first when using this method.</span>
certbot certonly <span class="token parameter variable">--standalone</span> <span class="token parameter variable">-d</span> example.com
</code></pre></div><h3 id="dns-challenge"><a href="#dns-challenge" class="header-anchor">#</a> DNS challenge</h3> <p>DNS challenge requires you to create a new TXT DNS record to verify domain ownership, instead of having to expose port 80. The instructions are displayed when you run the certbot command below.</p> <div class="language-bash extra-class"><pre class="language-bash"><code>certbot <span class="token parameter variable">-d</span> example.com <span class="token parameter variable">--manual</span> --preferred-challenges dns certonly
</code></pre></div><h3 id="auto-renewal"><a href="#auto-renewal" class="header-anchor">#</a> Auto Renewal</h3> <p>You'll also probably want to configure the automatic renewal of certificates to prevent unexpected certificate expirations.
You can open crontab with <code>sudo crontab -e</code> and add the line from below to the bottom of it for attempting renewal every day at 23 (11 PM).</p> <p>Deploy hook would restart the Nginx service to apply a new certificate when it's renewed successfully. Change <code>nginx</code> in the restart command to suit your own needs, such as to <code>apache</code> or <code>wings</code>.</p> <p>For advanced users, we suggest installing and using <a href="https://acme.sh" target="_blank" rel="noopener noreferrer">acme.sh<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>
which provides more options, and is much more powerful than certbot.</p> <div class="language-text extra-class"><pre class="language-text"><code>0 23 * * * certbot renew --quiet --deploy-hook &quot;systemctl restart nginx&quot;
</code></pre></div><h3 id="troubleshooting"><a href="#troubleshooting" class="header-anchor">#</a> Troubleshooting</h3> <p>If you get an <code>Insecure Connection</code> or SSL/TLS related error when trying to access your panel or wings, the certificate has likely expired.
This can be easily fixed by renewing the SSL certificate, although using the command <code>certbot renew</code> might not do the job if port 80 is in use, as it'll return errors like: <code>Error: Attempting to renew cert (domain) from /etc/letsencrypt/renew/domain.conf produced an unexpected error</code>.</p> <p>This will happen especially if you're running Nginx instead of Apache. The solution for this is to use Nginx or Apache plugins with <code>--nginx</code> and <code>--apache</code>. Alternatively, you can stop Nginx, then renew the certificate, and finally restart Nginx. Replace <code>nginx</code> with your own web server or with <code>wings</code> should you be renewing the certificate for Wings.</p> <p>Stop Nginx:</p> <div class="language-bash extra-class"><pre class="language-bash"><code>systemctl stop nginx
</code></pre></div><p>Renew the certificate:</p> <div class="language-bash extra-class"><pre class="language-bash"><code>certbot renew
</code></pre></div><p>Once the process has completed, you can restart the Nginx service:</p> <div class="language-bash extra-class"><pre class="language-bash"><code>systemctl start nginx
</code></pre></div><p>You may also need to restart Wings as not every service is able to automatically apply an updated certificate:</p> <div class="language-bash extra-class"><pre class="language-bash"><code>systemctl restart wings
</code></pre></div></section> <section aria-hidden="true" id="method-2:-acme.sh-(using-cloudflare-api)" role="tabpanel" class="tabs-component-panel" style="display:none;"><p>This is for advanced users, whose server systems do not have access to port 80. The command below is for Ubuntu distributions and CloudFlare API (you may google for other APIs for other DNS providers), but you can always check <a href="https://github.com/acmesh-official/acme.sh" target="_blank" rel="noopener noreferrer">acme.sh's official site<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> for installation instructions. Make sure you read both instructions, as some people may have moved to CloudFlare's <a href="https://blog.cloudflare.com/permissions-best-practices" target="_blank" rel="noopener noreferrer">new authorization system<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> (Modern), but others <a href="https://cloudflare.tv/event/ea8JJLgR" target="_blank" rel="noopener noreferrer">have not<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> (Legacy).</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">curl</span> https://get.acme.sh <span class="token operator">|</span> <span class="token function">sh</span>
</code></pre></div><h3 id="obtaining-cloudflare-api-key-legacy"><a href="#obtaining-cloudflare-api-key-legacy" class="header-anchor">#</a> Obtaining CloudFlare API Key (Legacy)</h3> <p>After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, select your domain, then on the right side, copy your &quot;Zone ID&quot; and &quot;Account ID&quot; then click on &quot;Get your API token&quot;, click on &quot;Create Token&quot; &gt; select the template &quot;Edit zone DNS&quot; &gt; select the scope of &quot;Zone Resources&quot; and then click on &quot;Continue to summary&quot;, copy your token.</p> <h3 id="creating-a-certificate-2"><a href="#creating-a-certificate-2" class="header-anchor">#</a> Creating a Certificate</h3> <p>Since the configuration file is based on Certbot, we need to create the folder manually.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> <span class="token function">mkdir</span> <span class="token parameter variable">-p</span> /etc/letsencrypt/live/example.com
</code></pre></div><p>After installing acme.sh and obtaining CloudFlare API key, we need to then generate a certificate. First, input the CloudFlare API credentials.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token builtin class-name">export</span> <span class="token assign-left variable">CF_Token</span><span class="token operator">=</span><span class="token string">&quot;Your_CloudFlare_API_Key&quot;</span>
<span class="token builtin class-name">export</span> <span class="token assign-left variable">CF_Account_ID</span><span class="token operator">=</span><span class="token string">&quot;Your_CloudFlare_Account_ID&quot;</span>
<span class="token builtin class-name">export</span> <span class="token assign-left variable">CF_Zone_ID</span><span class="token operator">=</span><span class="token string">&quot;Your_CloudFlare_Zone_ID&quot;</span>
</code></pre></div><h3 id="obtaining-cloudflare-api-key-modern"><a href="#obtaining-cloudflare-api-key-modern" class="header-anchor">#</a> Obtaining CloudFlare API Key (Modern)</h3> <p>After installing acme.sh, we need to fetch a CloudFlare API key. On Cloudfare's website, click on your profile on the top right. Then go to &quot;My Profile&quot;, on the left you will find &quot;API Tokens&quot;. Click it and it'll bring you to <a href="https://dash.cloudflare.com/profile/api-tokens" target="_blank" rel="noopener noreferrer">the API tokens page<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>. Select &quot;Create Token&quot; and use the &quot;Edit zone DNS&quot; template. Then once on the next page, go to &quot;Zone Resources&quot; and &quot;Include&quot; - &quot;Specific Zone&quot; - (Select the domain you want to use). Then continue to the summary. Confirm you'd like to create the token.</p> <h3 id="creating-a-certificate-3"><a href="#creating-a-certificate-3" class="header-anchor">#</a> Creating a Certificate</h3> <p>Since the configuration file is based on Certbot, we need to create the folder manually.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> <span class="token function">mkdir</span> <span class="token parameter variable">-p</span> /etc/letsencrypt/live/example.com
</code></pre></div><p>After installing acme.sh and obtaining the CloudFlare API key, we need to then generate a certificate. First, input the CloudFlare API credentials.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token builtin class-name">export</span> <span class="token assign-left variable">CF_Key</span><span class="token operator">=</span><span class="token string">&quot;Your_CloudFlare_API_Key&quot;</span>
<span class="token builtin class-name">export</span> <span class="token assign-left variable">CF_Email</span><span class="token operator">=</span><span class="token string">&quot;Your_CloudFlare_Email&quot;</span>
</code></pre></div><p>Then create the certificate. Since the API key is bound to the domain, Cloudflare should allow you to generate one.</p> <div class="language-bash extra-class"><pre class="language-bash"><code>acme.sh <span class="token parameter variable">--issue</span> <span class="token parameter variable">--dns</span> dns_cf <span class="token parameter variable">-d</span> <span class="token string">&quot;example.com&quot;</span> <span class="token parameter variable">--server</span> letsencrypt <span class="token punctuation">\</span>
--key-file /etc/letsencrypt/live/example.com/privkey.pem <span class="token punctuation">\</span>
--fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem
</code></pre></div><h3 id="auto-renewal-2"><a href="#auto-renewal-2" class="header-anchor">#</a> Auto Renewal</h3> <p>After running the script for the first time, it will be added to the crontab automatically. You may edit the auto-renewal interval by editing the crontab.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> <span class="token function">crontab</span> <span class="token parameter variable">-e</span>
</code></pre></div></section> <section aria-hidden="true" id="method-3:-caddy-(using-cloudflare-api)" role="tabpanel" class="tabs-component-panel" style="display:none;"><p>This is for advanced users, who are running Cloudflare in proxy mode or do not have access to port <code>80</code>.</p> <h3 id="installing-caddy-with-cloudflare-dns-plugin"><a href="#installing-caddy-with-cloudflare-dns-plugin" class="header-anchor">#</a> Installing Caddy with Cloudflare DNS plugin</h3> <p>Caddy does not come by default with Cloudflare DNS plugin, you need to install it yourself.</p> <p>There are two main methods:</p> <ol><li>Using <code>xcaddy</code> - CLI tool to build your own Caddy build</li> <li>Downloading prebuilt binary from <a href="https://caddyserver.com/download" target="_blank" rel="noopener noreferrer">Caddy's download page<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>.</li> <li>Using Ansible to download and install Caddy with plugins. See <a href="https://github.com/caddy-ansible/caddy-ansible" target="_blank" rel="noopener noreferrer">caddy-ansible<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ol> <h4 id="build-caddy-using-xcaddy-on-your-server"><a href="#build-caddy-using-xcaddy-on-your-server" class="header-anchor">#</a> Build Caddy using <code>xcaddy</code> on your server</h4> <p>Please refer to <a href="https://caddyserver.com/docs/build#xcaddy" target="_blank" rel="noopener noreferrer">Caddy docs on building Caddy<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>.</p> <h3 id="obtaining-cloudflare-api-token"><a href="#obtaining-cloudflare-api-token" class="header-anchor">#</a> Obtaining CloudFlare API Token</h3> <p>After installing acme.sh, we need to fetch a CloudFlare API key. Please make sure that a DNS record (A or CNAME record) is pointing to your target node, and set the cloud to grey (bypassing CloudFlare proxy). Then go to My Profile &gt; API keys and on Global API Key subtab, click on &quot;view&quot;, enter your CloudFlare password, and copy the API key to clipboard.</p> <p>After install Caddy with Cloudflare DNS plugin, we need to fetch a Cloudflare API token. Please make sure that a DNS record (A or CNAME record) is pointing at your target node. Then go to My Profile &gt; API Tokens and on API Tokens click &quot;Create Token&quot;. Create API Token &gt; API token templates, at the end of line with &quot;Edit zone DNS&quot;, click &quot;Use template&quot;. Under <strong>Zone Resources</strong>, select your DNS zone for which you wish to create the API token, click &quot;Continue to summary&quot;. Review the API token summary and click &quot;Create Token&quot;. And finally copy the API token to clipboard.</p> <h3 id="reconfiguring-caddy-to-use-cloudflare-dns-for-obtaining-certificates"><a href="#reconfiguring-caddy-to-use-cloudflare-dns-for-obtaining-certificates" class="header-anchor">#</a> Reconfiguring Caddy to use Cloudflare DNS for obtaining certificates</h3> <p>Create an environment variable file (like <code>.env</code>), keep in mind that this file contains secrets and should not be accessed by public.</p> <p>We recommend that you create the secret file in the following location: <code>/etc/caddy/.secrets.env</code>.</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token assign-left variable">CLOUDFLARE_API_TOKEN</span><span class="token operator">=</span><span class="token operator">&lt;</span>your cloudflare api token<span class="token operator">&gt;</span>
</code></pre></div><p>For security reasons, we recommend setting permissions to <code>0600</code> (only owner can read or write to the file).</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token comment"># Set ownership of the `.secrets.env` file to `caddy` system user</span>
<span class="token function">chown</span> caddy:caddy /etc/caddy/.secrets.env
<span class="token comment"># Set read-write permissions only to owner - the `caddy` system user</span>
<span class="token function">chmod</span> 0600 /etc/caddy/.secrets.env
</code></pre></div><p>Modify the systemd unit file, to load environment variables from file (add <code>--envfile /etc/caddy/.secrets.env</code> flag to <code>ExecStart</code>), the default systemd unit file location is <code>/etc/systemd/system/caddy.service</code>:</p> <div class="language-unit extra-class"><div class="highlight-lines"><br><br><br><br><br><br><br><br><br><br><br><div class="highlighted"> </div><br><br><br><br><br><br><br><br><br><br></div><pre class="language-text"><code>[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --envfile /etc/caddy/.secrets.env --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
</code></pre></div><p>You can add a <code>tls</code> block to your <code>Caddyfile</code>, under the <code>&lt;domain&gt;</code> block of your panel configuration, the Caddy config file location is <code>/etc/caddy/Caddyfile</code>:</p> <div class="language-caddyfile extra-class"><div class="highlight-lines"><br><br><br><br><div class="highlighted"> </div><div class="highlighted"> </div><div class="highlighted"> </div><br></div><pre class="language-text"><code>&lt;domain&gt; {
# ...
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
</code></pre></div></section></div></div></div> <div class="page-edit"><div class="edit-link"><a href="https://github.com/pterodactyl/documentation/edit/master/tutorials/creating_ssl_certificates.md" target="_blank" rel="noopener noreferrer">Help us improve this page.</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <!----></div> <div class="page-nav"><p class="inner"></p> <div class="prev"><span>
<a href="/tutorials/mysql_setup.html">Setting up MySQL</a></span></div> <div class="next"><span><a href="/guides/mounts.html">Using Mounts</a>
</span></div></div> </div></div></div><div class="global-ui"></div></div>
<script src="/assets/js/app.b423fbf1.js" defer></script><script src="/assets/js/4.1c05de3a.js" defer></script><script src="/assets/js/2.638bc23b.js" defer></script><script src="/assets/js/68.06aa0e75.js" defer></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink