Installing Let’s Encrypt certificate in the EVE-NG Community edition involves a few steps. Here’s a detailed explanation:
How to install Lets Encrypt Certificate on Eve-ng helps you to secure your EVE-NG server with a trusted SSL certificate, enabling encrypted connections and enhancing the security of your EVE-NG environment. Let’s Encrypt is a widely recognized and free certificate authority that offers SSL certificates with a validity period of 90 days. By following the steps outlined below, you can obtain and install a Let’s Encrypt certificate in EVE-NG Community, ensuring secure access to your EVE-NG server for both you and your users.
Domain or Public IP: Make sure your EVE-NG Community server has a registered domain or a public IP address that you can use for SSL certificate generation and installation.
If you have Eve-ng Pro – Follow the Post How to install Lets Encrypt Certificate on Eve-ng Pro
Install Let’s Encrypt Certificate in Eve-ng
1. Certbot Installation:
Certbot is a command-line tool used to obtain and manage SSL certificates from Let’s Encrypt. Install Certbot on your EVE-NG server by following the instructions specific to your operating system. You can refer to the Certbot website (https://certbot.eff.org/) for detailed installation steps.
apt update
apt install certbot
2. Enable the SSL module
sudo a2enmod ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
3. Create a config file
cat << EOF > /etc/apache2/sites-enabled/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /opt/unetlab/html/
ErrorLog /opt/unetlab/data/Logs/ssl-error.log
CustomLog /opt/unetlab/data/Logs/ssl-access.log combined
Alias /Exports /opt/unetlab/data/Exports
Alias /Logs /opt/unetlab/data/Logs
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Location /html5/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /html5/websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
</VirtualHost>
</IfModule>
EOF
4. Generate SSL Certificate:
Run the following command on your EVE-NG server to generate the SSL certificate using Certbot:
You need to choose your full site name for this step. This sample will use your-domain-name.com
Replace “your-domain-name” with your actual domain or public IP address. Certbot will communicate with Let’s Encrypt, validate your ownership of the domain, and generate the SSL certificate.
certbot --apache -d your-domain-name.com
5. Restart Apache
Restart EVE-NG Apache to apply the SSL certificate changes.
/etc/init.d/apache2 restart
6. Test SSL Configuration:
Open a web browser and navigate to your EVE-NG server using the domain name or public IP address. Ensure the connection is secure (https://) and verify that the SSL certificate is valid and trusted.
SSL Certificate Renew in Eve-ng Community
Let’s Encrypt certificates have a validity period of 90 days. However, it is recommended to renew them every 60 days to account for any potential issues. The certbot-auto Let’s Encrypt client includes a “renew” command that automatically checks the currently installed certificates and attempts to renew them if they are less than 30 days away from expiration.
To ensure your certificates stay up to date, it is practical to create a cron job. A cron job is a scheduled task that runs automatically at specified intervals. By setting up a cron job, you can automate the certificate renewal process.
The renewal command performed by the cron job checks the expiration date of the certificates. If the certificate is less than 30 days away from expiration, the renewal process is triggered. This approach ensures that certificates are renewed only when necessary and avoids unnecessary renewals.
For the cron job interval, you can choose to run it every week or even every day, depending on your preference. The more frequent the renewal check, the lower the chances of certificates expiring.
By creating a cron job to automatically execute the renewal command, you can ensure that your Let’s Encrypt certificates are always up to date without the need for manual intervention. This provides a reliable and hassle-free way to maintain the validity of your SSL certificates.
Automate SSL Certificate Renew
Let’s edit the crontab to create a new job that will run the renewal command every week. To edit the crontab for the root user, run:
crontab -e
Include the following content, all in one line:
crontab
30 2 * * 1 certbot renew >> /var/log/le-renew.log
To disable SSL
a2dismod ssl /etc/init.d/apache2 restart