Cockpit with LetsEncrypt

Overview

Deploy the Cockpit with LetsEncrypt without a webserver. Cockpit will be run as daemon from systemd
For the configuration with apache follow this guide: Proxying Cockpit over Apache with LetsEncrypt

TLS/SSL certificate with Let's Encrypt

Documentation: https://certbot.eff.org/lets-encrypt/debianbuster-other
Install certbot: sudo apt-get install certbot

Get certificate, replace E-Mail and Domain with yours:

sudo certbot certonly --standalone --agree-tos --email YOUR-EMAIL-ADDRESS -d COCKPIT.YOUR-DOMAIN.COM

cockpit configuration

Create /etc/letsencrypt/deploy/update_cockpit_certificate.sh and replace your domain:

DOMAIN=COCKPIT.YOUR-DOMAIN.COM

echo "create /etc/systemd/system/cockpit.socket.d/listen.conf for run it as daemon on port 443"
cat <<EOF > /etc/systemd/system/cockpit.socket.d/listen.conf
[Socket]
ListenStream= 
ListenStream=9090 
ListenStream=443
EOF

echo "Create cert for cockpit"
cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem > /etc/cockpit/ws-certs.d/1-my-cert.cert
cat /etc/letsencrypt/live/$DOMAIN/privkey.pem >> /etc/cockpit/ws-certs.d/1-my-cert.cert

echo "Restart Daemon:"
echo "systemctl daemon-reload && systemctl restart cockpit.socket"
systemctl daemon-reload && systemctl restart cockpit.socket

echo "Check Cockpit https://$DOMAIN/"

After that, ensure that the script is executable:

chmod a+x /etc/letsencrypt/deploy/update_cockpit_certificate.sh

Home / About / Contributing / Cockpit project website

Home

About

Contributing

Design Guidelines

Team/Project guidelines

User Experience Research

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cockpit with LetsEncrypt

Overview

TLS/SSL certificate with Let's Encrypt

cockpit configuration

Clone this wiki locally