LetsEncrypt https challenge in development environments

LetsEncrypt HTTPS Challenge

yarn environment:init script automatically handles this configuration you, check https://github.com/opencrvs/documentation/blob/master/v2.0.0/setup/3.-installation/3.3-set-up-a-server-hosted-environment/4.3.1-create-a-github-environment

If you are provisioning a development environment for learning purposes outside of a VPN, then this block is all you need in order to configure the LetsEncrypt HTTPS challenge mechanism for SSL cert generation.

Update traefik helm chart values by adding following code snippet to environments/<env name>/traefik/values.yaml

ports:
  # ...
  websecure:
    # ...
    # 👇 Check this section at websecure entrypoint
    http:
      tls:
        enabled: true
        certResolver: letsencrypt

certificatesResolvers:
  letsencrypt:
    acme:
      tlsChallenge: false
      httpChallenge:
        entryPoint: web
      # 👇 Put admin email here
      email: <admin email>
      # Storage for certificates:
      storage: /certificates/acme.json
      # NOTE: Sometimes Let's Encrypt hit production SSL certificate issuing limits
      #       If you are having issues, switch to staging
      # Staging server
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      # Production server
      # caServer: https://acme-v02.api.letsencrypt.org/directory

# Let's encrypt TLS resolver requires read/write volume
additionalVolumeMounts:
- mountPath: /certificates
  name: acme

deployment:
  hostNetwork: true
  # Attach volume to the traefik deployment
  additionalVolumes:
  - hostPath:
      path: /data/traefik
    name: acme

See full example at examples/dev/traefik/values.yaml

Commit and push changes
Run "Provision" workflow or deploy traefik manually

Traefik & ACME Certificates Resolver - Traefikdoc.traefik.io

PreviousTLS/SSL Configuration for traefik NextLetsEncrypt DNS challenge in production

Last updated 1 month ago