Configure TLS with LetsEncrypt and Certbot

Cyberwatch can use Certbot and LetsEncrypt to generate a valid TLS certificate. This requires the Cyberwatch machine to be accessible from the internet. The renewal of the certificate is automatic. The following steps describe how to enable the management of the certificates by Certbot. They can be followed during Cyberwatch installation or after Cyberwatch has been installed.

Prerequisites

  • Cyberwatch must be installed with the Docker Swarm Orchestrator. The Kubernetes Orchestrator is not supported.
  • The Cyberwatch machine must be accessible through HTTP for URLs matching:

    http://<domain-name>/.well-known/acme-challenge/*
    

Configuration

  1. Reconfigure Cyberwatch with the Certbot feature:

    sudo cyberwatch configure --certbot
    

    If your instance is more complex than a single node, you need to specify again which configuration to use.

    For instance, on a master node with an external database, the command is:

    sudo cyberwatch configure --certbot --master --no-db