Skip to main content

Creating a Certificate

Nomadesk needs a valid SSL certificate to facilitate secure connections.
Nowadays it is very easy to obtain a free SSL certificate using Let's Encrypt with certbot.

Certbot with Docker and DNS-01 Challenge

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

Step 1: Prepare the Environment

Create the necessary directories:

mkdir -p /tmp/letsencrypt/data/etc/letsencrypt /tmp/letsencrypt/data/var/lib/letsencrypt

Step 2: Run Certbot with Docker

Run the Certbot Docker container, update the domain to your own:

mkdir -p /tmp/letsencrypt/data/etc/letsencrypt /tmp/letsencrypt/data/var/lib/letsencrypt
docker run -it --rm --name certbot \
    -v "/tmp/letsencrypt/data/etc/letsencrypt:/etc/letsencrypt" \
    -v "/tmp/letsencrypt/data/var/lib/letsencrypt:/var/lib/letsencrypt" \
    certbot/certbot certonly --manual --preferred-challenges dns -d "*.example.com"

Step 3: Follow Certbot Instructions

The Certbot wizard will prompt you for your email address and ask you to create a TXT record for your domain.

Cerbot wizard

Step 4: Verify the TXT Record

To verify the TXT record, use dig:

dig -t txt _acme-challenge.example.com

This should return the resulting record, for example:

_acme-challenge.example.com. 900 IN	TXT	"JqnGs10EqCm8nDiHV_rpCCmd_y1JNFad1SIPUTknBAI"

Press enter once the record has been applied.

Step 5: Check the Result

The result should look like this:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
warning

When setting up the Nomadesk Private Cloud Software Appliance, use the fullchain.pem as the public key and privkey.pem as private key.
Not using the full chain will cause the installer to not continue or in worst case fail during installation.

Step 6: Backup the Certificate

While not required, Nomadesk recommends backing up this directory so it can be reused for renewals.
The certificate is now saved in /tmp/letsencrypt/data/etc/letsencrypt/live/example.com.

While not needed, Nomadesk recommends backing up this directory so it can be re-used for renewals.