Skip to main content

How to obtain an SSL certificate for a node?

Congratulations! Now you have a started and functional node, responding by http. Now, let's set up https! Follow the steps below:

  1. Ensure that you use root account. It is necessary for further steps.

  2. Install acme.sh by running the following command. Please, specify your real e-mail address:

    apt-get install socat
    curl https://get.acme.sh | sh -s email=my@example.com

    where

    my@example.com — your active e-mail. Make sure, you have replaced it with your e-mail address.

  3. Log out of the system.

  4. Log in again.

  5. Obtain the certificate. To do this, run the following command:

    tip

    If you have reached the threshold, try another server. Use the link for more information.

    info

    Here you may receive the "Timeout" error.

    The reason is in closed tcp/80 port.

    The solution is to open this port or turn the firewall off.

    acme.sh --issue --standalone -d your_node.example.com
    tip

    If you have the following error:

    acme.sh: command not found

    Run:

    source ~/.bashrc
    danger

    your_node.example.com is an example. Replace it with your node link.

  6. Install the certificate by running the following command:

    acme.sh --install-cert -d your_node.example.com \
    --cert-file /opt/thepower/db/cert/your_node.example.com.crt \
    --key-file /opt/thepower/db/cert/your_node.example.com.key \
    --ca-file /opt/thepower/db/cert/your_node.example.com.crt.ca.crt
    danger

    your_node.example.com is an example. Replace it with your node link.

After you've installed the certificate, you can get the certificate status by running the following command:

acme.sh --info -d your_node.example.com

where

your_node.example.com — your node address link. Replace it with your node link.

  1. Stop your node and restart it:

    1. Docker:

      1. docker stop tpnode
      2. docker rm tpnode
      3. docker rmi thepowerio/tpnode
      4. docker run -d \
        --name tpnode \
        --restart unless-stopped \
        --mount type=bind,source="$(pwd)"/db,target=/opt/thepower/db \
        --mount type=bind,source="$(pwd)"/log,target=/opt/thepower/log \
        --mount type=bind,source="$(pwd)"/node.config,target=/opt/thepower/node.config \
        --mount type=bind,source="$(pwd)"/genesis.txt,target=/opt/thepower/genesis.txt \

        <!--The commands below specify all necessary local ports. 
        In this example ports `api`, `apis`, and `tpic` are used. 
        Specify the port of your chain from `node.config` file.-->

        -p 1800:1800 \
        -p 1080:1080 \
        -p 1443:1443 \
        thepowerio/tpnode

    2. Source:

      1. systemctl stop tpnode.service

      2. Create a file tpnode.service under /etc/systemd/system directory. The file must contain the following:

        [Unit]
        Description=tpnode service
        Requires=network.target
        After=network.target

        [Service]
        Type=forking
        ExecStart=/opt/thepower/bin/thepower start
        ExecStop=/opt/thepower/bin/thepower stop
        User=root
        Group=root
        Restart=on-failure

        [Install]
        WantedBy=multi-user.target

      3. Run the following command to rerun all generators , reload all unit files and recreate the entire dependency tree. While the daemon is being reloaded, all sockets systemd listens to on behalf of user configuration will stay accessible:

        systemctl daemon-reload

      4. Run the following command to enable the service after reboot:

        systemctl enable tpnode.service

      5. Start the node using the following command:

        systemctl start tpnode.service