How to obtain an SSL certificate for a node?
Congratulations! Now you have a started and functional node, responding by http
. Now, let's set up https! Follow the steps below:
-
Ensure that you use
root
account. It is necessary for further steps. -
Install
acme.sh
by running the following command. Please, specify your real e-mail address:apt-get install socat
curl https://get.acme.sh | sh -s email=my@example.comwhere
my@example.com
— your active e-mail. Make sure, you have replaced it with your e-mail address. -
Log out of the system.
-
Log in again.
-
Obtain the certificate. To do this, run the following command:
tipIf you have reached the threshold, try another server. Use the link for more information.
importantHere you may receive the "Timeout" error.
The reason is in closed
tcp/80
port.The solution is to open this port or turn the firewall off.
acme.sh --issue --standalone -d your_node.example.com
tipIf you have the following error:
acme.sh: command not found
Run:
source ~/.bashrc
warningyour_node.example.com
is an example. Replace it with your node link. -
Install the certificate by running the following command:
acme.sh --install-cert -d your_node.example.com \
--cert-file /opt/thepower/db/cert/your_node.example.com.crt \
--key-file /opt/thepower/db/cert/your_node.example.com.key \
--ca-file /opt/thepower/db/cert/your_node.example.com.crt.ca.crtwarningyour_node.example.com
is an example. Replace it with your node link.
After you've installed the certificate, you can get the certificate status by running the following command:
acme.sh --info -d your_node.example.com
where
your_node.example.com
— your node address link. Replace it with your node link.
-
Stop your node and restart it:
-
Docker:
-
docker stop tpnode
-
docker rm tpnode
-
docker rmi thepowerio/tpnode
-
docker run -d \
--name tpnode \
--restart unless-stopped \
--mount type=bind,source="$(pwd)"/db,target=/opt/thepower/db \
--mount type=bind,source="$(pwd)"/log,target=/opt/thepower/log \
--mount type=bind,source="$(pwd)"/node.config,target=/opt/thepower/node.config \
--mount type=bind,source="$(pwd)"/genesis.txt,target=/opt/thepower/genesis.txt \
<!--The commands below specify all necessary local ports.
In this example ports `api`, `apis`, and `tpic` are used.
Specify the port of your chain from `node.config` file.-->
-p 1800:1800 \
-p 1080:1080 \
-p 1443:1443 \
thepowerio/tpnode
-
-
Source:
-
systemctl stop tpnode.service
-
Create a file
tpnode.service
under/etc/systemd/system
directory. The file must contain the following:[Unit]
Description=tpnode service
Requires=network.target
After=network.target
[Service]
Type=forking
ExecStart=/opt/thepower/bin/thepower start
ExecStop=/opt/thepower/bin/thepower stop
User=root
Group=root
Restart=on-failure
[Install]
WantedBy=multi-user.target -
Run the following command to rerun all generators , reload all unit files and recreate the entire dependency tree. While the daemon is being reloaded, all sockets
systemd
listens to on behalf of user configuration will stay accessible:systemctl daemon-reload
-
Run the following command to enable the service after reboot:
systemctl enable tpnode.service
-
Start the node using the following command:
systemctl start tpnode.service
-
-