To make the most of all TrueConf Server or TrueConf MCU, you need a TLS certificate. For example, the certificate makes it possible to:
- Synchronize TrueConf Server with LDAP
- Join the webinars hosted on TrueConf Server from a browser
- Join the conferences held on TrueConf MCU from a browser.
Previously we explained how to generate a free Let’s Encrypt certificate on Windows. This article will show how to generate this certificate on Linux-based operating systems that are supported by TrueConf Server and TrueConf MCU.
Table of Contents
Getting started
In order to generate and use a Let’s Encrypt certificate, please follow the instructions below:
- Install the required solution (TrueConf Server or TrueConf MCU).
- Register a domain name with a public (white) IP address.
- Open the 80 port on the TrueConf Server instance where you will get the certificate.
In this article we take the Debian 10 operating system as an example. Please note that we used a previously registered domain name in the TrueConf Server control panel when activating the registration key.
Certificate generation
To get a free certificate from Let’s Encrypt, you need to use Certbot. As a rule, this tool is available from official Linux repositories; however, one can also download it as an installation package (check the official website).
In order to run the following commands you should have sudo app, while the user’s name has to belong to the respective group. If you’d like to check whether you have sudo installed, please execute sudo -V
command. If you don’t have sudo by default, you can install it by using apt install sudo
command (it should be run under the root account). To add another user with user login to the sudo group, please run usermod -a -G sudo user
command under the root account.
- Install Certbot by running the command:
1sudo apt install -yq certbot - Before executing this command make sure to stop the web server service or any other service,which uses the port 80. Otherwise, the command will not be executed since Certbot is using its own web server to access the Let’s Encrypt registration address.
To stop these services, run one of these commands:- TrueConf Server:
1sudo systemctl stop trueconf-web - TrueConf MCU:
1sudo systemctl stop tcmcu-web
- TrueConf Server:
- Generate the Let’s Encrypt certificate without itsinstallation by executing the command:
1sudo certbot certonly --standalone -d test.domain.ru
The command’s description:
–certonly — gets or renews the certificate but does not install it.
–standalone — runs its own web server to pass the authentication when getting the certificate.
-d — indicates a domain or a list of domains separated by commas for which you need to get the certificates.
test.domain.ru — your server’s registered domain name. - Next, answer the following registration questions:
- Indicate the email address which will be used to send the certificate renewal notifications and other information.
- Confirm that you have read the Terms of Use (type
Y
). - Deny or accept receiving email newsletter to be sent on the specified email address (enter
Y
orN
).
- If the certificate has been generated successfully you will see the certificate creation message. Certificate’s files (cert.pem and privkey.pem) are saved in the catalogue
/etc/letsencrypt/live/test.domain.ru/
.
Certificate installation
TrueConf Server
- Stop the trueconf-web service if it is now running:
1sudo systemctl stop trueconf-web - Copy and rename:
- the certificate file with its extension changed from pem to crt:
1sudo cp /etc/letsencrypt/live/test.domain.ru/cert.pem /opt/trueconf/server/etc/webmanager/ssl/custom.crt - the key file with its extension changed from pem to key:
1sudo cp /etc/letsencrypt/live/test.domain.ru/privkey.pem /opt/trueconf/server/etc/webmanager/ssl/custom.key
- the certificate file with its extension changed from pem to crt:
- Assign TrueConf Server service as the owner of all the files with the custom.* name in the catalog
/opt/trueconf/server/etc/webmanager/ssl/
. To do it, execute this command:
1sudo chown trueconf:trueconf /opt/trueconf/server/etc/webmanager/ssl/custom.* - Run the web server service:
1sudo systemctl start trueconf-web - Choose the Use custom certificate option from the HTTPS mode: drop-down list (Web → HTTPS → HTTPS configuration) in the TrueConf Server control panel. Change HTTPS port (if required) and click Test Configuration. At the top of the window you will see The configuration has been successfully tested.
- Click Apply. The server will restart automatically.
TrueConf MCU
- Stop the tcmcu-web service if it is now running.
1sudo systemctl stop tcmcu-web - Copy and rename:
- the certificate file
1sudo cp /etc/letsencrypt/live/test.domain.ru/cert.pem /opt/trueconf/mcu/etc/ssl/web/web.pem - the key file with its extension changed from pem to key:
1sudo cp /etc/letsencrypt/live/test.domain.ru/privkey.pem /opt/trueconf/mcu/etc/ssl/web/web.key
- the certificate file
- Start the tcmcu-web service.
Renewing your certificate
In order to renew and transfer the certificate files to the server directory, please run commands in the following order:
- Stop the web server service:
- TrueConf Server:
1sudo systemctl stop truconf-web - TrueConf MCU:
1sudo systemctl stop tcmcu-web
- TrueConf Server:
- Renew the certificate:
1sudo certbot certonly –d test.domain.ru - Choose Spin up a temporary webserver (standalone) (enter
1
). - Choose Renew & replace the cert (limit ~5 per 7 days) (enter
2
). - Install the certificate.
- Run the web server service:
- TrueConf Server:
1sudo systemctl start truconf-web - TrueConf MCU:
1sudo systemctl start tcmcu-web
- TrueConf Server: