Go back

How to create a “Let’s Encrypt” certificate on Linux

June 1, 2023
Anthony Baadzhy

Anthony Baadzhy

To make the most of all TrueConf Server or TrueConf MCU, you need a TLS certificate. For example, the certificate makes it possible to:

Previously we explained how to generate a free Let’s Encrypt certificate on Windows. This article will show how to generate this certificate on Linux-based operating systems that are supported by TrueConf Server and TrueConf MCU.

Getting started

In order to generate and use a Let’s Encrypt certificate, please follow the instructions below:

  1. Install the required solution (TrueConf Server or TrueConf MCU).
  2. Register a domain name with a public (white) IP address.
  3. Open the 80 port on the TrueConf Server instance where you will get the certificate.

In this article we take the Debian 10 operating system as an example. Please note that we used a previously registered domain name in the TrueConf Server control panel when activating the registration key.

Certificate generation

To get a free certificate from Let’s Encrypt, you need to use Certbot. As a rule, this tool is available from official Linux repositories; however, one can also download it as an installation package (check the official website).

In order to run the following commands you should have sudo app, while the user’s name has to belong to the respective group. If you’d like to check whether you have sudo installed, please execute sudo -V command. If you don’t have sudo by default, you can install it by using apt install sudo command (it should be run under the root account). To add another user with user login to the sudo group, please run usermod -a -G sudo user command under the root account.

  1. Install Certbot by running the command:
  2. Before executing this command make sure to stop the web server service or any other service,which uses the port 80. Otherwise, the command will not be executed since Certbot is using its own web server to access the Let’s Encrypt registration address.
    To stop these services, run one of these commands:

    • TrueConf Server:
    • TrueConf MCU:
  3. Generate the Let’s Encrypt certificate without itsinstallation by executing the command:

    The command’s description:
    –certonly — gets or renews the certificate but does not install it.
    –standalone — runs its own web server to pass the authentication when getting the certificate.
    -d — indicates a domain or a list of domains separated by commas for which you need to get the certificates.
    test.domain.ru — your server’s registered domain name.
  4. Next, answer the following registration questions:
    • Indicate the email address which will be used to send the certificate renewal notifications and other information.
    • Confirm that you have read the Terms of Use (type Y).
    • Deny or accept receiving email newsletter to be sent on the specified email address (enter Y or N).
  5. If the certificate has been generated successfully you will see the certificate creation message. Certificate’s files (cert.pem and privkey.pem) are saved in the catalogue /etc/letsencrypt/live/test.domain.ru/.

Certificate installation

TrueConf Server

  1. Stop the trueconf-web service if it is now running:
  2. Copy and rename:
    • the certificate file with its extension changed from pem to crt:
    • the key file with its extension changed from pem to key:
  3. Assign TrueConf Server service as the owner of all the files with the custom.* name in the catalog /opt/trueconf/server/etc/webmanager/ssl/. To do it, execute this command:
  4. Run the web server service:
  5. Choose the Use custom certificate option from the HTTPS mode: drop-down list (Web → HTTPS → HTTPS configuration) in the TrueConf Server control panel. Change HTTPS port (if required) and click Test Configuration. At the top of the window you will see The configuration has been successfully tested.
  6. Click Apply. The server will restart automatically.

TrueConf MCU

  1. Stop the tcmcu-web service if it is now running.
  2. Copy and rename:
    • the certificate file
    • the key file with its extension changed from pem to key:
  3. Start the tcmcu-web service.

Renewing your certificate

In order to renew and transfer the certificate files to the server directory, please run commands in the following order:

  1. Stop the web server service:
    • TrueConf Server:
    • TrueConf MCU:
  2. Renew the certificate:
  3. Choose Spin up a temporary webserver (standalone) (enter 1).
  4. Choose Renew & replace the cert (limit ~5 per 7 days) (enter 2).
  5. Install the certificate.
  6. Run the web server service:
    • TrueConf Server:
    • TrueConf MCU:

Still have questions? Please contact our support team directly via online chat.

Sign up for newsletter