Skip to content

Instantly share code, notes, and snippets.

@RienNeVaPlus

RienNeVaPlus/letsencrypt-certbot-arangodb.md

Last active February 28, 2024 12:31
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save RienNeVaPlus/b351f49adef9ebf5928f09299dbe26f1 to your computer and use it in GitHub Desktop.
Save RienNeVaPlus/b351f49adef9ebf5928f09299dbe26f1 to your computer and use it in GitHub Desktop.
Download ZIP
Using Let's Encrypt's Certbot SSL-Certificates with ArangoDB
Raw
letsencrypt-certbot-arangodb.md

Using Let's Encrypt's Certbot Certificates with ArangoDB

Let's Encrypt generates SSL certificates for free.
Follow these steps to create and use an SSL certificate with ArangoDB.

1. Install the Certbot from LetsEncrypt (Certbot instructions)

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install certbot

2. Generate the certificate

Run certbot and answer the prompted questions.

sudo certbot certonly

3. Create the certificate/key bundle required by ArangoDB

ArangoDB requires a single file containing the certificate chain as well as the private key.

cd /etc/letsencrypt/live/example.com  # replace example.com with your domain
cat fullchain.pem privkey.pem > server.pem

4. Grant access to user arangodb

Make sure the ArangoDB user (usually arangodb) can read the server.pem and fullchain.pem files.

chown -R arangodb:arangodb ./etc/letsencrypt/*  # depending on your system

5. Configure ArangoDB to use the certificate

vi /etc/arangodb3/arangod.conf

A. Add the endpoint to the [server] block

[server]
endpoint = ssl://example.com:8529

B. Create the [ssl] block before any other block

[ssl]
cafile = /etc/letsencrypt/live/example.com/fullchain.pem
keyfile = /etc/letsencrypt/live/example.com/server.pem

C. Save & close

6. Restart the server

service arangodb3 restart
service arangodb3 status  # make sure it's running

Related / sources:

@RienNeVaPlus
Copy link
Author

Paste the following into /etc/letsencrypt/hooks.sh to avoid comming back here every few months:

cat /etc/letsencrypt/live/www.example.org/fullchain.pem /etc/letsencrypt/live/www.example.org/privkey.pem > /etc/letsencrypt/live/www.example.org/server.pem
echo 'OK: www.example.org'

service arangodb3 restart
echo 'OK: arangodb3 restart'

Edit cronjobs:

vi /etc/crontab

Add job for renewal:

43 4 * * * root certbot renew

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment