Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

IMPORTANT: Please notify the team about your question by filling in the form on the contact page. Otherwise, we may miss your question!

0 votes
I know there is a free certificate provided by LetsEncrypt. Is it possible to setup HTTPS using this service?
by (8k points)

1 Answer

0 votes

Here's the flow for getting the certificate (we recommend to run it before setting up Headwind MDM!):

1. Make sure your domain name is resolved to the server where you install Headwind MDM.

2. Run the commands:

# apt install certbot

# certbot certonly --standalone -d your-domain.com

On success, your certificate and private key will be stored in /etc/letsencrypt/live/your-domain.com/.

After that, you can follow this manual to setup the certificate for the Tomcat server.

There are important notices which should be taken into account when using LetsEncrypt and Certbot. 

1. LetsEncrypt requires the certificate renewal each 3 months, so it is up to you to setup a script for the certificate renewal or renew it manually.

2. This software uses HTTP port 80 to confirm the domain ownership. Therefore, during the renewal process (not very long though, usually it takes less than a minute), port 80 will be unavailable.

If you have previously redirected port 80 to 8080 to be able to run Headwind MDM at port 80, you will need to remove the iptables rule before running the renewal script and add it back after running that script.

by (8k points)
...