Skip to main content Link Menu Expand (external link) Document Search Copy Copied

SSL Certificate Management in UTMStack

This guide provides comprehensive steps on installing, generating, and renewing SSL certificates for UTMStack.

Manual SSL Certificate Installation

Before beginning, ensure you’ve downloaded your certificate files. After downloading:

  1. You should have:
    • A certificate file with the extension .crt or .pem
    • A private key with the extension .key or .pem
  2. Rename the files:
    • Certificate: utm.crt
    • Private Key: utm.key
  3. Transfer both files to your server:
   mv utm.crt /UTMStack/cert/
   mv utm.key /UTMStack/cert/
  1. Restart Docker for the changes to take effect:
systemctl restart docker
  1. Allow approximately 10 minutes for the stack to restart.

Once these steps are completed, your SSL certificate will be installed and configured for UTMStack. For any issues or questions during the installation, please contact our support team.

Generate SSL with Certbot in UTMStack without DNS Change

  1. Allow Necessary Ports Open ports for Certbot and Nginx:
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 1194/tcp
ufw reload
  1. Install Certbot Install the necessary tools and dependencies:
    sudo apt install certbot python3-certbot-nginx
    
  2. Manage Services Stop Nginx and frontend services:
systemctl stop nginx
docker stop frontend
docker ps | grep frontend

Then, start Nginx:

systemctl start nginx
  1. Generate SSL Certificate Replace “siem.domain.com” with your domain:
sudo certbot --nginx -d siem.domain.com
  1. Update SSL Certificate in UTMStack
systemctl stop nginx
systemctl disable nginx
cp /etc/letsencrypt/live/*/fullchain.pem /UTMStack/cert/utm.crt
cp /etc/letsencrypt/live/*/privkey.pem /UTMStack/cert/utm.key
systemctl stop docker
systemctl start docker

Renew the Certificate Generated by Certbot in UTMStack

  1. Manage Frontend Service
docker stop frontend
  1. Start Nginx
systemctl start nginx
  1. Renew SSL Certificate
certbot renew
  1. Update SSL Certificate in UTMStack

Replace “siem.domain.com” with your specific domain:

systemctl stop nginx
systemctl disable nginx
cp /etc/letsencrypt/live/siem.domain.com/fullchain.pem /UTMStack/cert/utm.crt
cp /etc/letsencrypt/live/siem.domain.com/privkey.pem /UTMStack/cert/utm.key
systemctl stop docker
systemctl start docker