Generate Let's Encrypt certificate using Certbot for Minio Slack

Let’s Encrypt is a new free, automated, and open source, Certificate Authority.

Certbot is a console based certificate generation tool for Let's Encrypt.

In this recipe, we will generate a Let's Encypt certificate using Certbot. This certificate will then be deployed for use in the Minio server.

1. Prerequisites

2. Dependencies

3. Recipe Steps

Step 1: Install Certbot

Install Certbot by following the documentation at https://certbot.eff.org/

Step 2: Generate Let's Encrypt cert

# certbot certonly --standalone --preferred-challenges tls-sni -d myminio.com --staple-ocsp -m test@yourdomain.io --agree-tos

Step 3: Verify Certificates

List your certs saved in /etc/letsencrypt/live/myminio.com directory.

$ ls -l /etc/letsencrypt/live/myminio.com
total 4
lrwxrwxrwx 1 root root  37 Aug  2 09:58 cert.pem -> ../../archive/myminio.com/cert4.pem
lrwxrwxrwx 1 root root  38 Aug  2 09:58 chain.pem -> ../../archive/myminio.com/chain4.pem
lrwxrwxrwx 1 root root  42 Aug  2 09:58 fullchain.pem -> ../../archive/myminio.com/fullchain4.pem
lrwxrwxrwx 1 root root  40 Aug  2 09:58 privkey.pem -> ../../archive/myminio.com/privkey4.pem
-rw-r--r-- 1 root root 543 May 10 22:07 README

Step 4: Set up SSL on Minio Server with the certificates.

The certificate and key generated via Certbot needs to be placed inside user's home directory.

$ cp /etc/letsencrypt/live/myminio.com/fullchain.pem /home/user/.minio/certs/public.crt
$ cp /etc/letsencrypt/live/myminio.com/privkey.pem /home/user/.minio/certs/private.key

Step 5: Change ownership of certificates.

$ sudo chown user:user /home/user/.minio/certs/private.key
$ sudo chown user:user /home/user/.minio/certs/public.crt

Step 6: Start Minio Server using HTTPS.

Start Minio Server on port "443".

$ sudo ./minio server --address ":443" /mnt/data

If you are using dockerized version of Minio then you would need to

$ sudo docker run -p 443:443 -v /home/user/.minio:/root/.minio/ -v /home/user/data:/data minio/minio server --address ":443" /data

Step 7: Visit https://myminio.com in the browser.

Letsencrypt