Let’s Encrypt is a new free, automated, and open source, Certificate Authority.
Concert is a console based certificate generation tool for Let’s Encrypt. It is open source & one of the related project from Minio.
In this recipe, we will generate a Let's Encypt certificate using Concert. This certificate will then be deployed for use in the Minio server.
- Port 443 for https needs to be open and available at time of executing
concert. - Concert needs root access while executing because only root is allowed to bind to any port below 1024.
- We will be using our own domain
churchofminio.comas an example in this recipe. Replace with your own domain for your needs.
$ go get -u github.com/minio/concert$ sudo concert gen --dir my-certs [email protected] churchofminio.com
2016/04/04 07:10:01 Generated certificates for churchofminio.com under my-certs will expire in 89 days.List certs saved in my-certs directory.
$ ls -l my-certs/
total 12
-rw------- 1 root root 227 Apr 4 07:10 certs.json
-rw------- 1 root root 1679 Apr 4 07:10 private.key
-rw------- 1 root root 3448 Apr 4 07:10 public.crtThe generated keys via Concert needs to be placed inside users home directory at ${HOME}/.minio/certs
$ cp my-certs/private.key /home/supernova/.minio/certs/
$ cp my-certs/public.crt /home/supernova/.minio/certs/Let's Encrypt generates the certificate as root, but you can change the ownership to user/group that is supposed to run Minio server.
$ sudo chown supernova:supernova /home/supernova/.minio/certs/private.key
$ sudo chown supernova:supernova /home/supernova/.minio/certs/public.crtStart Minio Server as shown below.
$ ./minio server export/Step 7: Visit https://churchofminio.com:9000 in the browser.
