-
Notifications
You must be signed in to change notification settings - Fork 277
LetsEncrypt
- ⌛ 2.1 | ⛔ 2.0 | ⛔ 1.9 | ...
Add LetsEncrypt certificate support to QZ Tray.
- QZ Tray 2.1 with
certgen
command line option (See #504) - Unix machine with
certbot
installed - Internet-accessible machine
- For a basic (e.g. home/small business) router, this is usually involves:
- Static IP for the machine running QZ Tray
- Port forwarding enabled for ports
80
,8181
and optionally8182
- For a basic (e.g. home/small business) router, this is usually involves:
- A fully qualified DNS name pointing to this machine
- For testing purposes, you may use a free DNS service such as https://www.duckdns.org/.
QZ Tray is capable of renewing a LetsEncrypt certificate but it must be in a writable location. First step is to generate the initial certificate.
⚠️ Mac Users: The below commands were written for Linux, however this tutorial will work on MacOS if/srv/qz/ssl
is replaced with/Library/Application\ Support/qz
and replace/opt/qz-tray/qz-tray
with/Applications/QZ\ Tray/Contents/MacOS/QZ\ Tray
.
⚠️ White-Label Users: If using a white-labeled version of QZ Tray, make sure to replace all instance ofqz
,qz-tray
, orQZ Tray
with yourbranded
value.
-
Ask certbot to write files to the QZ shared directory:
certbot certonly --standalone --config-dir /srv/qz/ssl/letsencrypt/config --logs-dir /srv/qz/ssl/letsencrypt/logs --work-dir /srv/qz/ssl/letsencrypt/
This will install your certificate into
/srv/qz/ssl/letsencrypt/live/<hostname>
. -
Using the
certgen
command, tell QZ Tray to reconfigure using these files, updating<hostname>
with your domain name.sudo /opt/qz-tray/qz-tray certgen --key /srv/qz/ssl/letsencrypt/live/<hostname>/privkey.pem --cert /srv/qz/ssl/letsencrypt/live/<hostname>/fullchain.pem
-
Start QZ Tray
By default QZ Tray will attempt to connect to localhost
. To force QZ Tray to connect to the Print-Server add the { host: '<hostname>' }
parameter:
qz.websocket.connect({ host: '<hostname>' });
Five days before the LetsEncrypt certificate expires, QZ Tray will call certbot
using the above path and automatically attempt to renew the certificate.
- Delete the certificate
certbot delete --cert-name <hostname> --config-dir /srv/qz/ssl/letsencrypt/config --logs-dir /srv/qz/ssl/letsencrypt/logs --work-dir /srv/qz/ssl/letsencrypt/
- Delete the
letsencrypt
folderrm -rf /srv/qz/ssl/letsencrypt
- Reset QZ Tray to use a self-signed certificate.
sudo /opt/qz-tray/qz-tray certgen
- Start QZ Tray