To minimize the impact of erroneously issued certificates, the Let's Encrypt license expires every three months - you can use another SSL certificate
Remember that the certificate file should contain the full certificate chain and be in a PEM format - more on how to create this type of file
After executing above docker command you’ll need to provide answers to the following:
How would you like to authenticate with the ACME CA?
Select: Spin up a temporary webserver (standalone)
If you are doing this for the first time then you will need to provide your contact email and accept the terms and conditions.
Please enter the domain name(s) you would like on your certificate (comma and/or space separated)
You must specify the fully qualified server name (DNS), for example: revdebug.company.com
After the certificate generation was successful you should see a message similar to the one below:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/[host_name]/fullchain.pem
Key is saved at: /etc/letsencrypt/live/[host_name]/privkey.pem
This certificate expires on [date].
These files will be updated when the certificate renews.
After generating the certificate, work with the files:
Change directory
cd /var/rdb/etc/letsencrypt/live/[your_dns_adress]
Copy the fullchain.pem and privkey.pem key to a pre-selected location of your choice (default path is /var/revdebug/cert)
Commands to copy the files:
Files must have the same name with the correct extension
Table with description of the most important environment variables in .env for adding SSL certificates
Name
Explanation
REVDEBUG_CERTIFICATE_PATH
Location of ssl certificates files
e.g.: /var/revdebug/cert
REVDEBUG_CERTIFICATE_NAME
Name of the .crt and .key files in the certificate directory
e.g.: yourCert
To change the default path where the certificates are located, you must also change the REVDEBUG_CERTIFICATE_PATH setting in the .env file.
Remember to set the correct value of the REVDEBUG_SERVER_NAME variable in the .env file.
After enabling the options in the .env file, start RevDeBug Server and access its HTTPS address to verify the changes work.
The private key cannot be password protected.
Certificates from a certification center, if used internally, must reside in /var/revdebug/ca/ as separate .crt files for each root and intermediate certification center that signed the RevDeBug server certificate.
If you are using Kubernetes Monitoring in RevDeBug then you need to switch the insecure=true parameter in the OTEL configuration file to insecure=false.
Enabling the use of SSL on the applications side:
C#
Compiler
Set <RevDeBugForceTLS>true</RevDeBugForceTLS> in Directory.Build.props for example: