root@bpi-iot-jsho-minio-03:~# apt-get install certbot
root@bpi-iot-jsho-minio-03:~# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‚c‘ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‚c‘
to cancel): bpi-iot-jsho-minio-03.ddnss.eu
Requesting a certificate for bpi-iot-jsho-minio-03.ddnss.eu
Performing the following challenges:
http-01 challenge for bpi-iot-jsho-minio-03.ddnss.eu
Waiting for verification…
Cleaning up challenges
Subscribe to the EFF mailing list (email: josef.schuster@dpsolution.de).
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/privkey.pem
Your certificate will expire on 2022-03-27. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run „certbot renew“
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@bpi-iot-jsho-minio-03:~#
root@bpi-iot-jsho-minio-03:/# find . -name fullchain.pem -print
./etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem
root@bpi-iot-jsho-minio-03:/#
root@bpi-iot-jsho-minio-03:~# cp /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem $HOME/.minio/certs/public.crt
root@bpi-iot-jsho-minio-03:~# cp /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/privkey.pem $HOME/.minio/certs/private.key
If your TLS certificates do not have the IP SAN for the MinIO server host the MinIO Console may fail to validate the connection to the server use the MINIO_SERVER_URL environment variable and specify the proxy-accessible hostname of the MinIO server to allow the Console to use the MinIO server API using the TLS certificate