{"id":6790,"date":"2025-02-28T09:59:59","date_gmt":"2025-02-28T09:59:59","guid":{"rendered":"https:\/\/blog.ssdnodes.com\/blog\/?p=6790"},"modified":"2025-02-28T16:18:04","modified_gmt":"2025-02-28T16:18:04","slug":"ssdnodes-1click-apps-primer-document","status":"publish","type":"post","link":"https:\/\/www.ssdnodes.com\/blog\/ssdnodes-1click-apps-primer-document\/","title":{"rendered":"SSD Nodes: 1-Click Applications\u2019 Primer Document"},"content":{"rendered":"<p>If you\u2019re reading this article, there\u2019s a big chance you\u2019ve chosen one of our\u00a0<a href=\"https:\/\/www.ssdnodes.com\/blog\/ssd-nodes-1-click-apps\/\">1 Click Applications<\/a> (aka 1-CAs), with an awesome application ready to be used as soon as your server is up and running. This article is your guide to understand how to use your 1-Click app, set up a domain name, and secure it.<\/p>\n<h2>Table of Contents<\/h2>\n<ul>\n<li><a href=\"#1\">Step 1: Understanding 1-Click Applications<\/a><\/li>\n<li><a href=\"#2\">Step 2: Understanding Built-in Self-signed Certificates<\/a><\/li>\n<li><a href=\"#3\">Step 3: Adding a Domain Name to Your Server<\/a><\/li>\n<li><a href=\"#4\">Step 4: Upgrading Your Self-signed Certificate to a Valid Let's Encrypt Certificate<\/a><\/li>\n<li><a href=\"#5\">Step 5 (Grafana-specific): Setting up Let's Encrypt for Grafana<\/a><\/li>\n<\/ul>\n<h2><a style=\"font-size: 16px; background-image: url('img\/anchor.gif');\" name=\"1\"><\/a><b>Step 1<\/b>: Understanding 1-Click Applications<\/h2>\n<h3>What Are 1-Click Applications?<\/h3>\n<p>SSD Nodes' 1-Click Applications (1-CAs) are pre-configured software packages that come ready to use on your server. Each application comes with:<\/p>\n<ul>\n<li>Latest stable version<\/li>\n<li>Pre-configured security settings<\/li>\n<li>Built-in self-signed SSL certificate<\/li>\n<li>Optimized server configurations<\/li>\n<li>An active\u00a0<a href=\"https:\/\/www.ssdnodes.com\/blog\/create-a-self-signed-certificate-on-ubuntu-for-apache-and-nginx\/\">HTTPS self-signed certificate<\/a>.<\/li>\n<\/ul>\n<h3>Available Applications<\/h3>\n<ul>\n<li>WordPress<\/li>\n<li>Zabbix<\/li>\n<li>phpMyAdmin<\/li>\n<li>Webmin<\/li>\n<li>Nextcloud<\/li>\n<li>LAMP Stack<\/li>\n<li>LEMP Stack<\/li>\n<li>Grafana<\/li>\n<li>And more...<\/li>\n<\/ul>\n<h2><a style=\"font-size: 16px; background-image: url('img\/anchor.gif');\" name=\"2\"><\/a><b>Step 2<\/b>: Understanding Built-in Self-signed Certificates<\/h2>\n<p>All our 1-Click applications come with a FREE built-in self-signed TLS\/SSL certificate.<\/p>\n<p>Now, you might be thinking: Wait.. A self-signed what? Don't worry, I'll explain everything, I promise.<\/p>\n<p>A self-signed certificate is a security certificate that's generated and signed by your server rather than a trusted certificate authority. While it provides the same encryption as commercial certificates, browsers don't automatically trust it. Here is how these certificates work:<\/p>\n<p><!-- notionvc: 8ba1c3e3-64ee-453c-9a53-8cc338d80507 --><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6576 aligncenter\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/05\/ca-technicalities.png\" alt=\"technicalities\" width=\"785\" height=\"501\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/05\/ca-technicalities.png 1280w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/05\/ca-technicalities-300x191.png 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/05\/ca-technicalities-1024x654.png 1024w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/05\/ca-technicalities-768x490.png 768w\" sizes=\"auto, (max-width: 785px) 100vw, 785px\" \/><\/p>\n<p>When you first access your site, add <code>https:\/\/<\/code> before your server's IP address or domain, like this:<\/p>\n<pre><code>https:\/\/your-server-ip<\/code><\/pre>\n<p>You\u2019ll likely encounter a security warning in your browser, which is expected when using self-signed certificates. In browsers like Google Chrome and Firefox, click \"<strong>Advanced<\/strong>\" or \"<strong>More information<\/strong>,\" then select \"<strong>Proceed to [your-site]<\/strong>.\" This allows your site to load securely.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11245\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/not-secure.webp\" alt=\"Self-signed certificates\" width=\"672\" height=\"593\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/not-secure.webp 672w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/not-secure-300x265.webp 300w\" sizes=\"auto, (max-width: 672px) 100vw, 672px\" \/><\/p>\n<h4>What the Warning Means<\/h4>\n<p>Don't worry, this security warning isn't a big deal. It indicates that your connection is encrypted, and the certificate is valid, but it\u2019s not issued by an authority that browsers trust. This is actually safe for development and testing purposes, but not good for production applications. After accepting the certificate, you may notice a <strong>\"Not secure\"<\/strong> icon in the browser\u2019s address bar, even though the connection remains encrypted.<\/p>\n<h4><strong>Recommended Next Steps<\/strong><\/h4>\n<p>For development and testing, continue using the self-signed certificate and ensure team members document the security warning in your development guides.<\/p>\n<p>For production sites, it is important to upgrade to a trusted SSL certificate, such as Let's Encrypt certificate, which we\u2019ll cover in this article.<\/p>\n<p>For more:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.ssdnodes.com\/blog\/ssl-server-certificates\/\">What are SSL Server Certificates<\/a><\/li>\n<li><a href=\"https:\/\/www.ssdnodes.com\/blog\/install-lets-encrypt-on-ubuntu-certbot-apache-and-nginx\/\">Secure Your Site Using HTTPS<\/a><\/li>\n<\/ul>\n<p><!-- notionvc: 57db2be7-2220-4cac-9ba0-3001b54ffd61 --><\/p>\n<h2><a style=\"font-size: 16px; background-image: url('img\/anchor.gif');\" name=\"3\"><\/a><b>Step 3: Adding a Domain Name to Your Server<\/b><\/h2>\n<h3>Before You Begin<\/h3>\n<ul>\n<li class=\"whitespace-normal break-words\">Purchase a domain name from a registrar (<a href=\"https:\/\/ssdnodes.com\/\" target=\"_blank\" rel=\"noopener\">SSD Nodes<\/a>, GoDaddy, Namecheap, etc.)<\/li>\n<li class=\"whitespace-normal break-words\"><a href=\"https:\/\/www.namecheap.com\/support\/knowledgebase\/article.aspx\/319\/2237\/how-can-i-set-up-an-a-address-record-for-my-domain\/\" target=\"_blank\" rel=\"noopener\">Add an A record pointing to your server IP<\/a><\/li>\n<li class=\"whitespace-normal break-words\"><a href=\"https:\/\/www.ssdnodes.com\/blog\/connecting-vps-ssh-security\/\">Access your SSD Nodes server via SSH<\/a><\/li>\n<\/ul>\n<h3>1-Click App Servers<\/h3>\n<p><span style=\"font-weight: 400;\">Our 1-click apps use either <strong>Apache<\/strong> or <strong>Nginx <\/strong>to serve web requests:<\/span><\/p>\n<table>\n<thead>\n<tr>\n<th><strong>Application<\/strong><\/th>\n<th><strong>Server<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>WordPress<\/td>\n<td>Nginx<\/td>\n<\/tr>\n<tr>\n<td>Zabbix<\/td>\n<td>Apache<\/td>\n<\/tr>\n<tr>\n<td>phpMyAdmin<\/td>\n<td>Nginx<\/td>\n<\/tr>\n<tr>\n<td>Webmin<\/td>\n<td>Built-in Webmin server (default port 10000)<\/td>\n<\/tr>\n<tr>\n<td>Nextcloud<\/td>\n<td>Nginx<\/td>\n<\/tr>\n<tr>\n<td>LAMP Stack<\/td>\n<td>Apache<\/td>\n<\/tr>\n<tr>\n<td>LEMP Stack<\/td>\n<td>Nginx<\/td>\n<\/tr>\n<tr>\n<td>Grafana<\/td>\n<td>Built-in server (default port 3000)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\"> The following sections will walk you through setting up your domain name and HTTPS with Let's Encrypt for each server.<\/span><\/p>\n<p><!-- notionvc: 3b086176-1e73-4764-be55-c96f2130381d --><\/p>\n<h3>Adding a Domain Name for Your Apache-based App<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6740 aligncenter\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1024x390.png\" alt=\"certificate\" width=\"443\" height=\"169\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1024x390.png 1024w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-300x114.png 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-768x293.png 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1536x586.png 1536w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-2048x781.png 2048w\" sizes=\"auto, (max-width: 443px) 100vw, 443px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Edit Apache\u2019s default configuration file:<br \/>\n<\/span><\/p>\n<pre>sudo nano \/etc\/apache2\/sites-enabled\/000-default.conf<\/pre>\n<p><span style=\"font-weight: 400;\">For the moment, you will see that the \u201c<\/span><i><span style=\"font-weight: 400;\">servername<\/span><\/i><span style=\"font-weight: 400;\">\u201d attribute is the IP address automatically assigned to you. As an example:<\/span><\/p>\n<pre>&lt;VirtualHost *:80&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Define servername <mark>192.0.0.1<\/mark>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ServerName ${SERVERNAME}\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0RewriteEngine on\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0RewriteRule ^\/.*$ https:\/\/\\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost *:443&gt;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLEngine On\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLCertificateFile \/etc\/ssl\/certs\/apache-selfsigned.pem\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLCertificateKeyFile \/etc\/ssl\/private\/apache-selfsigned.key\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ServerName ${SERVERNAME}\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0DocumentRoot \/var\/www\/&lt;appname&gt;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p><strong>Note<\/strong>: S<span style=\"font-weight: 400;\">ome parts of the configuration are different for each 1-click app, especially the name, which is referenced in this example configuration as <code class=\"language-bash\">&lt;appname&gt;<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">Replace the existing IP with your domain name <\/span><span style=\"font-weight: 400;\">by replacing the <\/span><span style=\"font-weight: 400; color: yellow; background-color: black;\">yellow <\/span><span style=\"font-weight: 400;\">highlighted part below:<\/span><\/p>\n<pre>&lt;VirtualHost *:80&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Define servername <mark>www.example.com<\/mark>\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ServerName ${SERVERNAME}\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0RewriteEngine on\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0RewriteRule ^\/.*$ https:\/\/\\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost *:443&gt;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLEngine On\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLCertificateFile \/etc\/ssl\/certs\/apache-selfsigned.pem\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SSLCertificateKeyFile \/etc\/ssl\/private\/apache-selfsigned.key\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ServerName ${SERVERNAME}\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0DocumentRoot \/var\/www\/&lt;appname&gt;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p><span style=\"font-weight: 400;\">Enable the <\/span><i><span style=\"font-weight: 400;\">SSL <\/span><\/i><span style=\"font-weight: 400;\">and <\/span><i><span style=\"font-weight: 400;\">RewriteEngine <\/span><\/i><span style=\"font-weight: 400;\">modules <\/span><span style=\"font-weight: 400;\">on Apache:<\/span><\/p>\n<pre>sudo a2enmod ssl rewrite<\/pre>\n<p><span style=\"font-weight: 400;\">Test for configuration errors:<\/span><\/p>\n<pre>sudo apache2ctl configtest\r\n<\/pre>\n<p><span style=\"font-weight: 400;\">The below output means you can safely reload Apache, otherwise, you will get a specific description pointing out the error you have to fix.<br \/>\n<\/span><\/p>\n<pre>Syntax OK<\/pre>\n<p><span style=\"font-weight: 400;\">Restart Apache:<\/span><\/p>\n<pre>sudo systemctl restart apache2<\/pre>\n<h3>Adding a Domain Name for Your Nginx-based App<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6751\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12.png\" alt=\"certificate\" width=\"443\" height=\"111\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12.png 660w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12-300x75.png 300w\" sizes=\"auto, (max-width: 443px) 100vw, 443px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Edit Nginx\u2019s default configuration file:<\/span><\/p>\n<pre>sudo nano \/etc\/nginx\/sites-enabled\/default<\/pre>\n<p><span style=\"font-weight: 400;\">For the moment, you will see that the \u201c<\/span><i><span style=\"font-weight: 400;\">server_name<\/span><\/i><span style=\"font-weight: 400;\">\u201d attribute is your server's IP. Some parts of the configuration are different for each 1-click app, especially the name, which is referenced in this example configuration as <code class=\"language-bash\">&lt;appname&gt;<\/code>:<\/span><\/p>\n<pre>server { \u00a0\u00a0\u00a0\r\n    listen 80;\r\n \u00a0\u00a0 listen [::]:80;\r\n \u00a0\u00a0\u00a0server_name <mark>192.0.0.1<\/mark>;\r\n \u00a0\u00a0\u00a0access_log off;\r\n \u00a0\u00a0\u00a0location \/ {\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0rewrite ^ https:\/\/$host$request_uri? permanent;\r\n \u00a0\u00a0\u00a0}\r\n}\r\n\r\nserver {\r\n \u00a0\u00a0\u00a0listen 443 ssl;\r\n \u00a0\u00a0\u00a0listen [::]:443 ssl;\r\n \u00a0\u00a0\u00a0server_name <mark>192.0.0.1<\/mark>;\r\n \u00a0\u00a0\u00a0root \/var\/www\/&lt;appname&gt;;\r\n \u00a0\u00a0\u00a0index index.php index.html index.htm index.nginx-debian.html;\r\n \u00a0\u00a0\u00a0autoindex off;\r\n \u00a0\u00a0\u00a0ssl_certificate \/etc\/ssl\/certs\/&lt;appname&gt;.pem;\r\n \u00a0\u00a0\u00a0ssl_certificate_key \/etc\/ssl\/private\/&lt;appname&gt;.key;\r\n \u00a0\u00a0\u00a0ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n \u00a0\u00a0\u00a0ssl_ciphers HIGH:!aNULL:!MD5;\r\n\r\n \u00a0\u00a0\u00a0location ~ \\.php$ {\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0include snippets\/fastcgi-php.conf;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0fastcgi_pass unix:\/var\/run\/php\/php-fpm.sock;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0include fastcgi_params;\r\n \u00a0\u00a0\u00a0}\r\n}<\/pre>\n<p><span style=\"font-weight: 400;\">Replace the existing IP with your domain name:<\/span><\/p>\n<pre><code class=\"language-bash\">server {\r\n    listen 80;\r\n    listen [::]:80;\r\n    server_name <mark>www.example.com<\/mark>;\r\n    access_log off;\r\n    location \/ {\r\n        rewrite ^ https:\/\/$host$request_uri? permanent;\r\n    }\r\n}\r\n\r\nserver {\r\n    listen 443 ssl;\r\n    listen [::]:443 ssl;\r\n    server_name <mark>www.example.com<\/mark>\r\n    root \/var\/www\/&lt;appname&gt;\/;\r\n    index index.php index.html index.htm index.nginx-debian.html;\r\n    autoindex off;\r\n    ssl_certificate \/etc\/ssl\/certs\/&lt;appname&gt;.pem;\r\n    ssl_certificate_key \/etc\/ssl\/private\/&lt;appname&gt;.key;\r\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n    ssl_ciphers HIGH:!aNULL:!MD5;\r\n\r\n    location ~ \\.php$ {\r\n         include snippets\/fastcgi-php.conf;\r\n         fastcgi_pass unix:\/var\/run\/php\/php-fpm.sock;\r\n         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\r\n         include fastcgi_params;\r\n    }\r\n}<\/code><\/pre>\n<p><!-- notionvc: 0f9d6a3a-53e7-48fc-9ae1-3b94cad1485e --><\/p>\n<p><span style=\"font-weight: 400;\">Restart Nginx:<\/span><\/p>\n<pre>sudo systemctl restart nginx<\/pre>\n<h3>Setting up a Domain Name for NextCloud with Nginx<\/h3>\n<p>For NextCloud, you also need to add your domain name to your NextCloud\u2019s trusted domain list. This is in addition to configuring it in your Nginx configuration file.<\/p>\n<p>First open the NextCloud configuration file:<\/p>\n<pre><code class=\"language-html\">nano \/var\/www\/nextcloud\/config\/config.php\r\n<\/code><\/pre>\n<p>Then modify the <code>trusted_domains<\/code> array to include your new domain name:<\/p>\n<pre><code class=\"language-html\">  'trusted_domains' =&gt; \r\n  array (\r\n    0 =&gt; '<mark>your_ip_address<\/mark>',\r\n    1 =&gt; '<mark>yourdomain.com<\/mark>',\r\n  ),\r\n\r\n<\/code><\/pre>\n<p>Make sure you\u2019ve added your domain name to your Nginx configuration, then restart it:<\/p>\n<pre><code class=\"language-html\">sudo systemctl restart nginx\r\n<\/code><\/pre>\n<p><!-- notionvc: 8f602298-401d-4045-92f3-13506703c070 --><\/p>\n<h3>Access your Domain Name<\/h3>\n<p><span style=\"font-weight: 400;\">Open your browser, and type your website\u2019s domain name with the HTTPS prefix:<\/span><\/p>\n<p><code class=\"language-html\">https:\/\/www.example.com<\/code><\/p>\n<p>With your domain set up, you can now upgrade your self-signed certificate to a valid Let's Encrypt certificate. This is especially useful if your application is production-ready.<\/p>\n<h2><a style=\"font-size: 16px; background-image: url('img\/anchor.gif');\" name=\"4\"><\/a>Step 4: <b>Upgrading Your Self-signed Certificate to a Valid Let's Encrypt Certificate<\/b><\/h2>\n<p>Although you can use many other valid Certificate Authority issuers to generate your certificate,<a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener\"> Let's Encrypt<\/a> is by far the most convenient.<\/p>\n<p><span style=\"font-weight: 400;\">To get a Let's Encrypt certificate, you'll use the <a href=\"https:\/\/certbot.eff.org\/\" target=\"_blank\" rel=\"noopener\">Certbot<\/a> tool, which automates the process of obtaining and renewing Let's Encrypt SSL certificates. Follow the instructions below to do this.<\/span><\/p>\n<p><strong>Note:<\/strong> Webmin uses a built-in server, to add a Let's Encrypt certificate to it, follow <a href=\"https:\/\/www.ssdnodes.com\/blog\/install-webmin-on-ubuntu-24-04-and-use-it\/#step3\">Step 3: Securing Webmin with an SSL Certificate from Let\u2019s Encrypt<\/a> from our Webmin guide.<\/p>\n<h3>Temporarily Stop Your Server<\/h3>\n<p>Because we'll use a web server from Certbot to obtain the certificate, we'll have to temporarily stop the server that serves our application (Apache or Nginx).<\/p>\n<p>For Apache:<\/p>\n<pre class=\"lang-bash s-code-block\"><code class=\"hljs language-bash\" data-highlighted=\"yes\">sudo systemctl stop apache2\r\n<\/code><\/pre>\n<p>For Nginx:<\/p>\n<div class=\"s-prose js-post-body\">\n<pre class=\"lang-bash s-code-block\"><code class=\"hljs language-bash\" data-highlighted=\"yes\">sudo systemctl stop nginx<\/code><\/pre>\n<\/div>\n<h3>Generate a Let's Encrypt Certificate with Certbot<\/h3>\n<p>First, install <code>certbot<\/code>:<\/p>\n<pre><code class=\"language-bash\">sudo apt install -y certbot\r\n<\/code><\/pre>\n<p>Then generate a certificate:<\/p>\n<pre><code class=\"language-bash\">sudo certbot certonly --standalone\r\n<\/code><\/pre>\n<p>The <code>--standalone<\/code> option tells Certbot to use its own web server to verify domain ownership.<\/p>\n<p>You will be asked to answer a few questions, input the following for each prompt:<\/p>\n<pre><code>1. (Your email)\r\n2. (Y)\r\n3. (N)\r\n4. your_domain_name\r\n\r\n<\/code><\/pre>\n<p>These prompts are for:<\/p>\n<ol>\n<li>Your email address (for important notifications about your certificate)<\/li>\n<li>Agreeing to the Let's Encrypt terms of service<\/li>\n<li>Declining to share your email with the Electronic Frontier Foundation<\/li>\n<li>The domain name you want to secure with SSL<\/li>\n<\/ol>\n<p>Then you will receive your Let's Encrypt certificate file and a private key:<\/p>\n<pre><code>Successfully received certificate.\r\nCertificate is saved at: \/etc\/letsencrypt\/live\/your_domain.com\/fullchain.pem\r\nKey is saved at:         \/etc\/letsencrypt\/live\/your_domain.com\/privkey.pem\r\nThis certificate expires on 2025-03-20.\r\nThese files will be updated when the certificate renews.\r\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\r\n<\/code><\/pre>\n<p>The following two files will be automatically created under the respective subdirectories as follows:<\/p>\n<ul>\n<li>The private key:\u00a0<code>\/etc\/letsencrypt\/live\/your_domain.com\/privkey.pem<\/code><\/li>\n<li>The certificate:\u00a0<code>\/etc\/letsencrypt\/live\/your_domain.com\/fullchain.pem<\/code><\/li>\n<\/ul>\n<p>Now that you have your Let's Encrypt private key file and your certificate file, you can restart your server and install your certificate on your web server.<\/p>\n<h3>Restart Your Server<\/h3>\n<p>Now that you have your certificate, restart your server.<\/p>\n<p>For Apache:<\/p>\n<pre class=\"lang-bash s-code-block\"><code class=\"hljs language-bash\" data-highlighted=\"yes\">sudo systemctl start apache2\r\n<\/code><\/pre>\n<p>For Nginx:<\/p>\n<div class=\"s-prose js-post-body\">\n<pre class=\"lang-bash s-code-block\"><code class=\"hljs language-bash\" data-highlighted=\"yes\">sudo systemctl start nginx<\/code><\/pre>\n<\/div>\n<h3><b>Installing Your Let's Encrypt Certificate for the APACHE Web Server<\/b><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6740\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1024x390.png\" alt=\"certificate\" width=\"443\" height=\"169\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1024x390.png 1024w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-300x114.png 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-768x293.png 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-1536x586.png 1536w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_11-2048x781.png 2048w\" sizes=\"auto, (max-width: 443px) 100vw, 443px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Edit Apache\u2019s default configuration file<\/span><\/li>\n<\/ul>\n<pre>sudo nano \/etc\/apache2\/sites-enabled\/000-default.conf<\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Replace the key and the certificate paths to the new values (highlighted in <\/span><span style=\"font-weight: 400; color: yellow; background-color: black;\">yellow <\/span>\u00a0<span style=\"font-weight: 400;\">in the below code).<\/span><\/li>\n<\/ul>\n<pre>&lt;VirtualHost *:80&gt;\r\n        Define servername <mark>www.example.com<\/mark>\r\n        ServerName ${SERVERNAME}\r\n        RewriteEngine on\r\n        RewriteRule ^\/.*$ https:\/\/\\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]\r\n        ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n        CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost *:443&gt;\r\n        SSLEngine On\r\n        SSLCertificateFile <mark>\/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem<\/mark>\r\n        SSLCertificateKeyFile <mark>\/etc\/letsencrypt\/live\/www.example.com\/privkey.pem<\/mark>\r\n        ServerName ${SERVERNAME}\r\n        DocumentRoot \/var\/www\/&lt;appname&gt;\r\n        ErrorLog ${APACHE_LOG_DIR}\/error.log\r\n        CustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;<\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Restart Apache<\/span><\/li>\n<\/ul>\n<pre>sudo systemctl restart apache2<\/pre>\n<h3><strong>Installing Your Let's Encrypt Certificate for the NGINX Web Server<\/strong><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6751\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12.png\" alt=\"certificate\" width=\"443\" height=\"111\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12.png 660w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_12-300x75.png 300w\" sizes=\"auto, (max-width: 443px) 100vw, 443px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Edit Nginx\u2019s default configuration file<\/span><\/li>\n<\/ul>\n<pre>sudo nano \/etc\/nginx\/sites-enabled\/default<\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Replace the key and the certificate paths to the new values (highlighted in <\/span><span style=\"font-weight: 400; color: yellow; background-color: black;\">yellow <\/span>\u00a0<span style=\"font-weight: 400;\">in the below code).\u00a0<\/span><\/li>\n<\/ul>\n<pre>server {\r\n   listen 80;\r\n   listen [::]:80;\r\n   server_name <mark>www.example.com<\/mark>;\r\n   access_log off;\r\n   location \/ {\r\n         rewrite ^ https:\/\/$host$request_uri? permanent;\r\n   }\r\n}\r\n\r\nserver {\r\n    listen 443 ssl;\r\n    listen [::]:443 ssl;\r\n    server_name <mark>www.example.com<\/mark>;\r\n    root \/var\/www\/&lt;appname&gt;;\r\n    index index.php index.html index.htm index.nginx-debian.html;\r\n    autoindex off;\r\n    ssl_certificate <mark>\/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem<\/mark>;\r\n    ssl_certificate_key <mark>\/etc\/letsencrypt\/live\/www.example.com\/privkey.pem<\/mark>;\r\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n    ssl_ciphers HIGH:!aNULL:!MD5;\r\n\r\n    location ~ \\.php$ {\r\n         include snippets\/fastcgi-php.conf;\r\n         fastcgi_pass unix:\/var\/run\/php\/php-fpm.sock;\r\n         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\r\n         include fastcgi_params;\r\n    }\r\n}<\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Restart Nginx<\/span><\/li>\n<\/ul>\n<pre>sudo systemctl restart nginx<\/pre>\n<h3>Verifying Your Certificate<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6755 \" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_13-1024x201.png\" alt=\"certificate\" width=\"714\" height=\"140\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_13-1024x201.png 1024w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_13-300x59.png 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_13-768x151.png 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_13.png 1343w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Now that you've installed your certificate, reload your browser and click on the icon on the left hand corner of the URL bar, this will inform you the connection is secure:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11509\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/secure.webp\" alt=\"Let's Encrypt Connection is Secure\" width=\"317\" height=\"224\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/secure.webp 317w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/secure-300x212.webp 300w\" sizes=\"auto, (max-width: 317px) 100vw, 317px\" \/><\/p>\n<p>Click <strong>Connection is Secure<\/strong> and you'll see more details:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11510\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/is-secure.webp\" alt=\"https connection\" width=\"320\" height=\"293\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/is-secure.webp 320w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/is-secure-300x275.webp 300w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/p>\n<p>Click <strong>Certificate is valid<\/strong> and you'll have all the details of your Let's Encrypt certificate:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11511\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/cert.webp\" alt=\"Let's Encrypt Certificate Details\" width=\"546\" height=\"674\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/cert.webp 546w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/cert-243x300.webp 243w\" sizes=\"auto, (max-width: 546px) 100vw, 546px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Your website is now Certificate Authority certified and you can securely welcome any online transactions, like paid subscriptions and eCommerce services, memberships or charity and online fundraising. For more details, check out <a href=\"https:\/\/www.ssdnodes.com\/blog\/install-lets-encrypt-on-ubuntu-certbot-apache-and-nginx\/\">Secure Your Site Using HTTPS<\/a>.<\/span><\/p>\n<h2><a style=\"font-size: 16px; background-image: url('img\/anchor.gif');\" name=\"5\"><\/a>Step 5 (Grafana-specific): Setting up Let's Encrypt for Grafana<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-11521\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/Grafana-Lets-Encrypt.webp\" alt=\"Install Let's Encrypt for Grafana\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/Grafana-Lets-Encrypt.webp 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/Grafana-Lets-Encrypt-300x200.webp 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Grafana uses custom configurations for its server, and to add a Let's Encrypt certificate to your Grafana 1-Click application, you'll need to\u00a0 modify file permissions and the Grafana configuration file. This section will walk you through the process.<\/p>\n<h3>1) Set Up Grafana to Use Your Let's Encrypt Certificate<\/h3>\n<p>Temporarily stop the Grafana server:<\/p>\n<pre><code class=\"language-bash\">sudo systemctl stop grafana-server\r\n<\/code><\/pre>\n<p><!-- notionvc: 88b38060-9094-4942-95df-15a76813d75e --><\/p>\n<p>Rename the existing self-signed certificate files:<\/p>\n<pre><code class=\"language-bash\">sudo mv \/etc\/grafana\/grafana.key \/etc\/grafana\/grafana_old.key\r\nsudo mv \/etc\/grafana\/grafana.pem \/etc\/grafana\/grafana_old.pem\r\n<\/code><\/pre>\n<p>This backs up the original self-signed certificates in case you need to revert changes.<\/p>\n<p>Set up symlinks for the certificates you generated earlier:<\/p>\n<pre><code class=\"language-bash\">sudo ln -s \/etc\/letsencrypt\/live\/your_domain.com\/fullchain.pem \/etc\/grafana\/grafana.pem\r\nsudo ln -s \/etc\/letsencrypt\/live\/your_domain.com\/privkey.pem \/etc\/grafana\/grafana.key\r\n<\/code><\/pre>\n<p>These symlinks allow Grafana to use the Let's Encrypt certificates without modifying its configuration.<\/p>\n<p>Adjust permissions:<\/p>\n<pre><code class=\"language-bash\">sudo chgrp -R grafana \/etc\/letsencrypt\/*\r\nsudo chmod -R g+rx \/etc\/letsencrypt\/*\r\nsudo chown -R grafana \/etc\/letsencrypt\/*\r\nsudo chown grafana \/etc\/grafana\/*\r\nsudo chgrp -R grafana \/etc\/grafana\/grafana.pem \/etc\/grafana\/grafana.key\r\nsudo chmod 400 \/etc\/grafana\/grafana.pem \/etc\/grafana\/grafana.key\r\n<\/code><\/pre>\n<p>This ensures that the Grafana service has the necessary permissions to read the certificate files.<\/p>\n<p>Verify the permissions:<\/p>\n<pre><code class=\"language-bash\">ls -l \/etc\/grafana\/grafana.*\r\n<\/code><\/pre>\n<p>The output should be as follows:<\/p>\n<pre><code>-rw-r----- 1 grafana grafana 80484 Dec 22 16:06 \/etc\/grafana\/grafana.ini\r\nlrwxrwxrwx 1 root grafana 50 Dec 22 17:40 \/etc\/grafana\/grafana.key -&gt; \/etc\/letsencrypt\/live\/www.example.com\/privkey.pem\r\nlrwxrwxrwx 1 root grafana 52 Dec 22 17:40 \/etc\/grafana\/grafana.pem -&gt; \/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem\r\n<\/code><\/pre>\n<h3>2) Configure Grafana<\/h3>\n<p>Next, open the Grafana config file:<\/p>\n<pre><code class=\"language-bash\">sudo nano \/etc\/grafana\/grafana.ini\r\n<\/code><\/pre>\n<p>Then modify the domain parameter:<\/p>\n<pre><code class=\"language-bash\">[server]\r\n;domain = localhost\r\n<\/code><\/pre>\n<p><!-- notionvc: 586d6a59-4182-4719-9015-cc8ad2811455 --><\/p>\n<p>Uncomment the parameter and set up your domain:<\/p>\n<pre><code>[server]\r\ndomain = your_domain.com\r\n<\/code><\/pre>\n<p>This tells Grafana which domain name to use for HTTPS.<\/p>\n<h3>3) Restart Grafana<\/h3>\n<p>Finally, restart the Grafana service to apply the changes:<\/p>\n<pre><code class=\"language-bash\">sudo systemctl restart grafana-server\r\nsudo systemctl status grafana-server\r\n<\/code><\/pre>\n<p>The <code>status<\/code> command will show you if Grafana started successfully with the new configuration:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-11518\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status-1024x308.webp\" alt=\"grafana server status\" width=\"750\" height=\"226\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status-1024x308.webp 1024w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status-300x90.webp 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status-768x231.webp 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status-1536x462.webp 1536w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/02\/grafana-status.webp 2000w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p>Grafana will now be served on port <code>3000<\/code> using HTTPS with your new Let's Encrypt certificate:<\/p>\n<pre><code class=\"language-python\">https:\/\/your_domain.com:3000\/\r\n<\/code><\/pre>\n<p><!-- notionvc: 5994169d-aa6a-42b1-b51f-be9249f6c1f2 --><\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion<\/span><\/h2>\n<p>That's it, you now have your 1-click application configured with an SSL\/TLS certificate from a certificate authority, and a domain name for your 1-click applications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Skip the setup stress\u2014deploy apps instantly with SSD Nodes&#8217; 1-Click Applications! From WordPress to Grafana, get started fast and secure your server with ease.<\/p>\n","protected":false},"author":15,"featured_media":8874,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[18,30],"tags":[204],"class_list":["post-6790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-tutorials","tag-1-click-apps"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/6790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/comments?post=6790"}],"version-history":[{"count":62,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/6790\/revisions"}],"predecessor-version":[{"id":11637,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/6790\/revisions\/11637"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media\/8874"}],"wp:attachment":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media?parent=6790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/categories?post=6790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/tags?post=6790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}