From 782890f7ee230e9f818f973e3dca7e2563e4473d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roni=20V=C3=A4yrynen?= Date: Fri, 29 Jul 2022 14:19:13 +0300 Subject: [PATCH] Updated Home (markdown) --- Home.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Home.md b/Home.md index e5b549f..6af147b 100644 --- a/Home.md +++ b/Home.md @@ -12,6 +12,29 @@ cp sample.xo-install.cfg xo-install.cfg There's few different ways to enable HTTPS for Xen Orchestra. +* Let's Encrypt, automatically created by Xen Orchestra + +Edit `xo-install.cfg` with your preferred text editor and make sure following variables are set: + +``` +LETSENCRYPT="true" +LETSENCRYPT_DOMAIN="your.domain.tld" +``` +Additionally you can set `LETSENCRYPT_EMAIL="your@email.tld"` to receive notifications related to your certificate. + +Enabling Let's Encrypt overwrites some other configuration options so that it works properly, these are: + +PORT is set to 80 +AUTOCERT is set to true +Certificate and Key paths are set to `./certificate.pem` and `./key.pem`, meaning they will be located in same directory with xo-server config.toml file. + +Certificate will be generated when XO is accessed first time from browser with domain set in configuration. When this is done for the first time, the page will load slightly longer due to certificate being generated. + +Check these if certificate generation doesn't work properly: + +- XO instance needs to be publicly accessible with domain and ports 80/443 allowed for certificate generation to work. +- If certificate/key paths were set before and there are existing files, XO won't generate a new Let's Encrypt certificate. Stop xo-server, remove/rename these files and restart xo-server. + * Self-signed certificate, automatically created by Xen Orchestra