Setting up a domain name for your instance and getting a Let's Encrypt certificate

Introduction

By following the Getting Started guide you can launch an instance with an assigned public IP address. Supposing that your IP address is 62.217.94.10, you should be able to connect to your instance with:

$ ssh ubuntu@62.217.94.10

By following this guide, you will be able to configure a domain name for your instance (e.g. vm.test.os.grnetcloud.net) and get a free SSL/TLS certificate using Let’s Encrypt.

Table Of Contents

  1. Changelog
  2. Requirements
  3. Configure a domain name
  4. Getting a certificate with Let’s Encrypt

Changelog

2020-09-17

  • Updated instructions for setting up the domain name

2020-03-19

  • Initial version

Requirements

Configure a domain name

In order to get a domain name for your instance, you will have to create a DNS Zone, and then add an A record for your IP address. If these words do not sound familiar, do not be afraid, since OpenStack will be doing all the hard work for you. If you are interested in learning more about how DNS works, this article from opensource.com is a great resource to get you started.

The domain name can be configured via either the Dashboard the CLI. The instructions show screenshots from the Dashboard. At the end of this section, the respective

  1. Login to the OpenStack dashboard and go Project > DNS > Zones:

  2. Upon project creation, a zone with name PROJECT.louros.os.grnetcloud.net has already been configured for use.

  3. You need to create an A DNS record. Click on Create Record Set and complete the form: Set Type to A - Address Record, Name to NAME.PROJECT.louros.os.grnetcloud.net. (this will be the domain name for your instance) and Record to your public IP address. Then, click Submit.

    For this example, we create an A record for vm.test.os.grnetcloud.net pointing to 62.217.94.10. This means that whenever someone types vm.test.os.grnetcloud.net on their browser, DNS will resolve that name to the IP address 62.217.94.10, which is the IP address of our instance.

  4. That’s it! After a few seconds your domain name will be active. You can see it under the record sets list:

You should now be able to do a DNS lookup:

$ host vm.test.os.grnetcloud.net
vm.test.os.grnetcloud.net has address 62.217.94.10

And also connect using the newly configured domain name:

$ ssh ubuntu@vm.test.os.grnetcloud.net

Getting a free TLS/SSL certificate with Let’s Encrypt

About

If you want to host a web server under https, then you need a certificate. Let’s Encrypt is one of the easiest ways to get one for your server for free. The most common tool for managing Let’s Encrypt certificates is Certbot. Certbot only needs to know about your domain name, and will automatically manage the whole lifecycle of your certificate (request, retrieve and automatically renew them when they are close to expiring). Certbot also integrates very well with most popular web servers (nginx, apache, etc).

Refer to the very good Certbot website for instructions on installing certbot. For Ubuntu, these typically are:

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Preparation for getting a Let’s Encrypt certificate

In order for certbot to work with your instance on the OpenStack@Louros deployment, you will have to add a security group to enable TCP traffic for port 80.

Allow port 80
  1. From the Dashboard, go to Project > Network > Security Groups:

  2. Click on Create Security Group and name it allow port 80. Then click on Manage Rules:

  3. Click on Create Rule. Make sure Direction is Ingress and Port is 80. Click on Add.

Getting a Let’s Encrypt certificate

With certbot installed and the rest of the configuration ready, request a standalone certificate from inside your instance like so:

$ certbot certonly --standalone

Done

That’s it! You have successfully managed to setup a domain name for your machine, and also get an SSL certificate with Let’s Encrypt!

Aggelos