Use Let’s Encrypt certificates with Cockpit

June 7, 2022 Use Let’s Encrypt certificates with Cockpit
Share
Tweet
Share
0 Shares

Introduction

Cockpit is free and open-source software that provides a web-based graphical interface for Linux servers. When using Cockpit the the following URL is needed to access it at https://your-domain-name:9090, and for the reason since your accessing a secure HTTPS that is not secure and the following screen appears.
not secure https to cockpit login

If your have Let’s Encrypt SSL install on your Ubuntu and Debian instance, then in this tutorial can help you secure your Cockpit connection.

Configure Cockpit

In this tutorial we are not going to explain how to install Cockpit, for that you willl need to go to the following Cockpit install.

Cockpit loads certificates from the /etc/cockpit/ws-certs.d directory. It will use the last file in the directory with a .cert or .crt extension in alphabetical order. The private key can be contained in a separate file with the same name as the certificate, but with a .key suffix instead. The key must not be encrypted.

This can be achieved by copying the Let’s Encrypt key and certificate to the correct location for Cockpit.

cp /etc/letsencrypt/live/yourdomain/fullchain.pem /etc/cockpit/ws-certs.d/yourdomain.crt
cp /etc/letsencrypt/live/yourdomain/privkey.pem /etc/cockpit/ws-certs.d/yourdomain.key

After copying the file then we have to give it the correct permission.

chown cockpit-ws:cockpit-ws /etc/cockpit/ws-certs.d/yourdomain.crt
chown cockpit-ws:cockpit-ws /etc/cockpit/ws-certs.d/yourdomain.key

Restarting the Cockpit server (systemctl restart cockpit) should get the updated certificate in place. From this point you should see the login screen for Cockpit on https://your-domain-name:9090

Cockpit login screen

That should do it!