Best way to get SSL Cert for OpenEMR Express Plus?

emiller · May 1, 2024, 2:08am

Good evening, everyone. I’ve recently launched OpenEMR Express Plus for our free clinic on AWS, however, I’ve been having some issues with the best way to go about SSL certificate/encryption. I thought I had it figured out when I forwarded a subdomain from our website to the elastic IP that was allocated in AWS. However, despite the original domain having an SSL certificate from GoDaddy- that did not extend to the elastic IP the subdomain forwarded to.

I am in the process of working with Certbot/LetsEncrypt to get a self-signed SSL certificate then planning to install that to the server through the EC2 SSH console. However, I ran into a small issue with the “webroot” path. Tomorrow, I’m going to try the other way through Certbot that requires it come offline for a few minutes to use port 80. At this time, the domain I was going to sign was going to be the subdomain that I setup through GoDaddy. Will this work? Another idea I had was signing the IP address setup through AWS for the SSL certificate.

Any recommendations you all have for this process would be greatly appreciated. I’ve been finding a lot of literature on the process, but I’m still working on applying it to the AWS instance scenario. We’re also trying to keep this free if at all possible due to the nature of our clinic.

Thanks.

snailwell · May 1, 2024, 3:36pm

For OpenEMR Express Plus on AWS, you can add the domain you registered with GoDaddy to the Docker compose file, then restart and a new, signed LetsEncrypt certificate will be obtained and installed. See here. Rereading your message, looks like you’re wanting a certficate for a subdomain of a domain with an existing certificate. That should still work (using the subdomain in docker-compose), but it depends on the type of certificate assigned to the parent domain. You can do a dry-run of the certbot command to see what will happen.

emiller · May 5, 2024, 3:05pm

@snailwell, thanks for the response and my apologies for the delay! I deployed the AWS instance without previous involvement of Docker, and I’m still learning about it. Where do I access the Docker compose file? Is there a resource you’d recommend for learning about the interplay of Docker and AWS?

I attempted to do this through an EC2 connect instance using the directions provided, and it said that I did not have access. Is this the correct way to do this? Would the access issue be resolved through SSH?

Thanks in advance for any help!

snailwell · May 5, 2024, 3:47pm

OpenEMR Express Plus on AWS is provisioned as defined in a CloudFormation template. Once provisioned, it is configured for launch by docker-compose files, pulled straight from github.

I think the best way to learn is to take a look at both of those linked resources, then check the official Docker and AWS documentation when you encounter something in the files you don’t understand.

Once the instance is running, you will want to SSH into the EC2 instance using your AWS IAM account. From there you can access the Docker containers and issue commands.

It may also help to setup a local environment to learn from.

To speed you along, here is the order of operations that happened when you launched on AWS:

The CloudFormation template created and executed a /root/cloud-setup.sh file on your EC2 instance.
The cloud-setup.sh process downloaded and executed a /root/launch.sh file.
The launch.sh process downloaded (“cloned”) the openemr-devops github repository to /root/openemr-devops.
The launch.sh process executed the downloaded docker-compose file (located in /root/openemr-devops/packages/lightsail) to launch OpenEMR.