How to activate Lightsail Let's Encrypt SSL Certificate

mdotcoder · May 27, 2024, 3:00am

How do I get SSL to work on LightSail Install?

I have installed OpenEMR using AWS LightSail and it works with the IP.
I have a registered domain I am pointing to and it works but gives the “Site Not Secure” error. I chose LightSail installation because it comes with the automatic Let’s Encrypt SSL. However I am not sure if I am executing the instructions below correctly because it is not working.

cd /root/openemr-devops/packages/lightsail
# edit docker-compose.yml: add environment variables DOMAIN and EMAIL to the openemr container
./docker-compose up -d

Question 1: Did I enter the DOMAIN and EMAIL correctly in the openemr environment?

Question 2: When I run ./docker-compose up -d I get the error:
-bash: ./docker-compose: No such file or directory. How do I run ./docker-compose up -d ?

Thank you.

snailwell · May 27, 2024, 9:27am

The docker-compose command likely doesn’t exist in that directory, you don’t need the ./ at the start of your command.

jesdynf · May 28, 2024, 12:21am

Was juuust about to say that. It might even be “docker compose” now.

jesdynf · May 28, 2024, 4:01pm

Next time I have Lightsail booted up I’ll check the syntax and update the docs. The syntax and availability of that command really changed between Ubuntu 16 (?) and now.

mdotcoder · May 29, 2024, 2:17am

Thank you. it worked when i removed the ./ at the start

mdotcoder · May 29, 2024, 2:34am

How do I get the SSL certificate to work? I’m stuck here. I’ve added the domain and email and ran docker-compose up -d successfully, yet nothing happens, do I get a notification? The site is still “Not Secure”.

jesdynf · May 30, 2024, 2:42am

Just to confirm, that domain you registered currently points to the IP of the OpenEMR instance, right? If so…

My advice would be to change the domain to something known invalid, then re-up it and check the container logs on first start. Once you know how to check container logs (and you see where Let’s Encrypt failed to authenticate and make new certs) you can reset the domain to the proper state and do it a second time, now that you know where to look and what to look for, and then we’ll see what it has to say for itself.

mdotcoder · June 2, 2024, 1:45am

Yes the domain points to the IP of the OpenEMR instance. Sure thanks, will try that