code-server/doc/security/ssl-certbot.md

2.3 KiB

Generate a Certificate Using Let's Encrypt 🔒

To get around the certificate warnings in Chrome, you might want to install a certificate from a trusted Certificate Authority (CA). Luckily, there are CAs like Let's Encrypt which provide certificates for free.


Using Certbot

Certbot is the program we'll be using to issue certificates from Let's Encrypt.

Pre-requisites: You will need a domain name or subdomain pointed to the IP address of your server.

  1. Install Certbot by heading to the instructions page. Select None of the above for the software and the right operating system for your setup.
  2. Follow the installation instructions, and stop once you get up to the part where you run the certbot certonly command.
  3. Ensure your code-server instance isn't running, and any other webservers that could interfere are also stopped.
  4. Run the following command, replacing code.example.com with the hostname/domain you want to run your server on, to issue a certificate:
    sudo certbot certonly --standalone -d code.example.com
    
  5. Follow the prompts, providing your email address and accepting the terms where required.
  6. Once the process is complete, it should print the paths to the certificates and keys that were generated. You can now restart any webservers you stopped in step 2.

Starting code-server with a Certificate and Key

Just add the --cert and --cert-key flags when you run code-server:

./code-server --cert=/etc/letsencrypt/live/code.example.com/fullchain.pem --cert-key=/etc/letsencrypt/live/code.example.com/privkey.pem

You can now verify that your SSL installation is working properly by checking your site with SSL Labs' SSL Test.


Next Steps

You probably want to setup automatic renewal of your certificates, as they expire every 3 months. You can find instructions on how to do this in Certbot's documentation.