Help Search

Auto configure HTTPS with Let's Encrypt on Digital Ocean

If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.

Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section

Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like are not supported by default

Edit nginx configuration file

By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.

Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line:

server_name _;

Replace the underscore with your passbolt domain name:

server_name passbolt.domain.tld;

Reconfigure passbolt

Execute this command:

sudo dpkg-reconfigure passbolt-ce-server

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

  • Serve passbolt on port 80 (http)
  • Serve passbolt on port 443 (https)

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

Configure nginx dialog fig. Configure nginx dialog

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

nginx SSL dialog fig. nginx SSL dialog

You will now need to introduce the name of the domain name assinged to your server:

nginx domain name fig. nginx domain name

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

lets encrypt admin email fig. lets encrypt admin email

If everything goes fine you should see a final message that points you to finish passbolt configuration:

Success message fig. Success message

Reload nginx after finish the reconfigure to use the SSL configuration.

sudo systemctl reload nginx

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

And that’s it you should be able to reach your server on the domain you specified.

Last updated

This article was last updated on March 29th, 2022.

Are you experiencing issues when installing passbolt?

Ask the community!
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!