Posts tagged ‘Interworx’

Post

Using Let’s Encrypt and Interworx

So I thought I was a hotshot borrowing a script from another blog for another issue with our Interworx cluster.  Now, we’re unique for the company that I consult for, they use:

  • Interworx with multiple nodes
  • AWS
  • Cloudflare
  • Load balancers not part of Interworx

It’s quite the slick setup… Cloudflare perks, load balancing, and great performance from the Interworx product.  That said, to just manage the website, we wanted to use Let’s Encrypt for SSL use to manage the nodes.   Below is a script I modified from this blog to serve the purpose and is free for you looking to do the same!

#!/bin/bash

user=[email protected]

key=$(cat /etc/letsencrypt/live/interworxnode.yourdomain.com/privkey.pem)
sslcrt=$(cat /etc/letsencrypt/live/interworxnode.yourdomain.com/fullchain.pem)

cypher=HIGH:MEDIUM:!EXPORT:!SSLv2:!SSLv3:!TLSv1:!ADH:!aNULL:!eN ULL:!NULL:!LOW

nodeworx -u $user -o pretty -n -v -c Ssl –ssl_ciphersuite $cypher –key $key –crt $sslcrt –restart_now 1 –services SSL_Apache,SSL_IWorxWeb –action updateall

So, a few things here:

  • You need to create a siteworx account just for the domain itself, in my example, interworxnode.yourdomain.com should be created just for the sole purpose of generating Let’s Encrypt certs using the standard method in the Interworx SSL config panel.  So create the SSL certs first using Interworx for your domain you just created so it is there before running the script above.
  • Interworx will take care of renewing the certificate through it’s own jobs that are active, so you don’t need to do anything with renewals for Let’s Encrypt.
  • This script can be a cronjob to run quarterly during the year, then you will ensure you get a new cert updated into the admin portal.  I run mine in July, October, January, and April, for example.  The goal of this script is to just “steal” the SSL certs from the interworx site and reapply them to your admin portal.