Skip to content
AIV

SSL Setup Guide for AIV Application using Let's Encrypt

This guide explains how to generate SSL certificates using Let’s Encrypt and configure SSL inside the AIV application.

1. Install Certbot

sudo apt update
sudo apt install certbot -y

Verify:

certbot --version

2. Configure DNS

Create DNS A record:

yourdomain.com -> YOUR_SERVER_PUBLIC_IP

Verify:

nslookup yourdomain.com

3. Stop Existing Web Servers

sudo systemctl stop apache2
sudo systemctl stop nginx

Verify ports:

sudo ss -tulpn | grep -E ':80|:443'

4. Generate SSL Certificates

sudo certbot certonly --standalone -d yourdomain.com

Certificates generated at:

/etc/letsencrypt/live/yourdomain.com/

Verify:

ls -l /etc/letsencrypt/live/yourdomain.com/

Expected:

fullchain.pem
privkey.pem

5. Create SSL Directory

mkdir -p ./config/ssl

6. Copy Certificates

sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ./config/ssl/
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem ./config/ssl/

Set permissions:

sudo chmod 600 ./config/ssl/*

7. Configure application.yml

server:
  compression:
    enabled: true
    mime-types: application/json, text/html, text/xml, text/plain, text/css, text/javascript, application/javascript, application/octet-stream
    min-response-size: 1024
  servlet:
    context-path: /aiv
  port: ${aiv_port}
  ssl:
    enabled: true
    certificate: ${aiv_base}/config/ssl/fullchain.pem
    certificate-private-key: ${aiv_base}/config/ssl/privkey.pem

IMPORTANT:

  • Use enabled correctly
  • Use ${aiv_base}
  • Ensure files exist inside /opt/config/ssl/

8. Docker Volume Mapping

docker-compose.yml:

volumes:
  - ./config:/opt/config:rw

9. Restart Application

docker compose down
docker compose up -d

10. Verify SSL

Inside container:

docker exec -it aiv sh

Check:

ls -l /opt/config/ssl/

Expected:

fullchain.pem
privkey.pem

11. Test HTTPS

Open:

https://yourdomain.com/aiv/

OR

https://yourdomain.com:8098/aiv/

12. Auto Renewal

Test renewal:

sudo certbot renew --dry-run

Manual renewal:

sudo certbot renew

13. Common Issues

Certificate generation failed

Check:

  • DNS points correctly
  • ports 80/443 open
  • Apache/Nginx stopped

Permission issue

Fix:

sudo chmod 600 ./config/ssl/*

SSL not loading

Check logs:

docker logs aiv

Wrong SSL paths

Verify:

ls -l /opt/config/ssl/

Mixed content error

Replace:

http://yourdomain.com

With:

https://yourdomain.com

14. Useful Commands

Check certificates:

sudo certbot certificates

Check ports:

sudo ss -tulpn | grep -E ':80|:443'

Restart app:

docker compose restart

View logs:

docker logs aiv