Community
OpenEnergyMonitor

Community

Configuring EmonCMS on EmonPi to use HTTPS

I would like to access my emonPi’s from outside the local network, in particular to use the iOS app.
Having configured my router with the appropriate forward, I’m able to do so. However the iOS app enforces the use of HTTPS in such a situation (quite rightly).

Can anyone point me at some documentation explaining how to enable SSL on the emonPi? I can’t seem to find the relevant info on this forum…

I’ve had an open item on my to do list to get HTTPS configured on all the default services (emonCMS, node-red, OpenHAB, etc.). So far I’ve only set up emonCMS with ACME (Let’s Encrypt). I’m running my emonBASE internally with no external access so I had to use manual DNS authentication. Here’s the steps I used:

  • Enable RW mode on the root fs via rpi-rw
  • In /etc/apt/sources.list.d, create a file with contents: deb http://ftp.debian.org/debian jessie-backports main
  • Run sudo apt-get update
  • Run sudo apt-get install python-certbot-apache -t jessie-backports
  • Manually register a cert with DNS challenge
    • Generate the cert via: sudo certbot certonly --manual --preferred-challenges dns
    • Install the cert in apache: sudo certbot install --apache --cert-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem --key-path /etc/letsencrypt/keys/0000_key-certbot.pem --fullchain-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem
  • Set the root fs back to RO rpi-ro

Note that I haven’t yet set up auto renewal of the certificate.

References: https://certbot.eff.org/#debianjessie-apache

Hope this helps!

FYI - I just set up node-red to use HTTPS with these sames Let’s Encrypt-generated certs via the instructions at http://industrialinternet.co.uk/node-red/adding-https-ssl-to-node-red/. I had to set the permissions of the /etc/letsencrypt tree to be owned by the pi user, but it all seems to be working smoothly.