Configuring EmonCMS on EmonPi to use HTTPS

wabiloo · 23 June 2017 22:40

I would like to access my emonPi’s from outside the local network, in particular to use the iOS app.
Having configured my router with the appropriate forward, I’m able to do so. However the iOS app enforces the use of HTTPS in such a situation (quite rightly).

Can anyone point me at some documentation explaining how to enable SSL on the emonPi? I can’t seem to find the relevant info on this forum…

davidski · 24 June 2017 00:14

I’ve had an open item on my to do list to get HTTPS configured on all the default services (emonCMS, node-red, OpenHAB, etc.). So far I’ve only set up emonCMS with ACME (Let’s Encrypt). I’m running my emonBASE internally with no external access so I had to use manual DNS authentication. Here’s the steps I used:

Enable RW mode on the root fs via rpi-rw
In /etc/apt/sources.list.d, create a file with contents: deb http://ftp.debian.org/debian jessie-backports main
Run sudo apt-get update
Run sudo apt-get install python-certbot-apache -t jessie-backports
Manually register a cert with DNS challenge
- Generate the cert via: sudo certbot certonly --manual --preferred-challenges dns
- Install the cert in apache: sudo certbot install --apache --cert-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem --key-path /etc/letsencrypt/keys/0000_key-certbot.pem --fullchain-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem
Set the root fs back to RO rpi-ro

Note that I haven’t yet set up auto renewal of the certificate.

References: Certbot

Hope this helps!

davidski · 24 June 2017 00:56

FYI - I just set up node-red to use HTTPS with these sames Let’s Encrypt-generated certs via the instructions at Industrial Internet | Adding HTTPS/SSL to Node-RED. I had to set the permissions of the /etc/letsencrypt tree to be owned by the pi user, but it all seems to be working smoothly.

jdenver13 · 21 February 2021 20:34

Is it possible to enable https on the current version, emonSD-24Jul20 10.2.7, on a raspberry pi?

borpin · 21 February 2021 21:02

LAN or WAN?

If you have a domain (or subdomain) and are able to write TXT records it is pretty easy even if the machine itself is not accessible from the internet. Self signed certificates are more tricky (and I can’t help with them).

I have an internal instance of emoncms running with an SSL certificate.

jdenver13 · 21 February 2021 21:14

Its only on the LAN side.

As I understand it:
Im trying to get the emoncms dashboard to appear in Home Assistant via iframe and iframe will not display http sites if Home Assistant is https which mine is.

borpin · 21 February 2021 21:20

Yes you will have that problem.

How did you setup the SSL for HA?

jdenver13 · 21 February 2021 22:08

I didn’t have to, I use https://www.nabucasa.com/ which does all that work.

borpin · 21 February 2021 22:32

Ok, it isn’t simple to do it to emoncms without a domain name to use.

jdenver13 · 21 February 2021 23:09

Not to worry, thanks for your help though.