Community
OpenEnergyMonitor

OpenEnergyMonitor Community

Configuring EmonCMS on EmonPi to use HTTPS

I would like to access my emonPi’s from outside the local network, in particular to use the iOS app.
Having configured my router with the appropriate forward, I’m able to do so. However the iOS app enforces the use of HTTPS in such a situation (quite rightly).

Can anyone point me at some documentation explaining how to enable SSL on the emonPi? I can’t seem to find the relevant info on this forum…

I’ve had an open item on my to do list to get HTTPS configured on all the default services (emonCMS, node-red, OpenHAB, etc.). So far I’ve only set up emonCMS with ACME (Let’s Encrypt). I’m running my emonBASE internally with no external access so I had to use manual DNS authentication. Here’s the steps I used:

  • Enable RW mode on the root fs via rpi-rw
  • In /etc/apt/sources.list.d, create a file with contents: deb http://ftp.debian.org/debian jessie-backports main
  • Run sudo apt-get update
  • Run sudo apt-get install python-certbot-apache -t jessie-backports
  • Manually register a cert with DNS challenge
    • Generate the cert via: sudo certbot certonly --manual --preferred-challenges dns
    • Install the cert in apache: sudo certbot install --apache --cert-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem --key-path /etc/letsencrypt/keys/0000_key-certbot.pem --fullchain-path /etc/letsencrypt/live/YOURHOSTNAME/fullchain.pem
  • Set the root fs back to RO rpi-ro

Note that I haven’t yet set up auto renewal of the certificate.

References: https://certbot.eff.org/#debianjessie-apache

Hope this helps!

FYI - I just set up node-red to use HTTPS with these sames Let’s Encrypt-generated certs via the instructions at http://industrialinternet.co.uk/node-red/adding-https-ssl-to-node-red/. I had to set the permissions of the /etc/letsencrypt tree to be owned by the pi user, but it all seems to be working smoothly.

Is it possible to enable https on the current version, emonSD-24Jul20 10.2.7, on a raspberry pi?

LAN or WAN?

If you have a domain (or subdomain) and are able to write TXT records it is pretty easy even if the machine itself is not accessible from the internet. Self signed certificates are more tricky (and I can’t help with them).

I have an internal instance of emoncms running with an SSL certificate.

Its only on the LAN side.

As I understand it:
Im trying to get the emoncms dashboard to appear in Home Assistant via iframe and iframe will not display http sites if Home Assistant is https which mine is.

Yes you will have that problem.

How did you setup the SSL for HA?

I didn’t have to, I use https://www.nabucasa.com/ which does all that work.

Ok, it isn’t simple to do it to emoncms without a domain name to use.

Not to worry, thanks for your help though.

1 Like