Let's encrypt based SSL certificates with auto-renewal

sails/src/config/local.js~

@@ -36,12 +36,16 @@ module.exports = {
    * responses over https:// and/or use websockets over the wss:// protocol
    * responses over https:// and/or use websockets over the wss:// protocol
    * (recommended for HTTP, strongly encouraged for WebSockets)
    * (recommended for HTTP, strongly encouraged for WebSockets)
    */
    */
-  ssl: {
+/*  ssl: {
     // ca: fs.readFileSync(path.join(__dirname, 'ssl', 'bundle.crt')),
     // ca: fs.readFileSync(path.join(__dirname, 'ssl', 'bundle.crt')),
-    key: fs.readFileSync(path.join(__dirname, 'ssl', 'key.key')),
-    cert: fs.readFileSync(path.join(__dirname, 'ssl', 'cert.crt')),
+    key: fs.readFileSync(path.join(__dirname, 'ssl', 'yottacode.com.key')),
+    cert: fs.readFileSync(path.join(__dirname, 'ssl', 'yottacode.com.crt')),
   },
   },
-
+*/
+   ssl: {
+       key: fs.readFileSync('/etc/letsencrypt/live/dev.yottacode.com/privkey.pem'),
+       cert: fs.readFileSync('/etc/letsencrypt/live/dev.yottacode.com/cert.pem')
+   }
   /**
   /**
    * The `port` setting determines which TCP port your app will be
    * The `port` setting determines which TCP port your app will be
    * deployed on.
    * deployed on.
@@ -52,7 +56,7 @@ module.exports = {
    * In env/production.js, you'll probably want to change this setting
    * In env/production.js, you'll probably want to change this setting
    * to 80 (http://) or 443 (https://) if you have an SSL certificate
    * to 80 (http://) or 443 (https://) if you have an SSL certificate
    */
    */
-  port: process.env.PORT || 1337,
+  port: process.env.PORT || 443,
 
 
   /*
   /*
    * The runtime "environment" of your Sails app is either typically
    * The runtime "environment" of your Sails app is either typically

sails/src/config/ssl/csr.pem

------BEGIN CERTIFICATE REQUEST-----
-MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAPkWZj6TTJQon1rupP1SUY8dQiSv3+1xByQAGYaf
-J9vZWfe6ZAy0ndFH26m0lc2S76BkQRfhWBTvWcsFhACWefSlGxpIiwxWdQOcF6cf
-WyFi9VBPUXvTPyd64hCd+9+XML/0hzU4BpzJsEbPyhOv7VZA2VCZ+GAP86b/MGCS
-s2QgWi7ZW0bTX0tO1WDC8JdHeaUXspwfJaqsw25SiDsNfWQmAZOa5F9I0vl4GCku
-ivy16Cn/1XnpBw9M9DH18H1ENDFkOnUJYa8NU/t9lJJqNapDZ3zTLIlNd28nl3LP
-HfbPGhq7qMAYmtiYt6rxHRBazL1OEFf2xb9DIVVlIKQXf/cCAwEAAaAAMA0GCSqG
-SIb3DQEBCwUAA4IBAQArBhbVjPadSIWK9yGO7oca2TT+ZMp2kw4OY7+NHj+4NUFk
-CKe2ZOAdvKM9wqY5P4QHux1WnqzEtga78ykaJofHeB/EFFqMkun5ETFbd/wIGKMy
-WdB/vNNbsv5Hf2/ezGiw1HUsCGp2P/JTDO9+a5O3ioFhp4tvfJ7TBfdzD5eq7Xlq
-DAHXPimbtnqiGGBf6efefG/Rl4cvvLyH5k/mUj00/stx3rjVayvedzOL8W4oRoxJ
-SQEaqlp/MtPLXBuG0RkZsJloon+aZfcR3WE4iG2BVQe7Dqtdto+mRa9e1ba0ZUQK
-Fq1iIGvsp9YIHCS3NXeJBeIllYkFK2hI7o6hALPf
------END CERTIFICATE REQUEST-----

sails/src/config/ssl/letsencrypt.md

+Para tener el servidor funcionando con certificados gratuitos de Let's encrypt los pasos son los siguientes:
+
+```
+$ cd
+$ git clone https://github.com/letsencrypt/letsencrypt
+$ sudo mkdir /etc/letsencrypt
+$ sudo chown ubuntu:ubuntu /etc/letsencrypt
+$ vim /etc/letsencrypt/cli.ini
+```
+
+Con el contenido siguiente:
+
+```
+authenticator = webroot
+webroot-path = /home/ubuntu/pictogram/sails/src/assets/
+server = https://acme-v01.api.letsencrypt.org/directory
+renew-by-default
+agree-dev-preview
+agree-tos
+email = info@yottacode.com
+```
+
+Para permitir a letsencrypt verificar nuestro servidor, debemos facilitar la entrada por HTTP. Para ello instalamos nginx y lo configuramos para que redirija a HTTPS:
+
+```
+$ sudo apt-get install nginx
+$ sudo vim /etc/nginx/site-enabled/default
+```
+
+Con el siguiente contenido:
+
+```
+server {                         
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+        server_name _;                       
+        return 301 https://$host$request_uri;
+}  
+```
+
+Ahora relanzamos nginx y solicitamos el certificado
+
+```
+$ sudo service nginx reload
+$ /home/ubuntu/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d dev.yottacode.com certonly
+```
+
+Ya tenemos nuestros certificados. Finalmente configuramos Sails para que apunte a ellos:
+
+```
+$ vim /home/ubuntu/pictogram/sails/src/config/local.js
+```
+
+Con el contenido para ssl:
+
+```
+   ssl: {
+       key: fs.readFileSync('/etc/letsencrypt/live/dev.yottacode.com/privkey.pem'),
+       cert: fs.readFileSync('/etc/letsencrypt/live/dev.yottacode.com/cert.pem')   
+   },    
+```
+
+Ya podemos relanzar sails
+
+```
+$ cd /home/ubuntu/pictograms/sails/src
+$ sudo forever stopall
+$ sudo forever start app.js --debug
+```
+
+Y ahora configurar cron para que el certificado se renueve solito cada mes
+
+```
+$ sudo crontab -e
+```
+
+Añadimos la línea:
+
+```
+@monthly /home/ubuntu/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d dev.yottacode.com certonly
+```
+
+y voila!
\ No newline at end of file