You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
clear search
Home > LOGS SDMS > Installation > TLS certificates with Let's Encrypt
TLS certificates with Let's Encrypt
print icon
Carolin Frohnapfel
May 28, 2026
views icon 7

You can get free TLS certificates from Let's Encrypt that can be used with LOGS to enable secure HTTPS support. The main requirement is that your LOGS instance must be reachable from the public internet. If your LOGS is only available inside your internal network, you need to ask your IT department for TLS certificates. The basic Let's Encrypt workflow described here will not work if your LOGS is retricted to your own network.

Overview

 

Let's Encrypt is not part of LOGS. LOGS can work with certificates from any approved certificate authority. To use TLS certificates and enable HTTPS you need to provide the path to those certificates in the LOGS config file. That is all that is required from the LOGS side. Let's encrypt and their tool certbot are how you get those certificates in the first place.

Install certbot

 

Follow the instructions on the Let's Encrypt homepage to install certbot. For Linux that would be the following page:

https://certbot.eff.org/instructions?ws=other&os=pip

Most of the installation is independent of LOGS. But in section 7 "Choose how you'd like to run Certbot" you need to adapt the commands so that this works out of the box. LOGS does support running the ACME Challenge while LOGS is running. To use that make sure the option "AcmeWellKnownPath" is set in the LOGS config. This document assumes the option is set to "/opt/logs/.well-known".

To run the challenge with LOGS running, run the following command:

sudo certbot certonly --webroot -w /opt/logs

The -w flag tells certbot where the .well-known folder is, so this has to match the parent path of the "AcmeWellKnownPath" you set in the LOGS config.

Certbot will display the location of the certificates if it was successfull, this will look like this:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/[your domain]/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/[your domain]/privkey.pem
This certificate expires on 2026-08-25.
These files will be updated when the certificate renews.

You need to modify the LOGS config (logs-config.toml in /opt/logs) and set the certificate paths to the values you got from certbot:

[Server]
HttpPort = 80
HttpsPort = 443
ListenAddress = "0.0.0.0"
AllowHttp = false
AcmeWellKnownPath = "/opt/logs/.well-known"
CertificatePath = "/etc/letsencrypt/live/[your domain]/fullchain.pem"
KeyPath = "/etc/letsencrypt/live/[your domain]/privkey.pem"

The exact path depends on your domain, so it will be different for each installation. Restart LOGS with sudo ./LOGS service restart in /opt/logs so that these changes can take effect.

It is important to follow the rest of the cerbot installations instructions now. The remaining commands are responsible for automatically renewing the certificates

Feedback
0 out of 0 found this helpful

close button
scroll to top icon