Using Let's Encrypt's Certbot SSL-Certificates with ArangoDB

letsencrypt-certbot-arangodb.md

Using Let's Encrypt's Certbot Certificates with ArangoDB

Let's Encrypt generates SSL certificates for free.
Follow these steps to create and use an SSL certificate with ArangoDB.

1. Install the Certbot from LetsEncrypt (Certbot instructions)

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install certbot

2. Generate the certificate

Run certbot and answer the prompted questions.

sudo certbot certonly

3. Create the certificate/key bundle required by ArangoDB

ArangoDB requires a single file containing the certificate chain as well as the private key.

cd /etc/letsencrypt/live/example.com  # replace example.com with your domain
cat fullchain.pem privkey.pem > server.pem

4. Grant access to user arangodb

Make sure the ArangoDB user (usually arangodb) can read the server.pem and fullchain.pem files.

chown -R arangodb:arangodb ./etc/letsencrypt/*  # depending on your system

5. Configure ArangoDB to use the certificate

vi /etc/arangodb3/arangod.conf

A. Add the endpoint to the [server] block

[server]
endpoint = ssl://example.com:8529

B. Create the [ssl] block before any other block

[ssl]
cafile = /etc/letsencrypt/live/example.com/fullchain.pem
keyfile = /etc/letsencrypt/live/example.com/server.pem

C. Save & close

6. Restart the server

service arangodb3 restart
service arangodb3 status  # make sure it's running

---

Related / sources:

• Certbot instructions
• StackOverflow: ArangoDB working together with letsenrcypt certificates
• StackOverflow: Arangod.conf for SSL