• Home
  • Uncategorized
  • Using letsencrypt certificate files with mod_wsgi-express for https on django

Using letsencrypt certificate files with mod_wsgi-express for https on django

mod_wsgi-express is an easy way to get your django server up and running with an apache webserver. If you’ve been running the development server provided by django, and would like to move up to a production system, this is the way to go. Running mod_wsgi normally requires a lot of messy fiddling with apache conf files. mod_wsgi-express developed by Graham Dumpleton is an easy method to serve your project. With a single command, the project becomes live.

Let’s Encrypt is a free, automated, and open certificate authority (CA). Letsencrypt provides domain validation certificates that can be installed on your server. Certbot, developed by the Electronic Frontier Foundation is a nice command line utility that can fetch certificates.

Scenario:
Running apache2 webserver.
Ubuntu OS
DNS managed by cloudflare, Full SSL activated

Generating the certificate files:
Ref:
certbot documentation
Install the certbot PPA:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache 

Now, we’ll get the certificates from letsencryt:

certbot certonly -d yoursite.com --apache

The certificates are at /etc/letsencrypt/live/yoursite.com/
You can list them:

(venv) [email protected]:/home/joel/new/myappointments# l /etc/letsencrypt/live/yoursite.com/
total 12K
drwxr-xr-x 2 root root 4.0K Sep  9 11:10 .
drwx------ 3 root root 4.0K Sep  6 00:34 ..
lrwxrwxrwx 1 root root   34 Sep  9 11:10 cert.pem -> ../../archive/yoursite.com/cert2.pem
lrwxrwxrwx 1 root root   35 Sep  9 11:10 chain.pem -> ../../archive/yoursite.com/chain2.pem
lrwxrwxrwx 1 root root   39 Sep  9 11:10 fullchain.pem -> ../../archive/yoursite.com/fullchain2.pem
lrwxrwxrwx 1 root root   37 Sep  9 11:10 privkey.pem -> ../../archive/yoursite.com/privkey2.pem
-rw-r--r-- 1 root root  682 Sep  6 00:34 README

Copy them to a local location:

mkdir ssl-certs
cp /etc/letsencrypt/live/yoursite.com/* ssl-certs/

Now start mod_wsgi-express:

mod_wsgi-express start-server wsgi.py --https-port 443 --https-only --server-name yoursite.com --ssl-certificate-file ssl-certs/cert.pem --ssl-certificate-key-file ssl-certs/privkey.pem --user www-data --group www-data

Verify that it works by visiting https://yoursite.com

Now that it works, setup the server:

mod_wsgi-express setup-server wsgi.py --https-port 443 --https-only --server-name yoursite.com --ssl-certificate-file ssl-certs/cert.pem --ssl-certificate-key-file ssl-certs/privkey.pem --user www-data --group www-data

And start it in the standard way:

/tmp/mod_wsgi-localhost:8000:0/apachectl start

Additional Information:
If you’re using the standard project structure as described in the django tutorials, you need to create wsgi.py in the main project folder.
A sample wsgi.py:

"""
WSGI config for myappointments project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/
"""
import os
import time
import traceback
import signal
import sys
from django.core.wsgi import get_wsgi_application
sys.path.append('/home/joel/myappointments')
sys.path.append('/home/joel/myappointments/venv/lib/python3.6/site-packages')
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "myappointments.settings")
try:
    application = get_wsgi_application()
except Exception:
        # Error loading applications
        if 'mod_wsgi' in sys.modules:
           traceback.print_exc()
           os.kill(os.getpid(), signal.SIGINT)
           time.sleep(2.5)