SSL Configuration on dhis2 instance has not worked

I have had several weeks trying out letsencrypt to set ssl on dhis2 instance but all has not worked. Lastly, I have procured SSL, verified domains with CNAME record yet, unable to server the dhis2 instance over an ssl.
Kindly note that, I have both database server as well app server with a different on different subnets with public IP for the main domain

Please could anyone share his notes with on how to set up this activity.

Thank for helping.

Hi @fosuhene . What is the issue you are having? I understand you cannot set SSL but do you get any error with the Letsncrypt certbot?

Have you followed this guide: Installation - DHIS2 Documentation ?

It is also a bit confusing your explanation about the IPs. You only need one certificate which will be used to encrypt the HTTP connections. Therefore only the webserver (nginx / Apache) needs to be setup with a certificate.

1 Like

Good morning.

I have followed the installation steps.
Now the instance is server over the http however with https, it renders the default apache index page

Is there something I am not doing right?

See screens

I don’t think you have followed the steps correctly. You are missing the redirection HTTP->HTTPS However, I am not sure how Apache works as I am more used to work with nginx. Maybe @bobj or someone else from the CoP can provide some help here.

1 Like

I have followed all the steps to the best of my ability. The issue is ssl is successfully deployed. I am able to access the default apache page with https.

in the default-ssl.conf, DocumentRoot /var/www/html

When I change the documentRoot to /home/dhis/tomcat-dhis/webapps/ROOT I received the error below:

forbidden you don’t have permission to access this resource. apache/2.4.29 (ubuntu) server at port 443

Hi @fosuhene

From your pictures it seems you have properly set up DHIS2 (meaning your Tomcat is listening in the port 80). I am assuming that port considering that you put that URL in the browser without any port and the DHIS2 is presented.

You don’t have to replace the documentRoot to that specific directory in your Apache config. You are setting Apache as a web proxy, that means telling Apache to receive the HTTP(s) connections and forward them to Tomcat.

So, your missing (probably) steps are:

  1. Setting the SSL certificates. This seems you have it right
  2. Telling Apache to forward your HTTP connections to HTTPS this I cannot guess from the pictures
  3. Telling Apache to forward your incoming HTTPS connections to Tomcat (search for example configurations with ProxyPass)

Hope that helps.