> For the complete documentation index, see [llms.txt](https://docs.human-connection.org/human-connection/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.human-connection.org/human-connection/deployment/digital-ocean/https.md). # HTTPS Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) and install certmanager via helm and tiller: [This resource was also helpful](https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html#installing-with-helm) ```bash $ kubectl create serviceaccount tiller --namespace=kube-system $ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin $ helm init --service-account=tiller $ helm repo add jetstack https://charts.jetstack.io $ helm repo update $ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml $ helm install --name cert-manager --namespace cert-manager --version v0.11.0 jetstack/cert-manager ``` ## Create Letsencrypt Issuers and Ingress Services Copy the configuration templates and change the file according to your needs. ```bash # in folder deployment/digital-ocean/https/ cp templates/issuer.template.yaml ./issuer.yaml cp templates/ingress.template.yaml ./ingress.yaml ``` At least, **change email addresses** in `issuer.yaml`. For sure you also want to *change the domain name* in `ingress.yaml`. Once you are done, apply the configuration: ```bash # in folder deployment/digital-ocean/https/ $ kubectl apply -f . ``` By now, your cluster should have a load balancer assigned with an external IP address. On Digital Ocean, this is how it should look like: ![Screenshot of Digital Ocean dashboard showing external ip address](/files/-LevNl7PYbNEUyZkcEhI) Check the ingress server is working correctly: ```bash $ curl -kivL -H 'Host: ' 'https://' ``` If the response looks good, configure your domain registrar for the new IP address and the domain. Now let's get a valid HTTPS certificate. According to the tutorial above, check your tls certificate for staging: ```bash $ kubectl describe --namespace=human-connection certificate tls $ kubectl describe --namespace=human-connection secret tls ``` If everything looks good, update the issuer of your ingress. Change the annotation `certmanager.k8s.io/issuer` from `letsencrypt-staging` to `letsencrypt-prod` in your ingress configuration in `ingress.yaml`. ```bash # in folder deployment/digital-ocean/https/ $ kubectl apply -f ingress.yaml ``` Delete the former secret to force a refresh: ``` $ kubectl --namespace=human-connection delete secret tls ``` Now, HTTPS should be configured on your domain. Congrats. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.human-connection.org/human-connection/deployment/digital-ocean/https.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.