This guide explains how to set up SSL certificates and enable HTTPS for your Markdown Web server.
- Domain Configuration: Your domain must point to this server
- Root Access: SSL setup requires root privileges
- Port Access: Ports 80 and 443 must be open and available
- Server IP:
52.56.73.116 - Domain:
server.vultuk.io - Current Domain IP:
100.103.217.79❌ (Needs updating)
server.vultuk.io to 52.56.73.116.
You can verify this works by running:
dig +short server.vultuk.ioThe command should return 52.56.73.116.
Once DNS is correctly configured, run the SSL setup script:
# Basic setup (uses default domain and email)
sudo ./scripts/setup-ssl.sh
# Custom domain and email
sudo ./scripts/setup-ssl.sh your-domain.com your-email@domain.comThis script will:
- Verify DNS configuration
- Stop any conflicting web servers
- Generate Let's Encrypt SSL certificates
- Set up automatic renewal
- Configure proper permissions
After SSL certificates are generated, you can start the HTTPS server:
sudo ./scripts/start-https.shnpm run start:httpssudo node dist/server/https-server.jsFor production deployments, install as a systemd service:
# Copy service file
sudo cp scripts/markdown-web-https.service /etc/systemd/system/
# Reload systemd
sudo systemctl daemon-reload
# Enable and start service
sudo systemctl enable markdown-web-https
sudo systemctl start markdown-web-https
# Check status
sudo systemctl status markdown-web-https- ✅ Dual Protocol: Serves both HTTP (port 80) and HTTPS (port 443)
- ✅ Auto Redirect: HTTP traffic automatically redirects to HTTPS
- ✅ ACME Support: Allows Let's Encrypt certificate challenges
- ✅ Auto Renewal: Certificates renew automatically
- ✅ Graceful Fallback: Falls back to HTTP-only if certificates are missing
- ✅ TLS 1.2/1.3: Modern encryption protocols
- ✅ Certificate Chain: Full certificate chain validation
- ✅ HSTS Ready: Prepared for HTTP Strict Transport Security
- ✅ Secure Headers: Security-focused HTTP headers
- SSL Certificates:
/etc/letsencrypt/live/server.vultuk.io/ - HTTPS Server:
dist/server/https-server.js - Setup Script:
scripts/setup-ssl.sh - Startup Script:
scripts/start-https.sh - Service File:
scripts/markdown-web-https.service
- Check DNS configuration:
dig +short your-domain.com - Ensure ports 80/443 are open in firewall
- Stop any existing web servers
- Check Let's Encrypt rate limits
- Check if certificates exist:
ls -la /etc/letsencrypt/live/ - Verify file permissions
- Check for port conflicts:
sudo netstat -tlnp | grep :443 - Review server logs
- Verify DNS propagation (can take up to 48 hours)
- Check firewall rules
- Ensure security groups allow HTTP/HTTPS traffic (AWS)
- Test with curl:
curl -I https://your-domain.com
# Check certificate status
sudo certbot certificates
# Renew certificates manually
sudo certbot renew
# Test certificate renewal
sudo certbot renew --dry-run
# View service logs
sudo journalctl -u markdown-web-https -f
# Restart service
sudo systemctl restart markdown-web-https
# Stop all servers
sudo pkill -f "node.*server"- Firewall: Ensure ports 80 and 443 are open
- Auto-start: Use the systemd service for automatic startup
- Monitoring: Monitor certificate expiration (auto-renewal should handle this)
- Backups: Consider backing up
/etc/letsencrypt/directory - Rate Limits: Let's Encrypt has rate limits (50 certs per domain per week)
If you encounter issues:
- Check the troubleshooting section above
- Review server and system logs
- Verify DNS and network configuration
- Ensure all prerequisites are met