Using Lets Encrypt Certificates with ArangoDB

For those using stix2arango, arango_taxii_server, or arango_cti_processor on the community version of ArangoDB, here’s how to install free Lets Encrypt certs…

1. Install the Certbot from LetsEncrypt (Certbot instructions)

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install certbot

2. Generate the certificate

Run certbot and answer the prompted questions.

sudo certbot certonly

3. Create the certificate/key bundle required by ArangoDB

ArangoDB requires a single file containing the certificate chain as well as the private key.

cd /etc/letsencrypt/live/  # replace with your domain
cat fullchain.pem privkey.pem > server.pem

4. Grant access to user arangodb

Make sure the ArangoDB user (usually arangodb) can read the server.pem and fullchain.pem files.

chown -R arangodb:arangodb ./etc/letsencrypt/*  # depending on your system

5. Configure ArangoDB to use the certificate

vi /etc/arangodb3/arangod.conf

A. Add the endpoint to the [server] block

endpoint = ssl://

B. Create the [ssl] block before any other block

cafile = /etc/letsencrypt/live/
keyfile = /etc/letsencrypt/live/

C. Save & close

6. Restart the server

service arangodb3 restart
service arangodb3 status  # make sure it's running

7. Set a cron job for auto renewal for the cert

Create the file /etc/letsencrypt/ and paste in the following (replace;

cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /etc/letsencrypt/live/
echo 'OK:'
service arangodb3 restart
echo 'OK: arangodb3 restart'

Edit cronjobs:

vi /etc/crontab

Add job for renewal:

43 44   * * *   root    certbot renew

Related / sources: