Let\u2019s Encrypt<\/h2>\n
Getting started with Let\u2019s Encrypt (LE for short) requires minimal knowledge of certificate architectures but does require a working knowledge of Unix or Windows systems. LE employs an automated approach to certificate creation and management via the IETF protocol specification called \u201cAutomated Certificate Management Environment\u201d (ACME).\u00a0ACME\u00a0provides increased security paradigm through automation. Some of the advantages of this approach are shown below:<\/p>\n
- \n
- Automated certificate creation, renewal and revocation<\/li>\n
- Domain Name\/Owner Validation<\/li>\n
- Cross Signed Certificates Capability<\/li>\n
- ACME Based<\/li>\n
- Extensible<\/li>\n<\/ul>\n
To learn more about Let\u2019s Encrypt, please visit their homepage at https:\/\/letsencrypt.org\/<\/a> and if you\u2019d like to know straight to the tech this link https:\/\/letsencrypt.org\/how-it-works\/<\/a> has more detail.<\/p>\n
Now, let\u2019s get started on creating LE certificates and using them with Couchbase.<\/p>\n<\/div>\n<\/div>\n
\n\nSecuring Couchbase<\/h2>\n
<\/p>\n
Creating certificates with LE for use with any application is easy and for Couchbase server it is just as simple as issuing a few commands. There are prerequisites which should be understood before jumping in. They\u00a0are discussed within current Couchbase Server documentation and the LE web site.<\/p>\n
- \n
- Couchbase Resources
\nhttps:\/\/developer.couchbase.com\/documentation\/server\/4.5\/security\/security-comm-encryption.html <\/a>
\nhttps:\/\/developer.couchbase.com\/documentation\/server\/current\/security\/security-x509certsintro.html<\/a><\/li>\n<\/ul>\n- \n
- LetsEncrypt.com<\/li>\n<\/ul>\n
https:\/\/letsencrypt.org\/getting-started\/<\/a><\/p>\n<\/div>\n<\/div>\n
\n\nCreate Certificates with CertBot<\/h2>\n
Prior to creating and installing certificates you need to get the LE automated tool called CertBot.<\/p>\n
Pre-requisites<\/h3>\n
To install CertBot, the automated certificate tool from Let\u2019s Encrypt, there are two ways.<\/p>\n
- \n
- From your OS provider: Visit https:\/\/certbot.eff.org\/<\/a> and choose your OS<\/li>\n
- Through GitHub: requires you have \u201cgit\u201d installed<\/li>\n<\/ol>\n
Once you\u2019ve installed CertBot you\u2019re ready to start creating certificates.<\/p>\n
\nNote: There are some caveats such as deploying in the cloud or in a system not on the edge. Pay attention to your connection to the client or the internet when deciding network and server topologies with Let\u2019s Encrypt.<\/p>\n
\n<\/div>\n<\/div>\n\n\nThe following steps were used with instances in Amazon AWS to create certificates for use with Couchbase Server. Your steps should be similar but we provide these steps as an example.<\/p>\n
<\/p>\n
1. Run certbot from the command line the first time with \u2018-h’ option:<\/p>\n
# cd certbot\/<\/span><\/span>\r\n # .\/certbot-auto -h<\/span><\/span>\r\n<\/code><\/pre>\n<\/p>\n
2. Start the certificate creation dialog in Manual Mode for prompt driven creation<\/p>\n
# .\/certbot-auto certonly \u2013manual \u2013standalone<\/span><\/span>\r\n<\/code><\/pre>\n<\/p>\n
3. Accept the license<\/p>\n
4. Acknowledge how to validate the domain is yours (web server or standalone built-in pythons server)<\/p>\n
5. provide a valid public DNS host name<\/p>\n
6. provide a valid email address<\/p>\n
Figure: Example of a valid hostname<\/p>\n
![\"](\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/06\/valid_example_hostname.png\")
<\/p>\nThe screenshot above is from the setup screens used during request configuration.<\/p>\n
<\/p>\n
# certbot-auto certonly --email info@DOMAIN.com \\<\/span><\/span>\r\n --agree-tos manual --renew-by-default \\\r\n --authenticator standalone<\/code><\/pre>\n<\/p>\n
If certificate creation was successful you\u2019ll see a message like so:<\/p>\n
IMPORTANT NOTES:\r\n - Congratulations!<\/span> Your certificate and chain have been saved at\r\n \/etc\/letsencrypt\/live\/yourdomain.com\/fullchain.pem. Your cert will\r\n expire on <<\/span>30<\/span> days later><\/span>. To obtain a new version of the certificate in<\/span><\/span>\r\n the future, simply run CertBot again.\r\n<\/code><\/pre>\n<\/p>\n
To ensure certificates were saved properly you can list out the directory contents like so:<\/p>\n
ls<\/span> -l<\/span> etc\/letsencrypt\/live\/yourdomain.com\/<\/code><\/pre>\n<\/p>\n<\/div>\n<\/div>\n
\n\nCertificate Subject Alternative Name (SAN) Configuration<\/h3>\n
It is\u00a0likely that the certificate will be addressed as more than one name. You can add additional names to a certificate, also called Subject Alternative Name (SAN). An example of creating a certificate for multiple domains using SAN is shown below:<\/p>\n
certbot-auto certonly --email info@DOMAIN.com --agree-tos manual --renew-by-default \/\r\n -d<\/span> www.DOMAIN.com \/\r\n -d<\/span> DOMAIN.com -d<\/span> autoconfig.DOMAIN.com \/\r\n -d<\/span> www.DOMAIN2.com \/\r\n -d<\/span> DOMAIN2.com \/\r\n -d<\/span> autoconfig.DOMAIN2.com --authenticator standalone<\/code><\/pre>\n<\/p>\n
Once satisfied with your certificate creation and preparation it is time to add certificates to Couchbase Server.<\/p>\n
<\/p>\n<\/div>\n<\/div>\n
\n\nDeploy Certificates to Couchbase<\/h2>\n
Preparation<\/h2>\n
Once certificate creation has completed successfully you must use a set of command line tools to make sure Couchbase can access the certificates. The full description is\u00a0in the Couchbase server documentation link shown and an example setup will be provided in the following paragraphs.<\/p>\n
https:\/\/developer.couchbase.com\/documentation\/server\/current\/security\/security-x509certsintro.html<\/a><\/p>\n
In order for the LE certificates to be used for encryption you are required to provide the \u201cCA root\u201d certificate from LE. The following link provides a diagram and a description of the hierarchy about\u00a0the CA.<\/p>\n
https:\/\/letsencrypt.org\/certificates\/<\/a><\/p>\n
<\/p>\n
The CA diagram itself is shown here: https:\/\/letsencrypt.org\/certs\/isrg-keys.png<\/a><\/p>\n
<\/p>\n
Importing certificates<\/h2>\n
Importing certificates to Couchbase server must be done on each node. Additionally, a special directory called \u201cinbox\u201d in the Couchbase server directory is used to store the certificates. Take special care when running the commands as root so as not to damage anything in the Couchbase server directory. Ensure owner and group are set to \u201ccouchbase\u201d for the \u201cinbox\u201d directory and all files inside.<\/p>\n
<\/p>\n
\nThis procedure must be completed on each node. Each node must also have a DNS addressable hostname or use a reverse proxy like NGinX or other method. For more information go to https:\/\/www.letsencrypt.com\/documentation or refer to following guides: https:\/\/github.com\/certbot\/certbot\/wiki\/Links<\/p>\n
\n<\/p>\n
1.\u00a0\u00a0 \u00a0Download the CA-Root Cert
\na.\u00a0\u00a0 \u00a0Using your browser save the text shown here:
\nI.\u00a0\u00a0 \u00a0https:\/\/www.identrust.com\/certificates\/trustid\/root-download-x3.html to a plaintext file such as: \u00a0 \u00a0lets-encrypt-x3-rootCA.pem
\nb.\u00a0\u00a0 \u00a0Format the key inside the file like below and save as plain text (not RTF or anything else)
\nI.\u00a0\u00a0 \u00a0—–BEGIN CERTIFICATE—–
\n—–END CERTIFICATE—–
\n2.\u00a0\u00a0 \u00a0Create the Couchbase Server \u201cInbox\u201d directory
\na.\u00a0\u00a0 \u00a0mkdir \/opt\/couchbase\/var\/lib\/couchbase\/inbox
\n3.\u00a0\u00a0 \u00a0Change permissions from \u201croot\u201d to \u201ccouchbase\u201d
\na.\u00a0\u00a0 \u00a0chown couchbase:couchbase \u2013R \/opt\/couchbase\/var\/lib\/couchbase\/inbox
\n4.\u00a0\u00a0 \u00a0Make the \u201cinbox\u201d your current working directory
\na.\u00a0\u00a0 \u00a0cd \/opt\/couchbase\/var\/lib\/couchbase\/inbox
\n5.\u00a0\u00a0 \u00a0Copy certificates created with Let\u2019s Encrypt to the inbox
\na.\u00a0\u00a0 \u00a0cp \/etc\/letsencrypt\/live\/your.domain.com\/cert1.pem .
\nb.\u00a0\u00a0 \u00a0cp \/etc\/letsencrypt\/live\/your.domain.com\/pkey1.pem .
\nc.\u00a0\u00a0 \u00a0cp \/etc\/letsencrypt\/live\/your.domain.com\/fullchain.pem chain.pem
\n6.\u00a0\u00a0 \u00a0Convert the private key to RSA
\na.\u00a0\u00a0 \u00a0openssl rsa -in pkey.pem > pkey.key
\n7.\u00a0\u00a0 \u00a0Import the different certificates to Couchbase Server
\na.\u00a0\u00a0 \u00a0Import the ROOT-CA Cert to Couchbase
\nI.\u00a0\u00a0 \u00a0\/opt\/couchbase\/bin\/couchbase-cli ssl-manage -c localhost –upload-cluster-ca=lets-encrypt-x3-rootCA.pem -u <admin_user> -p <admin_password>
\nb.\u00a0\u00a0 \u00a0Import the RSA converted private key on the node
\nI.\u00a0\u00a0 \u00a0\/opt\/couchbase\/bin\/couchbase-cli ssl-manage -c localhost –set-node-certificate\u00a0 -u <admin_user> -p <admin_password><\/p>\n<\/p>\n<\/div>\n<\/div>\n
\n\nTesting the configuration<\/h2>\n
To test if the configuration is working, open a web browser like FireFox, I.E. or Chrome version 50.x to the server URL via HTTPS like so:<\/p>\n
https:\/\/myurl.com:18091\/<\/p>\n
<\/p>\n
You will\u00a0see an image like\u00a0the following in the address bar signifying the UI is now secured.<\/p>\n
<\/p>\n
![\"](\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/06\/hopto_org.png\")
<\/p>\n<\/p>\n
This is the same port you use at the application tier to secure communications between the application and the server.<\/p>\n
<\/p>\n
If you need additional assistance with x.509 certificates you can refer to Couchbase 4.5 documentation here: https:\/\/developer.couchbase.com\/documentation\/server\/4.5\/admin\/admin-intro.html<\/a><\/p>\n
<\/p>\n
You may also\u00a0send an email to austin.gonyou@couchbase.com<\/a> or Don.Pinto@couchbase.com<\/a><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Summary Securing data and access to data for application data is an important step in securing your environment for client applications and database protection in any sized environment. One of the simplest methods to secure data is the access path […]<\/p>\n","protected":false},"author":50,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1816,1813],"tags":[1640,1660,9262,1658],"ppma_author":[9024],"class_list":["post-2279","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-server","category-security","tag-couchbase-4-5","tag-ssl","tag-tls-encryption","tag-x-509-certificates"],"acf":[],"yoast_head":"\n
Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates\" \/>\n<meta property=\"og:description\" content=\"Summary Securing data and access to data for application data is an important step in securing your environment for client applications and database protection in any sized environment. One of the simplest methods to secure data is the access path […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-22T05:09:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:06:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/06\/valid_example_hostname.png\" \/>\n\t<meta property=\"og:image:width\" content=\"295\" \/>\n\t<meta property=\"og:image:height\" content=\"60\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Austin Gonyou, Solutions Engineer, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Austin Gonyou, Solutions Engineer, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\"},\"author\":{\"name\":\"Austin Gonyou, Solutions Engineer, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2af7d073b54a8723d45b386488b6c23d\"},\"headline\":\"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates\",\"datePublished\":\"2016-06-22T05:09:47+00:00\",\"dateModified\":\"2025-06-14T06:06:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\"},\"wordCount\":1204,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Couchbase 4.5\",\"SSL\",\"TLS encryption\",\"x.509 certificates\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Server\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\",\"name\":\"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2016-06-22T05:09:47+00:00\",\"dateModified\":\"2025-06-14T06:06:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2af7d073b54a8723d45b386488b6c23d\",\"name\":\"Austin Gonyou, Solutions Engineer, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/a39ad9071c4f649bd25a834bc382587c\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d245d5b88af47043c834d9fc35101db4840440c89169a9a6b2460ceec055a7bc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d245d5b88af47043c834d9fc35101db4840440c89169a9a6b2460ceec055a7bc?s=96&d=mm&r=g\",\"caption\":\"Austin Gonyou, Solutions Engineer, Couchbase\"},\"description\":\"Austin Gonyou is a Solutions Engineer at Couchbase from past 4 years. Austin brings technical solutions about Couchbase NoSQL Document Database server and mobile conversations facilitated by inside, mid-level, and enterprise sales staff for our prospects and customers.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/austin-gonyou\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/","og_locale":"en_US","og_type":"article","og_title":"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates","og_description":"Summary Securing data and access to data for application data is an important step in securing your environment for client applications and database protection in any sized environment. One of the simplest methods to secure data is the access path […]","og_url":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/","og_site_name":"The Couchbase Blog","article_published_time":"2016-06-22T05:09:47+00:00","article_modified_time":"2025-06-14T06:06:19+00:00","og_image":[{"width":295,"height":60,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/06\/valid_example_hostname.png","type":"image\/png"}],"author":"Austin Gonyou, Solutions Engineer, Couchbase","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Austin Gonyou, Solutions Engineer, Couchbase","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/"},"author":{"name":"Austin Gonyou, Solutions Engineer, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2af7d073b54a8723d45b386488b6c23d"},"headline":"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates","datePublished":"2016-06-22T05:09:47+00:00","dateModified":"2025-06-14T06:06:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/"},"wordCount":1204,"commentCount":1,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Couchbase 4.5","SSL","TLS encryption","x.509 certificates"],"articleSection":["Best Practices and Tutorials","Couchbase Server","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/","url":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/","name":"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2016-06-22T05:09:47+00:00","dateModified":"2025-06-14T06:06:19+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/securing-couchbase-using-lets-encrypt-x-509-certificates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing Couchbase Server using Let\u2019s Encrypt x.509 Certificates"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/2af7d073b54a8723d45b386488b6c23d","name":"Austin Gonyou, Solutions Engineer, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/a39ad9071c4f649bd25a834bc382587c","url":"https:\/\/secure.gravatar.com\/avatar\/d245d5b88af47043c834d9fc35101db4840440c89169a9a6b2460ceec055a7bc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d245d5b88af47043c834d9fc35101db4840440c89169a9a6b2460ceec055a7bc?s=96&d=mm&r=g","caption":"Austin Gonyou, Solutions Engineer, Couchbase"},"description":"Austin Gonyou is a Solutions Engineer at Couchbase from past 4 years. Austin brings technical solutions about Couchbase NoSQL Document Database server and mobile conversations facilitated by inside, mid-level, and enterprise sales staff for our prospects and customers.","url":"https:\/\/www.couchbase.com\/blog\/author\/austin-gonyou\/"}]}},"authors":[{"term_id":9024,"user_id":50,"is_guest":0,"slug":"austin-gonyou","display_name":"Austin Gonyou, Solutions Engineer, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/d245d5b88af47043c834d9fc35101db4840440c89169a9a6b2460ceec055a7bc?s=96&d=mm&r=g","author_category":"","last_name":"Gonyou","first_name":"Austin","job_title":"","user_url":"","description":"Austin Gonyou is a Solutions Engineer at Couchbase from past 4 years.\r\nAustin brings technical solutions about Couchbase NoSQL Document Database server and mobile conversations facilitated by inside, mid-level, and enterprise sales staff for our prospects and customers."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=2279"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2279\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=2279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=2279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=2279"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - Through GitHub: requires you have \u201cgit\u201d installed<\/li>\n<\/ol>\n
- From your OS provider: Visit https:\/\/certbot.eff.org\/<\/a> and choose your OS<\/li>\n
- LetsEncrypt.com<\/li>\n<\/ul>\n
- Couchbase Resources