Open in app

Sign in

Write

Sign in

Securing Django site with Plesk using Let’s Encrypt

Phoebe Bright
3 min readNov 15, 2017

--

A straight django site or using the Let’s Encrypt Plugin with Plesk is already well described elsewhere, but it took a few goes to get it working where django is running on a VPS managed with Plesk.

This setup has Plesk Onyx 17.5.3 Update #29, Ubuntu 14,04 and Django 1.9.7

Install the Let’s Encrypt plugin for Plesk, but don’t try using it yet. You only get limited attempts within a week.

Modify your django urls.py file to include the following line

url(r'^\.well-known/acme-challenge/(?P<path>.+)$', 'django.views.static.serve',
       {'document_root': os.path.join(settings.PROJECT_ROOT, ".well-known/acme-challenge")}),

You might have a different setting for the path to your app, here it is PROJECT_PATH but also commonly called BASE_PATH

You will need the correct permissions so that when you run Let’s Encrypt it will want be able to create the directory .well-known/acme-challenge and add the challenge key file. In plesk, select Web Hosting Access and check the username, here mypleskuser

Make this user, the owner of the django directory with the app in.

Copy additional Apache directives if you have them. In Plesk, In Apache and Nginx Settings, there is a form for additional directives, one for http and one for https. Check they are the same.

In Plesk, click on Let’s Encrypt, and proceed as instructed. Hopefully you will get a green bar saying it all worked and you can now access your site with https.

There are django settings that should be setup. I’ve used these, but read the django docs https://docs.djangoproject.com/en/1.10/topics/security/#ssl-https for more info. Don’t apply these settings until you have https working correctly.

SESSION_COOKIE_SECURE=True
SESSION_COOKIE_HTTPONLY=True
SECURE_SSL_REDIRECT=True

Go to your site using http and it should now redirect to https and work as before.

Subdomains and Plesk

As I had subdomains setup for different parts of the django app and had to secure these separately, I ended up with the challenge being written to what plesk thought was the html site but the django code elsewhere. It was easier to let Let’s Encrypt write to plesk “site” and redirect references there than try and get django to manage the urls. Adding this to the additional directives described above, fix this:

Alias /.well-known/acme-challenge /var/www/vhosts/mysite.com/admin.mysite.com/.well-known/acme-challenge
<Directory /var/www/vhosts/mysite.com/admin.mysite.com/.well-known/acme-challenge>
 Order deny,allow
 Allow from all
 Require all granted
</Directory>
Ssl
Django
Plesk

--

--

Phoebe Bright

Written by Phoebe Bright

45 Followers

Wide ranging writings — Horse, tech and horse technology, future thinking and scenario planning.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams