Some people might want to directly use server HTTP handlers as embedded resource on a website using TLS (HTTPS). Since the default CitizenFX server certificate is for do-not-trust.citizenfx.invalid
, this will not work by default without showing giant security warnings.
Here’s a quick way to replace this with a certificate for your own domain.
Prerequisites
- A domain.
- OpenSSL command-line tool.
Steps
- Create a certificate using a Let’s Encrypt API client (such as ZeroSSL, from the browser). You’ll need to save the ‘domain key’ and ‘domain certificate’ in the end if you’re using ZeroSSL.
- Convert the private key to the right format expected by the server code. Currently, this is non-encrypted PKCS#8 (
BEGIN PRIVATE KEY
), notBEGIN RSA PRIVATE KEY
. To do so:
openssl pkcs8 -topk8 -nocrypt -in domain-key.txt -out server-tls.key
- Copy the certificate file to
server-tls.crt
, and the key file from the above command toserver-tls.key
in your FXServer binary folder (alpine/opt/cfx-server/
for Linux artifacts, the server artifact directory for Windows). There should already be one there if you’ve run your server before, replace it. - Go to
https://domain.example:30120/
(of course, using the right domain pointed to your server address, and the right port), and you should see no certificate warning show up. - Make sure to renew the certificate when required, or set up a command-line LE client for automation.