Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Let's Encrypt Certificates are completely 100% free certificates that are generated via an automated process designed to eliminate the current complex process of manual creation, validation, signing,

installation, and renewal of certificates for secure websites. Your PBX implements this same automated process.

Note

This process requires port 80 access to your PBX from outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org and mirror2.freepbx.org. Using world. Ideally you would use System Admin, Port Management, configure either the Admin interface or UCP to respond on port 80to configure port 80 dedicated to Let's Encrypt renewal.


If you have the Commercial (Full) Sysadmin module, you can specify that a 'LetsEncrypt Only' service listens on port 80. See the Port Management page for more information.

Image Removed


Let's Encrypt certificate creation and validation requires unrestricted inbound http access on port 80 to the Let's Encrypt token directories. If security is managed by the PBX Firewall module, this process

should be automatic. Alternate security methods and external firewalls will require manual configuration.


You can manually enable the custom firewall rule for allowing global access to Lets encrypt token directories by enabling LetsEncrypt Rules under Firewall Advanced settings tab through the GUI or by

running "fwconsole firewall lerules enable" from the CLI and the same can be disabled by disabling LetsEncrypt Rules from GUI or by running "fwconsole firewall lerules disable" from the CLI.


Image Added


There are several required options to generate a Let's Encrypt Certificate

...

You can then later reference this CSR/Private Key when you upload your certificate:

Change Certificate Validity period

You can change the value of the validity period (2 years by default).
Go to Advanced Settings menu and Certificate Manager partand enter a new value (in days). E.g: 2 years = 730 days.

Image Added

Info
Do it before generate any certificates.

Delete Self-Signed CA

You can delete the self signed certificate authority at any time by clicking the red button labeled "Delete Self-Signed CA".

...