Let's Encrypt Certificates are completely 100% free TLS certificates that are generated via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation installation, and renewal of certificates for secure websites. Your PBX implements this same automated process.
This process requires port 80 access to your PBX from world. Ideally you would use System Admin, Port Management, to configure port 80 dedicated to Let's Encrypt renewal.
uses the Let's Encrypt HTTP-01 challenge type which uses http only on port 80. To successfully create/renew an LE cert, all of the following must be satisfied:
Current versions of the PBX firewall and Certificate Management module manage the local firewall rules dynamically during cert creation/renewal.
It's not required, but if you have the Commercial (Full) Sysadmin module, you can specify that a 'LetsEncrypt Only' service listens on port 80. See the Port Management page for more information.
Let's Encrypt certificate creation and validation requires unrestricted inbound http access on port 80 to the Let's Encrypt token directories. If security is managed by the PBX Firewall module, this process
should be automatic. Alternate security methods and external firewalls will require manual configuration.
You can manually enable the custom firewall rule for allowing global access to Lets encrypt token directories by enabling LetsEncrypt Rules under Firewall Advanced settings tab through the GUI or by
running "fwconsole firewall lerules enable" from the CLI and the same can be disabled by disabling LetsEncrypt Rules from GUI or by running "fwconsole firewall lerules disable" from the CLI.
There are several required options to generate a Let's Encrypt Certificate