Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It launched on April 12, 2016.
Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous. By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.
Roxy-WI allows to get Let's Encrypt certificates via the web interface. When you press the button "Get certificate" Roxy-WI connects to remote server, installs the Certbot and tries to obtain a certificate for your domain via the Certbot.
If the certificate has been obtained successfully, Roxy-WI creates a cron job in or to renew your certificate every month.
The renewing script checks the /etc/letsencrypt/live/ folder and tries to renew all certificates located there. Note thant if you delete any folder in /etc/letsencrypt/live/, the script will not renew the corresponding certificate.
Before obtaining a Let's Encrypt certificate please follow the checklist below:
- Make sure that the the correct A/AAA DNS record is bound to the server's public IP address
- Make sure that your e-mail address is active and you have access to it
- Read terms of service and you agree with it
- Make sure that HAProxy is accessible by 80(HTTP) port. Check you firewalls,
Make sure that the following settings are enabled for HAProxy: