Working with Let's Encrypt using Roxy-WI
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. Let's Encrypt certificates are valid for 90 days. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation and renewal of certificates for secure websites. Read more.
Roxy-WI allows getting Let's Encrypt certificates via its web interface.
After you press the Get a certificate button, Roxy-WI will connect to a remote server, install Certbot and try to obtain an SSL certificate for your domain using Certbot. If the certificate has been obtained successfully, Roxy-WI will create the cron job to renew it monthly.
The renewing script checks the /etc/letsencrypt/live/ folder and tries to renew all certificates located there. If you delete any folder in this cataloge, the script will not renew the corresponding certificate.
Before obtaining a Let's Encrypt certificate, please follow the checklist below:
- Make sure that the correct A/AAAA DNS record is associated with your domain name (the DNS record holds the correct server's public IP address).
- Make sure that your e-mail address is active and you have access to it.
- Read terms of service and agree with it.
- Make sure that HAProxy, NGINX or Apache are listening on the port 80 (HTTP). Check your firewalls.
-
Make sure that the following settings are applied
for HAProxy:
for NGINX (in case you use it as a proxy server):
for Apache, VirtualHost port 80 (in case you use it as a proxy server):