Let's Encrypt is a non-profit certificate authority operated by the Internet Security Research Group (ISRG). It provides X.509 certificates for Transport Layer Security (TLS) encryption at no cost. Let's Encrypt certificates are valid for 90 days and come with an automated process that simplifies the creation, validation, signing, installation, and renewal of certificates for secure websites. To learn more about Let's Encrypt, click here.

Roxy-WI enables users to obtain Let's Encrypt certificates through its web interface.

Go to the HAProxy/NGINX/Apache => SSL certificates section and click Create. Fill out the form by selecting the server, choosing the DNS servers you are using, entering one or more domains for the sertificate, and providing your email and a certificate descriprtion.

After you fill out the form and click Create, Roxy-WI will connect to a remote server, install Certbot, and attempt to obtain an SSL certificate for your domain. If the certificate is successfully obtained, Roxy-WI will set up a cron job to renew it automatically every month.

The renewal script checks the /etc/letsencrypt/live/ directory and attempts to renew all certificates located within it. If you delete any folder in this directory, the script will not renew the corresponding certificate.

In the SSL certificates section, you can also view the uploaded certificates and also upload your own SSL certificate.

Before obtaining a Let's Encrypt certificate, please follow the checklist below:

1. Ensure that the correct A/AAAA DNS record is associated with your domain name (the DNS record should point to the correct public IP address of your server).
2. Verify that your email address is active and accessible.
3. Read the terms of service and agree to them.
4. Ensure that HAProxy, NGINX, or Apache is listening on port 80 (HTTP). Check your firewall settings to ensure that traffic is allowed.
5. Ensure that the following settings are applied
   for HAProxy:
   
   for NGINX (if you are using it as a proxy server):
   
   for Apache, VirtualHost port 80 (if you are using it as a proxy server):