Working with Let's Encrypt using Roxy-WI
Let's Encrypt is a non-profit certificate authority operated by the Internet Security Research Group (ISRG). It provides X.509 certificates for Transport Layer Security (TLS) encryption at no cost. Let's Encrypt certificates are valid for 90 days and come with an automated process that simplifies the creation, validation, signing, installation, and renewal of certificates for secure websites. To learn more about Let's Encrypt, click here.
Roxy-WI enables users to obtain Let's Encrypt certificates through its web interface.
Go to the HAProxy/NGINX/Apache => SSL certificates section and click Create. Fill out the form by selecting the server, choosing the DNS servers you are using, entering one or more domains for the sertificate, and providing your email and a certificate descriprtion.
After you fill out the form and click Create, Roxy-WI will connect to a remote server, install Certbot, and attempt to obtain an SSL certificate for your domain. If the certificate is successfully obtained, Roxy-WI will set up a cron job to renew it automatically every month.
The renewal script checks the /etc/letsencrypt/live/ directory and attempts to renew all certificates located within it. If you delete any folder in this directory, the script will not renew the corresponding certificate.
In the SSL certificates section, you can also view the uploaded certificates and also upload your own SSL certificate.
Before obtaining a standalone certificate, please follow the checklist below:
- Ensure that the correct A/AAAA DNS record is associated with your domain name (the DNS record should point to the correct public IP address of your server).
- Verify that your email address is active and accessible.
- Read the terms of service and agree to them.
- Ensure that HAProxy, NGINX, or Apache is listening on port 80 (HTTP). Check your firewall settings to ensure that traffic is allowed.
-
Ensure that the following settings are applied
for HAProxy:
for NGINX (if you are using it as a proxy server):
for Apache, VirtualHost port 80 (if you are using it as a proxy server):
Example
Let's explore an example of how to obtain an SSL certificate using Roxy-WI alongside AWS. You can acquire both standard SSL certificates and wildcard certificates, which allow you to secure multiple subdomains under a single domain.
Go to the HAProxy/NGINX/Apache => SSL certificates section and click Create. Fill out the form:
1. Choose the server for which you want to obtain the SSL certificate.
2. In the "Type" field, select Route 53 as your DNS provider.
3. Enter your domain name or multiple domains, separating them with a comma or space.
4. Enter your Access Key ID and Secret Access Key. You can obtain these credentials from your AWS Management Console.
5. Optionally, provide a description for the certificate.
After filling out the form, click Create. Roxy-WI will connect to a remote server, install Certbot, and initiate the process of obtaining an SSL certificate for your specified domain(s).
If the certificate is successfully obtained, Roxy-WI will configure a cron job to automatically renew the certificate every 60 days, ensuring continuous secure access to your site.