Applies to Platform: UTM 5.1
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
It's possible to generate certificate with Let's Encrypt directly from the Endian GUI. In order to accomplish that you must need to:
- assure your firewall is up to date and your version of Endian OS is 5.1 or higher
- DNS record type A that will associate your domain to your public IP
- publish port 80 of your Endian appliance. No port forward on device behind the Endian appliance on port 80. The Endian must answer on all the request on port 80 directly
Once all the above requirement are satisfied is possible to start with the certificate creation.
Navigate the GUI to the VPN > Certificates page.
Click on Add new certificate. In the new page select under the Action drop down menu the item with "Generate Let's Encrypt certificate".
The only mandatory fields are the Common name and the PKCS12 file password, with confirmation. All the other field are optional. In case one or more Subject alternative name is needed, is possible to select additional DNS/IP/mail and press Add for specify more.
Once all the field are set, press Add on the bottom of the form in order to save and generate the certificate
In case everything has been set in the correct way a confirmation message will be displayed on the board and the new certificate will be listed.
The certificate creation also create a new Certificate Authority that is automatically added to the available ones.
Is possible to see several information about the certificate by clicking on.
If the certificate creation fails, the possible causes are:
- DNS record is not set correctly
- the port 80 of the Endian is not published
- incorrect common name entered
Please verify all those points and retry the creation.
In case of failure the GUI will show the following message: