1. Home
  2. Framework
  3. Let’s Encrypt – Guide
  1. Home
  2. Misc
  3. Let’s Encrypt – Guide
  1. Home
  2. How To
  3. Let’s Encrypt – Guide

Let’s Encrypt – Guide

Our Let’s Encrypt plugin allows you to issue and manage Let’s Encrypt certificates directly from the Snapt UI.


Step 1: Install the plugin

Navigate to Setup > Modules & Plugins > Add Plugins > Misc >  Lets Encrypt and click the install button.

Step 2: Accept the Terms and Conditions

Once installed navigate to Setup > Let’s Encrypt > Config. Here you will need to accept the terms and conditions, fill in your email address, 2 letter country code and state, then click “Save”. This only needs to be filled in once.activate.png

Step 3: Adding your domain

Navigate to Setup > Let’s Encrypt > Certificates and Click on the “Add Domain” tab.

Fill in the fully qualified domain name(FQDN) for the certificate you want to create and the type of verification.

  • Provisioning a DNS record under,example.com or
  • Provisioning an HTTP resource under a well-known URI on https://example.com/

The verification will need you to add either a TXT record to your domain management or a file on your web server with a verification code that can be accessed by LetsEncrypt to verify that you own the domain.

click “Save”.

Step 4: Verification

Once you save you will be given details of the verification needed to activate the certificate.

DNS TXT VerificationScreen_Shot_2017-11-20_at_9_49_37_AM.png

If you have chosen to use the DNS TXT verification you can go to your domain management and add a TXT entry with the name eg. _acme-challenge.adc.demo1.snapt.net with the verification in the value field

Once saved and propagated you can use dig from the terminal to see if you receive an answer

eg. dig -t txt _acme-challenge.adc.demo1.snapt.net

you should receive a response similar to this

;; ANSWER SECTION:

_acme-challenge.adc.demo1.snapt.net. 600 IN TXT “oYUahZTmiI51nOE4gNgZA5CMSVOiUavMEvuxw6i0-7c” 

This will indicate that the verification code can be seen and verified.

HTTP VerificationScreen_Shot_2017-11-20_at_9_51_08_AM.png

 

A file path has to be added to the document root folder of your website for this verification. From the base folder create folders .well-known/acme-challenge with the file name specified above and add the value into that file.

To confirm that the file resource is accessible, try to navigate to that location from a browser, e.g http://adc.demo1.snapt.net/.well-known/acme-challenge/L1t9d2xoVHd3CGK-Zh5sZdW_GeaCXoYB2I3653hREEE

Balancer or Accelerator Verification

If you already have a Balancer Frontend/Group or Accelerator Frontend configured on Snapt you can also opt for the Balancer or Accelerator Verification. Snapt will make a slight change to your config, but no service disruptions will occur.

We’ll simply place the verification file on the Snapt box, and intercept the Let’s Encrypt inbound traffic to the verification file on Snapt. Using this method, you don’t need to manually create and place the file on your backend server.

Balancer Method

Select the group that is able to accept traffic from the WWW by clicking on the “Click to enable”

Accelerator Method

The same process is followed on the Accelerator side as with the Balancer Verification.

Step 5: Click on Verify Activation to complete the process and download certificates to be placed in Setup > SSL > SSL CertificatesScreen_Shot_2017-11-20_at_10.51.53_AM.png

If you need the certificate to be added to Snapt Balancer you download the PEM certificate, and with the Snapt Accelerator KEY & CRT will be needed.

Updated on May 23, 2019


Was this article helpful?

Related Articles