| View previous topic :: View next topic |
| Author |
Message |
admin
Site Admin
Joined: 03 Mar 2002
Posts: 963
|
 Posted: Fri Aug 03, 2018 4:17 pm Post subject: How to set a host to use a free certificate (ACME support) |
 |
|
Creating a private key for the ACME account
* Open the console
* Select "SSL/TLS certificates"
* Press "Add" in the "Privates Keys" table
* In the displayed form, enter "LE Key" in "Name"
* Set "Action" to "Generate"
* Set "Type" to RSA 2048. You can choose a higher key length but 2048 is the recommended length for such uses. Anything value equal or below 1024 will not be accepted by the ACME certificate authority later on.
* Press "OK".
A new private key named "LE Key" should now be available in the private keys table.
Declaring an ACME account
* Now press "Edit" in front of the "ACMEBot Parameters"
* Press "Add" in the "ACME Accounts" table
* In the displayed form, enter "LE Account" in "Name"
* Set "Directory URL" to "Let's Encrypt ACME v2"
* Set "Private Key" to "LE Key" (the name of the private key generated previously)
* Set "Contact Email" to your email address. This address will be used by the Let's Encrypt certification authority to notify you about certificate issues and renewals as explained in https://letsencrypt.org/docs/expiration-emails/
* Press "OK" to finish declaring the account.
* Press "OK" twice to go back to the main console screen
Configuring a host to use an ACME certificate
* In the console's main screen, locate the "Hosts" table
* Press "Configure" associated with the host that will use an ACME certificate
* Click on the "General" icon
* Set "Protocol" to "HTTPS" or "HTTP+HTTPS"
* Set "Certificate Type" to "From an ACME account"
* Set "ACME Account" to the "LE Account" (the name of the account created previously)
* Press "OK"
* Press "Restart"
After a server restart, the "Hosts" table will show the updated host with a "Status" containing "HTTPS: Waiting for certificate". You can also check the state of the ACMEBot by selecting "SSL/TLS certificates" in the console and then pressing "View" next to "ACMEBot Status".
The "ACMEBot Status" screen will report queued operations, certificates that require that you perform a manual challenge to prove you have control over a domain name, and errors. That screen is refreshed every 10 seconds.
If everything goes fine, after a few seconds, the ACMEBot will negotiate with the Let's Encrypt certification authority a new certificate and it will restart the server automatically after installing it. In such a case, the host's status will report "Running".
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
  |
 |
admin
Site Admin
Joined: 03 Mar 2002
Posts: 963
|
| Posted: Fri Aug 10, 2018 7:26 pm Post subject: Bug with ACME wildcard certificates |
|
|
We have just discovered a bug with the challenge token displayed for wildcard certificates.
We are fixing it and will keep you updated about our progress. Meanwhile, please expect problems with ACME certificate issuance for wildcard host names (such as *.mysite.com).
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Fri Sep 07, 2018 11:10 pm Post subject: |
|
|
| Thank you for the heads-up! |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 963
|
| Posted: Fri Sep 14, 2018 6:12 pm Post subject: |
|
|
| Lithorien wrote: | | Thank you for the heads-up! |
Thank you. The fix has been made and tested since a long time. Now it's either Beta 2 or the final release. The decision will be made next week.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
|
@abyssws