Let's Encrypt Certificates are completely 100% free certificates that are generated via an automated process designed to eliminate the current complex process of manual creation, validation, signing,
installation, and renewal of certificates for secure websites. Your PBX implements this same automated process.
This process requires port 80 access to your PBX from outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org and mirror2.freepbx.org. Using world. Ideally you would use System Admin, Port Management, configure either the Admin interface or UCP to respond on port 80to configure port 80 dedicated to Let's Encrypt renewal.
If you have the Commercial (Full) Sysadmin module, you can specify that a 'LetsEncrypt Only' service listens on port 80. See the Port Management page for more information.
Let's Encrypt certificate creation and validation requires unrestricted inbound http access on port 80 to the Let's Encrypt token directories. If security is managed by the PBX Firewall module, this process
should be automatic. Alternate security methods and external firewalls will require manual configuration.
You can manually enable the custom firewall rule for allowing global access to Lets encrypt token directories by enabling LetsEncrypt Rules under Firewall Advanced settings tab through the GUI or by
running "fwconsole firewall lerules enable" from the CLI and the same can be disabled by disabling LetsEncrypt Rules from GUI or by running "fwconsole firewall lerules disable" from the CLI.
There are several required options to generate a Let's Encrypt Certificate
You can then later reference this CSR/Private Key when you upload your certificate:
Change Certificate Validity period
You can change the value of the validity period (2 years by default).
Go to Advanced Settings menu and Certificate Manager partand enter a new value (in days). E.g: 2 years = 730 days.
|Do it before generate any certificates.|
Delete Self-Signed CA
You can delete the self signed certificate authority at any time by clicking the red button labeled "Delete Self-Signed CA".