Integration with Let's Encrypt CA24 minutes to read
Maintaining a threat-free network requires much more than just securing your domains with SSL certificates. For organizations that deal with a large SSL environment, the process of purchasing, deploying and renewing SSL certificates often proves to be cumbersome, time-consuming and has hardly been straightforward. Oversight, manual errors, improper configuration, weak ciphers, and expiration often lead to downtimes, compliance issues and security breaches. Certificate life-cycle management is a practice that streamlines certificate management process by automating acquisition, issue, deployment, re-issue, renewal and revoking of certificates. Key Manager Plus facilitates end-to-end certificate life-cycle management for your public facing websites by integrating with the renowned open Certificate Authority, Let's Encrypt. This means you can procure domain validated certificates from Let's Encrypt for your public domains, deploy, track, request alerts on expiry, renew certificates; everything done entirely from the product interface. You can request, procure, deploy, monitor, track and renew certificates from Let's Encrypt CA directly from Key Manager Plus interface. Before you proceed with the integration, complete the following step as a prerequisite: Prerequisite Add the following base URL and port as an exception in your firewall or proxy to ensure Key Manager Plus is able to connect to Let's Encrypt's CA Services. Follow the step-by-step procedure below to integrate Let's Encrypt with Key Manager Plus: 1. Create a Let's Encrypt AccountThe first step in requesting for certificates from Let's Encrypt CA is creating an account with Let's Encrypt. This is a one-time process and can be done from Key Manager Plus interface itself. To create Let's Encrypt account,
Once your account is created, you can update the account email address, delete it from Key Manager Plus, or deactivate the account entirely. Please note that deleting the account only removes it from Key Manager Plus. Even if you delete the account here, it will still be active in the Let's Encrypt portal. To add the same account back to Key Manager Plus, export the key and use the Add Account option with the same details used before. However, if you select the Deactivate option while deleting the account, then the Let's Encrypt account will be removed completely and you cannot add it back to Key Manager Plus with the same details. Note: This privilege is available for only the administrator users and only one Let's Encrypt account can be created from Key Manager Plus. 2. Raise a Certificate RequestAfter creating an account with Let's Encrypt, you have to generate a certificate request. You are then presented with a challenge which you have to fulfill in order for Let's Encrypt to validate your domain and issue the certificate.
Note: Key Manager Plus supports wildcard certificate requests for DNS based challenges. For wildcard certificate requests, enter the common name in the format *.domainname.com To configure your DNS account,
2.1 Azure DNS
2.2 Cloudflare DNS
2.3 AWS Route 53 DNS
To grant the required permissions:
2.4 RFC2136 DNS UpdateIf you are using open source DNS servers such as Bind, PowerDNS etc., that support RFC2136 DNS update, follow the steps below to automate DNS-based domain control validation procedure using Key Manager Plus.
2.5 GoDaddy DNSIf you are using GoDaddy DNS for DNS validation, follow the steps below to automate DNS-based domain control validation procedure using Key Manager Plus: Steps to Obtain GoDaddy API Credentials:
Now, in Key Manager Plus interface, follow the below steps to add GoDaddy DNS to Let's Encrypt CA:
2.6 ClouDNSIf you are using ClouDNS for DNS validation, follow the steps below to automate the DNS-based domain control validation procedure using Key Manager Plus: Steps to Obtain ClouDNS API Credentials:
Click here to learn more about ClouDNS API Auth IDs. Now, in the Key Manager Plus interface, follow the below steps to add ClouDNS to Let's Encrypt CA:
2.7 DNS Made Easy
Notes:
|