Obtaining a Certificate

These instructions cover the general process of obtaining a certificate. Specific settings will vary by deployment, and each section below links to the settings for each area.

Generate an Account Key

The ACME package requires an Account Key before it can issue a certificate. This key is typically unique, but can be shared.

For users unfamiliar with the Let’s Encrypt service, the first key should be for a staging ACME server which has much more relaxed rate limits but is not valid for public use. Once the ACME package successfully issues a certificate using the staging ACME server, create an account key for the production ACME server and then issue the certificate again using that account key.

To create and register an account key:

• Navigate to Services > ACME Certificates, Account Keys tab

• Click Add

• Fill in the info as described in Account Key Settings

• Click Generate New Account Key

• Click Register ACME Account Key

• Click Save

Create a certificate

The next step is to create a certificate entry.

• Navigate to Services > ACME Certificates, Certificates tab

• Click Add

• Fill in the info as described in Certificate Settings

• Add one or more SAN List entries (Certificate Settings) with appropriate validation settings (Validation Methods)

• Add Action list entries, if necessary (Certificate Settings)

• Click Save

Configure General Settings

The last configuration step is to enable at least the Cron Entry to ensure that the ACME package will automatically renew certificates before they expire. See General Settings for detailed descriptions of the options.

• Navigate to Services > ACME Certificates, General Settings tab

• Check Cron Entry

• Check Write Certificates (optional)

• Click Save

Issue a Certificate

With the settings in place, the final task is to issue the certificate:

• Navigate to Services > ACME Certificates, Certificates tab

• Find the certificate entry in the list

• Click Issue/Renew

• Wait for the process to complete

This step may take a few minutes to complete as it sets up the validation, contacts the ACME server, then waits for the server to complete validation.

Once complete, the page will display the result at the top. Check the output to ensure that it was successful and included a certificate.

If the process was successful, the package will import the certificate along with its associated certificate authorities in the GUI Certificate Manager. Check at System > Certificates to ensure the entries are present.