Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
lets_encrypt.png 120.1 kB 7 29-Dec-2020 05:25 krivacsz version 4
png
lets_encrypt_header.png 34.9 kB 1 29-Dec-2020 05:25 krivacsz

This page (revision-53) was last changed on 27-Sep-2021 13:34 by krivacsz

This page was created on 29-Dec-2020 05:25 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 removed 3 lines
This plugin is possible starting with CrushFTP v9. You need to download this plugin and place it in your CrushFTP ▸ Plugins folder. [LetsEncrypt.jar]\\
On OSX machines you need to copy the file into: \\
⁨Applications⁩ ▸ ⁨CrushFTP9_OSX⁩ ▸ ⁨CrushFTP9.app⁩ ▸ ⁨Contents⁩ ▸ ⁨Resources⁩ ▸ ⁨Java⁩ ▸ ⁨plugins⁩ \\
At line 4 added 6 lines
***\\
About : __DST Root CA X3 Expiration (September 2021)__ See oficial description : https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/\\
If you have a certificate issued by CrushFTP Let's Encrypt plugin and the root cert is still __DST Root CA__ => Make sure that flags "__Delete account key pair__" and " __Delete domain key pair__" are checked and renew your certificate. After the renew the new root certificate will be: __ISRG Root X1__.
***\\
\\
\\
At line 15 changed one line
Request version : V01 or V02. Choose V02 as it is the latest, because the backward compatibility the V01 is still supported.\\
Server Instance : To generate certificate for DMZ just specify the DMZ server instance name. The Let's encrypt server will test the given server instance. Leave it empty for normal case. \\
At line 20 added 4 lines
Challenge type : Only available on V02.\\
http-01-> It is an http based challenge it requires the CrushFTP to have an HTTP server item available from outside on port 80. Make you sure the https redirect is turned off. V01 can only do http based challenge.\\
tls_alpn-> (!!! Only works with Java 11+) It is a tls based challenge it requires the CrushFTP to have an HTTPS server item available from outside on port 443.\\
\\
At line 21 changed one line
Staging flag: It is for test mode. If the is true it will only generate a dummy jks, not a valid one.\\
Staging flag: It is for __test mode__. If the is true it will only generate a dummy jks, not a valid one.\\
At line 23 changed one line
If the all fields are ready hit the submit, and the jks will be created in the specified keystore location.\\
If the all fields are ready hit the submit, and the jks will be created in the specified key store location.\\
At line 25 changed one line
Once done, and full success, there is another step. On Preferences_>Encryption_>SSL page, will need to supply the same full path to the keystore (.jks) file and the passwords you entered on the Letsencrypt plugin. The plugin only generates the key store, but doesn't apply it. Once done, test, if successful, save, then restart the HTTPS port or the CrushFTP service, to actually load the cert. Then can test with a browser.\\
Once done, and full success, there is another step. On Preferences_>Encryption_>SSL page, will need to supply the same full path to the key store (.jks) file and the passwords you entered on the Letsencrypt plugin. The plugin only generates the key store, but doesn't apply it. Once done, test, if successful, save, then restart the HTTPS port or the CrushFTP service, to actually load the cert. Then can test with a browser.\\
At line 27 changed one line
Will need to click Submit and restart every 60-90 days , bacuse the Letsencrypt cert is valid only for this long.\\
Will need to click Submit and restart every 60-90 days , because the Let's encrypt cert is valid only for this long.\\
At line 36 added 3 lines
__Update the certificate automatically:__ It updates the certificate automatically and restarts the https server item ports. Let's encrypt server allows 5-6 tries weekly, we suggest to set the check certificate weekly.\\
__Alert:__ To get notification about failed updates create Plugin Message alert (Preferences -> Alerts).
\\
At line 31 changed 2 lines
1. Check that your server is reachable through the given domain with http protocol on the default port (80).\\
2. Check the Delete account key pair and Delete domain key pair flags and test again.\\
0. Download replace plugin. Let's Encrypt often has change on the API.
1. Check that your server is reachable through the given domain with http protocol on the default port (80) or on https on the default port (443).\\
2. Check Staging flag, it is a test mode. Always try first in test mode. Check the Delete account key pair and Delete domain key pair flags and test again.\\
Version Date Modified Size Author Changes ... Change note
53 27-Sep-2021 13:34 3.362 kB krivacsz to previous
52 27-Sep-2021 13:32 3.296 kB krivacsz to previous | to last
51 27-Sep-2021 13:31 3.3 kB krivacsz to previous | to last
50 27-Sep-2021 13:31 3.292 kB krivacsz to previous | to last
49 27-Sep-2021 13:30 3.228 kB krivacsz to previous | to last
48 27-Sep-2021 13:29 3.214 kB krivacsz to previous | to last
47 27-Sep-2021 13:26 3.112 kB krivacsz to previous | to last
46 27-Sep-2021 13:24 3.165 kB krivacsz to previous | to last
45 27-Sep-2021 13:23 3.162 kB krivacsz to previous | to last
44 27-Sep-2021 13:23 3.155 kB krivacsz to previous | to last
43 16-Jun-2021 08:09 2.998 kB Ben Spink to previous | to last
42 05-Mar-2021 02:08 3.243 kB Ben Spink to previous | to last
41 29-Dec-2020 05:25 3.294 kB Sandor to previous | to last
« This page (revision-53) was last changed on 27-Sep-2021 13:34 by krivacsz
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki