LetsEncrypt plugin#
This plugin is possible starting with CrushFTP v9. You need to download this plugin and place it in your CrushFTP ▸ Plugins folder. LetsEncrypt.jar
On OSX machines you need to copy the file into:
Applications ▸ CrushFTP9_OSX ▸ CrushFTP9.app ▸ Contents ▸ Resources ▸ Java ▸ plugins
About Let's Encrypt: It is a certificate authority that provides certificates (only domain-validated certificates) for free. (for more info : https://letsencrypt.org/how-it-works/)
LetsEncrypt plugin allows you to create a java key store file (the .JKS file) authorized by the Let's Encrypt certificate authority. You do not need to install, configure, or do anything with certbot if using this plugin.
Request version : V01 or V02. Choose V02 as it is the latest to have backward compatibility the V01 is still supported.
Challenge type : Only available on V02.
http-01-> It is an http based challenge it requires the CrushFTP to have an HTTP server item available from outside on port 80. Make you sure the https redirect is turned off. V01 can only do http based challenge.
tls_alpn-> It is a tls based challenge it requires the CrushFTP to have an HTTPS server item available from outside on port 443.
Domains : Multiple domains should be separated with a comma.
Keystore: Set the location of the jks file, and the name.
Staging flag: It is for test mode. If the is true it will only generate a dummy jks, not a valid one.
If the all fields are ready hit the submit, and the jks will be created in the specified key store location.
Once done, and full success, there is another step. On Preferences_>Encryption_>SSL page, will need to supply the same full path to the key store (.jks) file and the passwords you entered on the Letsencrypt plugin. The plugin only generates the key store, but doesn't apply it. Once done, test, if successful, save, then restart the HTTPS port or the CrushFTP service, to actually load the cert. Then can test with a browser.
Will need to click Submit and restart every 60-90 days , because the Let's encrypt cert is valid only for this long.
Update the certificate automatically: It updates the certificate automatically. Let's encrypt server allows 5-6 tries weekly, we suggest to set the check certificate weekly.
Alert: To get notification about failed updates create Plugin Message alert (Preferences -> Alerts).
Troubleshooting
#
1. Check that your server is reachable through the given domain with http protocol on the default port (80).
2. Check the Delete account key pair and Delete domain key pair flags and test again.
3. Rewrite the Keystore Password and Key Password, test it again.
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
lets_encrypt.png | 120.1 kB | 7 | 29-Dec-2020 05:25 | krivacsz | version 4 |
png |
lets_encrypt_header.png | 34.9 kB | 1 | 29-Dec-2020 05:25 | krivacsz |
«
This particular version was published on 29-Dec-2020 05:25 by krivacsz.
G’day (anonymous guest)
Log in
JSPWiki