Let's Encrypt is a CA that provides free certificates via an automated process designed to eliminate the currently complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. Click Configure Let's Encrypt on the Encryption page to open the Let's Encrypt PowerShell Update page, to help you easily configure and run the PowerShell script included in the "SecurityGateway\LetsEncrypt" folder.
Let's Encrypt PowerShell Update
To support using Let's Encrypt's automated process to manage a certificate, this page is provided to help you easily configure and run the PowerShell script included in the "SecurityGateway\LetsEncrypt" folder. Using this page to configure and run the script will set up everything for Let's Encrypt, including putting the necessary files in the SecurityGateway HTTP (templates) folder to complete the http-01 challenge. It uses the HTTP Server Host Name as the domain for the certificate (if that option is blank then it uses the Default Domain), retrieves the certificate, imports it into Windows, and configures SecurityGateway to use the certificate using SecurityGateway's XMLRPC API.
NOTE: Using Let's Encrypt requires PowerShell 5.1 or higher and .NET Framework 4.7.2 or higher. Further, SecurityGateway's HTTP ports setting must be set to listen on port 80 or the HTTP challenge cannot be completed and the script will not work.
Automatically update the LetsEncrypt certificate
Click this checkbox if you wish to automatically create and update an SSL/TLS certificate via the Let's Encrypt script. The certificate will be updated every 10-60 days according to your Days between updates setting below.
Current Password
Including your password creates an API token for the script to access the SG XML API. The password is not saved. This is not necessary when just updating settings.
Host names (separate multiple host names with a comma)
If you wish to set up alternate host names in the certificate, specify those host names here, separated by commas. You do not need to include the HTTP Server Host Name in this list. For example, if your Host Name were "mail.example.com" and you wished to use an alternate host name of "imap.example.com," then you would only need to include "imap.example.com" here. If you do not wish to use any alternate host names then leave this option blank. Note: if you include host names, an HTTP challenge from Let's Encrypt must be completed for each one to validate your server's control of that host name. If the challenges are not all completed then the process will fail.
Admin email for notifications
Specify an administrator email address here if you wish to be notified when an error occurs during a Let's Encrypt update.
Use an ECDSA certificate
Check this box if you wish to use an ECDSA-based certificate rather than an RSA certificate.
Use the staging server
Use this when you need to test Let's Encrypt.
Days between updates (10-60)
Use this option to specify how often your certificate should be updated, from 10-60 days. The default setting is 60 days.
Run Now
Click this button to run the script immediately.
Remove old certificates (expired > 30 days ago)
By default SecurityGateway will remove any old certificates that have been expired longer than 30 days. Uncheck this box if you do not wish to remove them automatically.
View the LetsEncrypt script log file
Click this button to view the Let's Encrypt script's log file.
Days until next update
This shows you how many days are remaining until the certificate is automatically updated, according the Days between updates (10-60) setting above.
Command line:
This displays the command line text that will be used when running the script. The text is updated in real time as you make changes on this page.
