How to install and use the Let’s Encrypt Free SSL add-on?
When hosting applications, a big concern is making sure they are safe. One common way to keep data secure is by using HTTPS, which encrypts the traffic.
Starting January 1st, 2017, Google Chrome began marking web pages without SSL (a security feature) as non-secure, especially those asking for passwords or credit card information. This makes using encryption even more important.
Creating and setting up a custom SSL certificate for a project can be hard and take a lot of time. Let’s Encrypt (LE) is a free service that makes this process much simpler and automatic.
The trend now is to automate the issuance and use of custom SSL certificates when moving websites to HTTPS. AccuWeb.Cloud developers have done a great job by combining Let’s Encrypt with Cloud Scripting, creating a solution that eliminates the need for regular certificate renewals.
The key advantage of this solution is its easy integration with popular load balancers and application servers, making it possible to secure many existing applications in AccuWeb.Cloud.
As an add-on, this solution can be easily added to any container with Custom SSL support. It works with various servers.
Load Balancers – NGINX, Apache LB, HAProxy, Varnish
Java application servers – Tomcat, TomEE, GlassFish, Payara, Jetty
PHP application servers – Apache PHP, NGINX PHP
Ruby application servers – Apache Ruby, NGINX Ruby
If you need Let’s Encrypt SSL for other setups, simply add a load balancer and install the add-on. SSL termination at the load balancing level is the default in clustered topologies.
How It Works:
When you install the add-on, it gets Let’s Encrypt’s certificate management agent (CMA), which downloads and configures. It then asks Let’s Encrypt Certificate Authority (CA) for certificates, applies them to the software, and sets up a scheduled task to update certificates when they’re about to expire.
Domain Control Validation:
To get the certificates, Let’s Encrypt checks the entry point of the web server at port 80 to make sure it controls the specified domains. During this check, all incoming HTTP traffic is redirected internally to a specific port (12345) where the certificate management agent (CMA) proxy runs.
If there are multiple nodes of the same type, traffic is routed to the master node with the CMA proxy during updates. Special rules are set for this temporary redirection, and they are removed once the domain validation is confirmed.
After successful validation, the CMA can request, renew, and revoke SSL certificates for the domains. It automatically generates the necessary SSL key pair, and the certificates are sent to all nodes via AccuWeb.Cloud API. This ensures that the application is configured for secure communication via HTTPS.
Despite the detailed explanation, all these actions happen quickly, usually within minutes. Now, let’s see how to start the Let’s Encrypt add-on installation.
Installing Let’s Encrypt SSL:
Here’s how to install Let’s Encrypt Free SSL on AccuWeb.Cloud:
Step 1: Log in to your AccuWeb.Cloud dashboard and go to the Marketplace at the top.
Step 2: In the Add-ons tab, find Let’s Encrypt Free SSL and click Install.
Step 3:Â In the installation window, provide the following details:
External Domain(s):Â Leave it blank for a test certificate. Enter linked external domains for trusted certificates, separating them with space, comma, or semicolon.
Environment Name:Â Choose the appropriate environment name from the dropdown list.
Nodes Layer:Â Select the Nodes layer with your environment entry point. It’s usually detected automatically but can be manually redefined.
Step 4:Â Click “Install” to start the SSL certificate installation.
Note:Â The add-on needs a Public IP address, and it will be automatically attached during installation (Public IP is a paid option).
Step 5:Â The installation may take a few minutes to validate domain ownership, issue certificates, and apply them. Afterwards, check HTTPS support and the certificate expiration date in Environment Settings > Custom SSL.
Step 6:Â Test the connection by opening the application over HTTPS to ensure it’s accessible and the connection is secure and trusted by the browser.
Let’s Keep Your Let’s Encrypt Certificates Updated:
Your Let’s Encrypt SSL certificates are valid for 90 days. After this time, they need to be renewed to keep the encryption working.
Usually, the renewal happens automatically 30 days before expiration, and you’ll get an email notification. This check is done once a day by a scheduled task. You can set a specific time if needed.
You can also renew the certificates manually anytime by clicking the Add-ons button next to your environment and using the Update Now button in the add-on panel.
If you reinstall the add-on for the same domain, it will update your SSL certificates. But be careful; adding new domains will replace the existing certificates.
Adjusting Let’s Encrypt Certificates:
You can modify the existing Let’s Encrypt Free SSL add-on to meet new requirements if needed. Just click the Configure button in the Let’s Encrypt panel. In the popup, you can change External Domain(s) or remove any listed domains.
Note: To stay secure, a new certificate will be issued, even if you remove a domain from the existing one.
Removing Let’s Encrypt SSL Add-On:
To remove Let’s Encrypt SSL from your environment, go to the Add-ons tab, expand options in the top-right corner of the Let’s Encrypt SSL plank, and choose Uninstall. After confirmation, the add-on will be removed, and the attached certificates will be deactivated.
That’s it! Now you know how to install and manage the Let’s Encrypt add-on for automatic custom SSL configuration of your environment, protecting almost any application quickly, for free, and with minimal effort.
Conclusion:
In conclusion, installing and using the Let’s Encrypt Free SSL add-on is straightforward. Simply log in to your AccuWeb.Cloud dashboard, navigate to the Marketplace, and select Let’s Encrypt Free SSL in the Add-ons tab. Provide the necessary details, such as external domain(s), environment name, and nodes layer. Click “Install,” and the SSL certificate installation will begin. This user-friendly approach ensures a secure and encrypted connection for your website or application in just a few simple steps.