This page is applicable to NetConnect X 2.5.95 and above
Overview
The purpose of the Generate Let’s Encryprt Certificate page is to provide you with an option for a free, instant SSL certificate via Let’s Encrypt.
Let’s Encrypt is a free, open and automated certificate authority (CA) that is designed
to simplify the acquisition of SSL/TLS digital certificates proving a site’s authenticity,
while also providing the same level of encryption as a fully fledged SSL certificate.
For further information on Let’s Encrypt, please refer to their website.
If you do not intend to use a Let’s Encrypt certificate, you’ll need to either import an existing certificate or order and install a 3rd party SSL certificate as outlined on our Third Party Certificates page.
Prerequisites
In order to successfully generate a Let’s Encrypt certificate, it’s critical that:
- An A Record is created within your public DNS that points your nominated hostname/URL to the Public IP address assigned to the NetConnect environment.
- Traffic via Port 80 (HTTP) is open in both directions.
Keep in mind, you may need to allow time for the A Record to propagate through the internet – Let’s Encrypt limits the amount of attempts that can be made within a one hour period, so if the certificate is not successfully generated first time we recommend leaving enough time to ensure propagation has completed before retrying. See below for details on the rate limits imposed by Let’s Encrypt.
Creating a Let’s Encrypt Certificate
Providing the above prerequisites are met, you can proceed with the certificate order. Simply type your nominate URL exactly as it appears in your DNS record into the “Enter your server URL” field and then click “Generate”. You will be prompted to confirm you have covered off the prerequisites, once you confirm your certificate should receive a notification onscreen to confirm the certificate has been generated successfully. You should now be able to navigate to your NetConnect instance via your assigned URL.
Validity and Renewal
Currently, NetConnect does not renew the Let’s Encrypt certificate automatically. The certificate is generated for a period of 3 months after which the above process should be repeated. The certificate can be renewed prior to expiry by repeating the steps outlined above.
Rate Limits
When generating a Let’s Encrypt certificate, the following limits should be considered:
- There is a limit of 5 failed attempts per hostname, per hour.
- You are able to generate a maximum of 5 certificates per domain, per week.
- No more than 50 certificates can be created per week, per domain.
For further information, please refer to
https://letsencrypt.org/docs/rate-limits/
Next Steps…
Once your Let’s Encrypt certificate is generated, you’ll be able to access your server securely via the assigned URL. Typically, the next step would be to assign a licence, see our Licensing section for more information. If you already have a licence assigned, you can move ahead to the Authentication section for details on how to bind to an Active Directory and configure multi-factor authentication to further secure your environment.
<< Active Certificate Third Party Certificates>>
