Let's Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). So with that in mind, I decided that it was high time that I secured my Untangle appliance with Let's Encrypt.

A Note on Installing LE...

Specifically, that doing this via the cli is generally not supported by Untangle. That said, if you absolutely have to have valid free SSL certificate installed on your Untangle appliance, this is the best way.

Also, some potential caveats have been noted by experienced Untangle users here. Specifically, that under certain conditions, Untangle will replace the SSL certificate that acme.sh installs for you. So keep that in mind!

Additionally, it's always a good idea to periodically check on your Untangle's HTTPS install to ensure it hasn't been broken.

With that said, let's install Let's Encrypt!

Prepare Untangle for Let's Encrypt

First and foremost, we need to download acme.sh's installer.

curl https://get.acme.sh | sh

Finally, let's run the script!

acme.sh --install

Follow the prompts as necessary.

acme.sh -h will provide output of all commands used by acme.sh once the install's completed.

You'll need to log out of the console or SSH and then log back in. I believe acme.sh even says this when the install process has been completed, but I've added this warning here as well.

Activating LE on Untangle

Actually activating Let's Encrypt is a very trivial process, especially if you use stand-alone mode, as I did with the command below.

service apache2 stop
acme.sh --issue -d cplexus.heimkoma.com --standalone -k ec-384 --accountemail admin@heimkoma.com
service apache2 start

Checking Let's Encrypt installation

Whew, the hard part's done. Let's check and see if the SSL certificate's installed!


Excellent, it is!