Let's Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). So with that in mind, I decided that it was high time that I secured my Untangle appliance with Let's Encrypt.
A Note on Installing LE...
Specifically, that doing this via the
cli is generally not supported by Untangle. That said, if you absolutely have to have valid free SSL certificate installed on your Untangle appliance, this is the best way.
Also, some potential caveats have been noted by experienced Untangle users here. Specifically, that under certain conditions, Untangle will replace the SSL certificate that
acme.sh installs for you. So keep that in mind!
Additionally, it's always a good idea to periodically check on your Untangle's HTTPS install to ensure it hasn't been broken.
With that said, let's install Let's Encrypt!
Prepare Untangle for Let's Encrypt
First and foremost, we need to download
curl https://get.acme.sh | sh
Finally, let's run the script!
Follow the prompts as necessary.
acme.sh -h will provide output of all commands used by
acme.sh once the install's completed.
You'll need to log out of the console or
SSH and then log back in. I believe
acme.sh even says this when the install process has been completed, but I've added this warning here as well.
Activating LE on Untangle
Actually activating Let's Encrypt is a very trivial process, especially if you use stand-alone mode, as I did with the command below.
service apache2 stop acme.sh --issue -d cplexus.heimkoma.com --standalone -k ec-384 --accountemail firstname.lastname@example.org service apache2 start
Checking Let's Encrypt installation
Whew, the hard part's done. Let's check and see if the SSL certificate's installed!
Excellent, it is!