Obtaining LetsEncrypt SSL Certificate
Posted on 14 June 2016 01:04 PM
LetsEncrypt provides Free SSL certificates for verified domains.
Note: Currently FutureQuest does not provide Automatic Renewals for Let's Encrypt SSL Certificates and you would need to obtain the renewal and send the updated certificate to the Service Desk when renewal is required (every 90 days)
ZeroSSL provides a web based form, that with a few steps, will allow you to generate a Free LetsEncrypt SSL Certificate.
The first step in obtaining any SSL Certificate is to generate a CSR (Certificate Signing Request) and Private Key, which ZeroSSL handles for you.
To get started "Click Here"
Your email is optional however as noted by the ZeroSSL folks "Enter email if you want to receive expiration warnings"
You would either enter your Domain Name OR paste in a CSR if created elsewhere
Leave Let's Encrypt Key field blank
FutureQuest recommends choosing DNS Verification
Next you will press the "Next Button"
You will be presented with a popup asking "Include www prefixed version too?" This would add www.yourdomain.com as an alternate domain name for your SSL Certificate so if someone accesses https://yourdomain.com OR https://www.yourdomain.com they will both work with the SSL cerificate.
Once you have decided whether you want to include www or not then you will see "Generating CSR" and once completed the CSR field will be populated with the Certificate Signing Request for yourdomain.com
Either download a copy of the CSR or Copy it to the clipboard and paste it into a text editor and save it.
Then click on Next again and you will see "Generating Account Key" and when completed you will see your Account Key in the left box.
Make sure to Download and save a copy or Copy and paste the Account Key into a text editor and save it.
Then click "Next" again and you will move into the verification Step. This is where you Verify your domain name.
You will want to access your CNC DNS Manager for this step.
Click "ADD Entry"
1. Then copy and paste the first Domain TXT Record, _acme-challenge (_acme-challenge.www for the www version)
2. In "Type of record" select TXT
3. In the "Value" Field copy and paste the value generated from ZeroSSL, in this case it would be L6jp7lTm5mxSN4T1qpd9D7OwSjpKd2S0SrTobINAedI.
4. Set the TTL to 5 minutes
5. Then Press "Add" under Action.
Repeat the above for the 2nd Domain TXT Record, this would only apply if you chose to include the www version of your domain.
Wait about 15 - 30 minutes and then press NEXT. If propagation hasn't completed yet you will see the below screen, if that happens wait another 30 minutes and try again.
When successful you will be presented with your SSL Certificate and Private Key which you must download and save or copy and paste into a text editor and save.
Once you have obtained your Let's Encrypt SSL Certificate you will need to Order installation for the SSL Certificate from your QuestAdmin Login, Place a New Order link.