Let’s Encrypt, a non-profit organization, provides free, automated, and open-source Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates. These certificates are essential for enabling HTTPS, the secure protocol used by websites to protect data transmission.
Let’s Encrypt operates through the Automated Certificate Management Environment (ACME) protocol, a standardized approach for issuing and managing SSL/TLS certificates. When a website owner requests a certificate, their server communicates with Let’s Encrypt’s certificate authority (CA) to prove control over the domain. Once control is verified, the CA issues a certificate, which is then installed on the website’s server.
SKUDONET implements a Let’s Encrypt integration. It functions similarly to certbot, a free, open-source software that automates the process of obtaining and managing Let’s Encrypt certificates. SKUDONET provides a user-friendly interface and simplifies the issuance, configuration, and renewal of certificates against Let’s Encrypt. SKUDONET interacts with Let’s Encrypt’s CA through the ACME protocol to request, install, and renew certificates.
The image below shows a list of SSL certs generated by Let’s Encrypt and saved on SKUDONET ADC
Certificate list details:
Common Name (CN): The fully qualified domain name (FQDN) of the server that the certificate is valid for. For example, test3.test.skudonet.io, example.com, or mail.domain.com.
Issuer: The certificate authority (CA) that signed the certificate.
Domains: The domain(s) that are certified by the CA.
Status: The current status of the certificate, indicated by a color:
Green icon and valid
Yellow icon and the certificate will soon expire and is pending renewal.
Red icon and the certificate has expired.
Orange icon and waiting for approval from Let’s Encrypt.
Gray icon and the certificate is invalid.
Wildcard: This identifies if the certificate is a wildcard certificate or not. A Red tick on this column confirms that the certificate is a wildcard cert.
Autorenewal: This checkbox is enabled if the autorenewal option is enabled. The system will renew the certificate once the expiration date is soon (30 day before to expiry). A nighly process is executed and the action is taken.
Autorenewal: This flag enables or disables the autorenewal property for the indicated certificate.- Farm | Virtual IP: Here you can select which farm or IP to use to auto-renew a certain certificate, take into account that the ACME Handshake will require to connect to the same VIP as the farm using the certificate but under port 80. I.E: if Virtual IP 1 is configured in Farm “ReverseProxy”, you can select the Virtual IP 1 for the auto-renew or a farm listening in this Virtual IP already configured using port 80.
- Force autorenewal: If this option is enabled, the system will renew the certificate even if the expiration period is not reached (30 days before to expiry).
- Restart farms that use this certificate: If this flag is enabled the farms using the renewed certificate will be restarted automatically to apply the changes. If not, the farms using this certificate will continue running in memory with the certificate before renewing.
Creation: The date the certificate is issued.
Expiration: The date the certificate expires.
Actions: The following actions are available for each certificate:
- Create a certificate: This shows a form used to create the certificate.
- Delete: Deletes the certificate from the local storage.
All the information saved by the SKUDONET Let’s Encrypt client is saved in logs /var/log/letsencrypt/letsencrypt.log and /var/log/syslog.
Next Article: LSLB | Let’s Encrypt | Create certificate
