Using Wildcard Let's Encrypt SSL certificates

Christopher Dakin

Introduction

LogonBox supports the creation of free SSL Certificates from Let's Encrypt.

This article details the setup of a wildcard hostname certificate.

Note: This process differs slightly from creating a single hostname SSL Certificate.

 

Pre-requisites

You need to install the Let's Encrypt feature from Updates, Features & Licensing in the top right menu.

Click the download button, then restart the service from the power icon at bottom right.

 

Creating a Let's Encrypt Wildcard SSL certificate

Navigate to the Certificates menu in the left menu, then click Create Certificate.

You can change the certificate algorithm with Certificate Type, or leave as default 2048 bits.

Change the Certificate Provider to Lets Encrypt.

 

Click the Certificate tab.

Complete all fields as appropriate for your organisation.

For a wildcard certificate, the CN needs to be *.yourdomain and your users will be accessing LogonBox on any subdomain.yourdomain.

Click Create to create the new certificate.

 

You now need to create a TXT entry in your corporate DNS server which the Let's Encrypt servers will query to validate the certificate.

 

When you have added the DNS TXT entry, allow enough time for the record to propagate, then click 'I have added the DNS entry'.

This may take some time, so you may have to restart this part of the process again if things time out before the DNS has propagated successfully.

 

Your new certificate should now appear in the certificates list.

 

Configuring LogonBox to use the new certificate

Navigate to System Configuration in the top right menu, then Interfaces.

Edit the Default HTTPS interface.

 

Click the Protocol tab and select your new certificate in the Certificate dropdown.

Click Update to save the settings.

 

Now restart the service via the power icon at bottom right.

Note that the web page will not auto-reload as it's going to be presenting a new cert, so give the server a couple of minutes to restart then hit refresh to get things going again with the new cert.

Your browser should now present the new certificate and it should showing as secure.