Easiest way to create SSL certificate
Let's Encrypt is an open certificate authority that issues SSL certificates
for free. Following steps demonstrate how to create an SSL certificate using SynaMan.
Important Concepts
- Before issuing a certificate, Let's Encrypt will have to confirm you own the host name for which the certificate is being issued.
This confirmation is done through a process called Challenge/Response. There are two kind of challenges:
- HTTP - Let's Encrypt will try fetching a certain file, called token, from your web server. A successful fetch confirms
you own the host name. This is the preferred method and is easier to work with but require you have TCP port 80 open and available.
- DNS - Let's Encrypt will look for a TXT record in your DNS server. You will have to manually
update the DNS record once every 90 days.
- Certificates are only valid for 90 days and must be renewed.
Prerequisites
If you decide to use the
HTTP method for challenge/response, you will need to run an HTTP server that listens on port 80
and is accessible from the Internet. Let's Encrypt will not connect on any port other than TCP/80.
Therefore, you have either make SynaMan or any other server running on the same machine listen on port 80.
Step-by-Step Instructions
- Log in using admin credentials
- Click SSL Certificates under Quick Links
- Following table describes what each field mean:
Field Name | Description |
Host Name | Refers to the FQDN
of your machine. SSL certificates are always issued for a host name.
|
Challenge Type | Select the desired challenge/response type. Remember you will have to manually update
your DNS server, if you decide to go with DNS.
Select HTTP - Other if you have another HTTP server listening on port 80. In that case, you will have to
specify the root folder for this server. For example, the default value for an IIS server is C:\inetpub\wwwroot\Default
|
Root Path | Only applies if you select HTTP - Other for challenge. |
Test Certificate | We recommend you check this box when creating the certificate the first time to ensure
there are no problems. Generate the final (non-test) certificate once a test certificate has been created successfully. |
Troubleshooting Tips IIS Server
If you use an IIS server on port 80, it is very likely the challenge/response steps will run into an error. The challenge token sent
by Let's Encrypt looks for a file that does not have any extension. By default, IIS does not serve files without extensions.
Click here to see how to configure IIS so it serves files without
extension.
Cert Renewals
Syncrify/SynaMan will automatically renew the certificate after about around 80 days. Ensure access to port 80 is
still available so Let's Encrypt can validate challenge.
You will have to manually renew the certificate if you
decide to use DNS for challenge/response.
Are These Certificates Secure?
Yes. Certificates from Let's Encrypt are being used by millions of organizations. Refer to the statistics page
on their website for details.
Tutorial Video
Click here to watch a short video explaining how this works. Even though the video talks about a different product,
concepts are identical to SynaMan.