Easiest way to create SSL certificate

Let's Encrypt is an open certificate authority that issues SSL certificates for free. Following steps demonstrate how to create an SSL certificate using SynaMan.

Important Concepts

  • Before issuing a certificate, Let's Encrypt will have to confirm you own the host name for which the certificate is being issued. This confirmation is done through a process called Challenge/Response. There are two kind of challenges:

    1. HTTP - Let's Encrypt will try fetching a certain file, called token, from your web server. A successful fetch confirms you own the host name. This is the preferred method and is easier to work with but require you have TCP port 80 open and available.
    2. DNS - Let's Encrypt will look for a TXT record in your DNS server. You will have to manually update the DNS record once every 90 days.

  • Certificates are only valid for 90 days and must be renewed.


If you decide to use the HTTP method for challenge/response, you will need to run an HTTP server that listens on port 80 and is accessible from the Internet. Let's Encrypt will not connect on any port other than TCP/80. Therefore, you have either make SynaMan or any other server running on the same machine listen on port 80.

Step-by-Step Instructions

  • Log in using admin credentials
  • Click SSL Certificates under Quick Links
  • Following table describes what each field mean:

    Field NameDescription
    Host NameRefers to the FQDN of your machine. SSL certificates are always issued for a host name.
    Challenge TypeSelect the desired challenge/response type. Remember you will have to manually update your DNS server, if you decide to go with DNS.

    Select HTTP - Other if you have another HTTP server listening on port 80. In that case, you will have to specify the root folder for this server. For example, the default value for an IIS server is C:\inetpub\wwwroot\Default
    Root PathOnly applies if you select HTTP - Other for challenge.
    Test CertificateWe recommend you check this box when creating the certificate the first time to ensure there are no problems. Generate the final (non-test) certificate once a test certificate has been created successfully.

Troubleshooting Tips IIS Server

If you use an IIS server on port 80, it is very likely the challenge/response steps will run into an error. The challenge token sent by Let's Encrypt looks for a file that does not have any extension. By default, IIS does not serve files without extensions. Click here to see how to configure IIS so it serves files without extension.

Cert Renewals

Syncrify/SynaMan will automatically renew the certificate after about around 80 days. Ensure access to port 80 is still available so Let's Encrypt can validate challenge.

You will have to manually renew the certificate if you decide to use DNS for challenge/response.

Tutorial Video

Click here to watch a short video explaining how this works. Even though the video talks about a different product, concepts are identical to SynaMan.


Social Media

Powered by 10MinutesWeb.com