Let’s Encrypt Integration Guide

Prerequisites

Before beginning, ensure the following:

• CertSecure Manager is fully operational.
• You have administrative privileges in CertSecure Manager.
• Your CertSecure Manager account has “Manage Certification Authorities” permission.
• You have access to:
1. A valid Let’s Encrypt ACME URL (e.g., https://acme-v02.api.letsencrypt.org/directory for production or https://acme-staging-v02.api.letsencrypt.org/directory for staging).
2. The domain(s) you wish to obtain certificates for.
3. Domain validation credentials from your DNS Provider.

Note: Let’s Encrypt uses the ACME (Automated Certificate Management Environment) protocol for automated certificate issuance and renewal. Ensure your DNS provider supports API-based validation for automated domain verification.

Deployment Steps

1. Navigate to Connectors Page

   In CertSecure UI:

   • Go to Administration > Certificate Authorities.

   • Under Agentless CAs, select Configure under Let’s Encrypt.

     

2. Configure ACME URL

   On the ACME Configuration page:

   • Enter Connector Name (e.g., LetsEncrypt_Production or LetsEncrypt_Staging).

   • Enter the Let’s Encrypt ACME URL:

     1. For Production: https://acme-v02.api.letsencrypt.org/directory
     2. For Staging/Testing: https://acme-staging-v02.api.letsencrypt.org/directory

   Note: Use the staging URL for testing to avoid rate limits during initial setup.

   

3. Add Domain with Credentials

   On the Domain Configuration page:

   1. Enter the Domain Name you want to validate (e.g., example.com).
   2. Select your DNS Provider from the dropdown.

   3. Enter the DNS Provider Credentials:

      1. API Key or Access Token
      2. Secret Key (if required)
      3. Additional authentication parameters as needed by your DNS provider
   4. Click on save

   

4. Domain Auto-Validation
   1. After saving the CertSecure will automatically validate the domain for ACME use through DNS-01 challenge.
   2. Wait for the validation status to show Active.

   

5. Verify CA Availability

   In CertSecure UI:

   1. Go to Administration > Certificate Authorities > Manage CAs
   2. Verify that Let’s Encrypt appears in the list of available Certificate Authorities.

   

Post-Installation Verification

• Navigate to Enrollment > Generate Certificate
• Select Let’s Encrypt as the Certificate Authority.
• Request a test certificate to verify that the integration is working correctly.