| At line 3 changed one line |
| This plugin is possible starting with CrushFTP v9. You need to download this plugin and place it in your CrushFTP ▸ WebInterface ▸ Plugins folder. [LetsEncrypt.jar]\\ |
| This plugin is possible starting with CrushFTP v9. You need to download this plugin and place it in your CrushFTP ▸ Plugins folder. After that a service restart is required. [LetsEncrypt.jar]\\ |
| At line 5 changed one line |
| Applications ▸ CrushFTP9_OSX ▸ CrushFTP9.app ▸ Contents ▸ Resources ▸ Java ▸ plugins \\ |
| Applications ▸ CrushFTP9 ▸ plugins \\ |
| At line 12 added one line |
| [attachments|lets_encrypt_header.png] |
| At line 14 changed one line |
| Domains : Multiple domains should be separated with a comma.\\ |
| Server Instance : To generate certificate for DMZ just specify the DMZ server instance name. The Let's encrypt server will test the given server instance. Leave it empty for normal case. \\ |
| At line 17 added 8 lines |
| Request version : V01 or V02. Choose V02 as it is the latest to have backward compatibility the V01 is still supported.\\ |
| \\ |
| Challenge type : Only available on V02.\\ |
| http-01-> It is an http based challenge it requires the CrushFTP to have an HTTP server item available from outside on port 80. Make you sure the https redirect is turned off. V01 can only do http based challenge.\\ |
| tls_alpn-> (!!! Only works with Java 11+) It is a tls based challenge it requires the CrushFTP to have an HTTPS server item available from outside on port 443.\\ |
| \\ |
| Domains : Sets the SAN (Subject Alternate Name) field of the cert, can be a single domain name, or multiple, in that case multiple domains should be separated with a comma. Subdomains are actually totally different domains than the parent domain, in case of a multi-domain cert, need to specify each subdomain name individually. That until Letsencrypt will allow wildcard certs.\\ |
| \\ |
| At line 18 changed one line |
| Staging flag: It is for test mode. If the is true it will only generate a dummy jks, not a valid one.\\ |
| Staging flag: It is for test mode. If this flag is toggled, we will only generate a dummy keystore in memory.\\ |
| At line 20 changed 3 lines |
| If the all fields are ready hit the submit, and the jks will be created in the specified keystore location.\\ |
|
| Once done, and full success, there is another step. On Preferences_>Encryption_>SSL page, will need to supply the same full path to the keystore (.jks) file and the passwords you entered on the Letsencrypt plugin. The plugin only generates the key store, but doesn't apply it. Once done, test, if successful, save, then restart the HTTPS port or the CrushFTP service, to actually load the cert. Then can test with a browser.\\ |
| If the all fields are ready hit the submit, and the jks will be created in the specified key store location.\\ |
| At line 24 changed 2 lines |
| Will need to click Submit and restart every 60-90 days , bacuse the Letsencrypt cert is valid only for this long. |
|
| Once done, and full success, there is another step. On Preferences_>Encryption_>SSL page, will need to supply the same full path to the key store (.jks) file and the passwords you entered on the Letsencrypt plugin. The plugin only generates the key store, but doesn't apply it. Once done, test, if successful, save, then restart the HTTPS port or the CrushFTP service, to actually load the cert. Then can test with a browser.\\ |
| \\ |
| Will need to click Submit and restart every 60-90 days , because the Let's encrypt cert is valid only for this long.\\ |
| \\ |
| __Update the certificate automatically:__ It updates the certificate automatically and restarts the https server item ports. Let's encrypt server allows 5-6 tries weekly, we suggest to set the check certificate weekly.\\ |
| __Alert:__ To get notification about failed updates create Plugin Message alert (Preferences -> Alerts). |
| \\ |
| !!!Troubleshooting\\ |
| \\ |
| 0. Download replace plugin. Let's Encrypt often has change on the API. |
| 1. Check that your server is reachable through the given domain with http protocol on the default port (80) or on https on the default port (443).\\ |
| 2. Check Staging flag, it is a test mode. Always try first in test mode. Check the Delete account key pair and Delete domain key pair flags and test again.\\ |
| 3. Rewrite the Keystore Password and Key Password, test it again. |
