Let’s Encrypt is a certificate auto-renewal service which is provided free of charge and is trusted by all modern browsers.
- Make sure you are running the most recent firmware version, in versions prior to 6.4.27 there are known issues with Let’s Encrypt.
- The PABX hostname will need to be publicly resolvable.
- Let’s Encrypt requires access to both port 80 and port 443 of the PABX in order to issue the certificate.
- Make sure that the admin email address is correctly set, this allows Let’s Encrypt to send notifications.
- Let’s Encrypt requires port 80 and port 443 to be accessible over the internet, this may deter some organisations.
- Some older handsets don’t recognise the Let’s Encrypt certificate if using secure provisioning.
- Set a valid host name under system > global > network and click ‘Update’.
- Add a DNS entry for the unit’s host name that points to the external address.
- Add a firewall rule to allow HTTP and HTTPS access. (HTTP: 80 TCP, HTTPS: 443 TCP)
- Go to system > certificates, enter the details and click ‘Save and Generate CSR’.
- Check ‘Use Let’s Encrypt for certificates?’ this will popup a Let’s Encrypt Terms of Service prompt. Click ‘Accept’ to start the certificate request process.
- Check the ‘Let’s Encrypt Status’ is ‘Succeeded and live’.