Setting up Let's Encrypt

Let’s Encrypt is a certificate auto-renewal service which is provided free of charge and is trusted by all modern browsers.

Prerequisites

  • Make sure you are running the most recent firmware version, in versions prior to 6.4.27 there are known issues with Let’s Encrypt.
  • The PABX hostname will need to be publicly resolvable.
  • Let’s Encrypt requires access to both port 80 and port 443 of the PABX in order to issue the certificate.
  • Make sure that the admin email address is correctly set, this allows Let’s Encrypt to send notifications.

Limitations

  • Let’s Encrypt requires port 80 and port 443 to be accessible over the internet, this may deter some organisations.
  • Some older handsets don’t recognise the Let’s Encrypt certificate if using secure provisioning.

Setup

  1. Set a valid host name under system > global > network and click ‘Update’.

Global Settings Network

  1. Add a DNS entry for the unit’s host name that points to the external address.
  2. Add a firewall rule to allow HTTP and HTTPS access. (HTTP: 80 TCP, HTTPS: 443 TCP)
  3. Go to system > certificates, enter the details and click ‘Save and Generate CSR’.

Certificate Page

  1. Check ‘Use Let’s Encrypt for certificates?’ this will popup a Let’s Encrypt Terms of Service prompt. Click ‘Accept’ to start the certificate request process.
  2. Check the ‘Let’s Encrypt Status’ is ‘Succeeded and live’.

Certificate Page