Let’s Encrypt is a certificate auto-renewal service which is provided free of charge and is trusted by all modern browsers.

Prerequisites

• Make sure you are running the most recent firmware version, in versions prior to 6.4.27 there are known issues with Let’s Encrypt.
• The PABX hostname will need to be publicly resolvable.
• Let’s Encrypt requires access to both port 80 and port 443 of the PABX in order to issue the certificate.
• Make sure that the admin email address is correctly set, this allows Let’s Encrypt to send notifications.

Limitations

• Let’s Encrypt requires port 80 and port 443 to be accessible over the internet, this may deter some organisations.
• Some older handsets don’t recognise the Let’s Encrypt certificate if using secure provisioning.

Setup

1. Set a valid host name under system > global > network and click ‘Update’.

2. Add a DNS entry for the unit’s host name that points to the external address.
3. Add a firewall rule to allow HTTP and HTTPS access. (HTTP: 80 TCP, HTTPS: 443 TCP)
4. Go to system > certificates, enter the details and click ‘Save and Generate CSR’.

5. Check ‘Use Let’s Encrypt for certificates?’ this will popup a Let’s Encrypt Terms of Service prompt. Click ‘Accept’ to start the certificate request process.
6. Check the ‘Let’s Encrypt Status’ is ‘Succeeded and live’.