First time user of LetsEncrypt

Hi,

We’re setting up a RD Gateway for our servers which is NAT’ed over the public IP. And as an added security, we’d like to setup an RD Gateway. The domain is: remote.hammertech.us

How do I setup this certificate coz I don’t see any startup page to start working on the cert?

Thanks
TECH-JEFF

Maybe try something like this: https://diverse.services/secure-an-rd-gateway-using-lets-encrypt/

You’ll want to select a Windows ACME client which allows you to automatically deploy an issued certificate to your RD Gateway, and the above article uses “Certify the Web” to do so.

Hi Team,

I am trying to start configuring an SSL certificate, but I just can’t find any link in www.letsencrypt.org to start with. No sing up page or login. Getting started provides useful documentation, but effectively I don’t see the starting point where effectively you could create a CSR or get your CSR signed. All I see is documentation and donate. Any suggestions?

Thanks

Ruben

Let’s Encrypt does not work in the way you are thinking, like a traditional CA where you do some stuff with emails and submit a CSR into a webform.

The entire idea is automation. You download some software on the server you want to protect, which automatically does the validation, certificate issuance and renewal. That includes the generation and submission of the CSR.

From https://letsencrypt.org/how-it-works/,

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.

If you want to get a certificate the old way, there are other CAs which still support those workflows. But it’s not suitable for Let’s Encrypt, because these certificates only have a 90 day validity. You don’t want to repeat the task by hand every 90 days, right?

That’s why I linked the article. You can set it up one time, and let it run its automation into the future.

1 Like

Thanks _az for your support. I now understand the process. :smile:

1 Like

@_az
Thanks for the input, I was able to follow the instructions on your link, really appreciate it, though got stuck with the Cert Request, it shows on the logs
‘too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

That’s what happens if you try unsuccessfully 5 times in a row, within 1 hour.

If you wait for an hour and try again, it should show a different error. That will reveal what needs to be fixed.

you are correct, I/m looking into a kb article about ‘connection refused’

For “connection refused”, I would guess that IIS is not running for the Domain Authorization Step, or cannot be accessed from the internet.

I was able to access the iis by dns/hostname.

Well, it’s accessible via HTTPS, but not HTTP:

$ curl -X GET -Ik https://remote.hammertech.us
HTTP/2 200
content-type: text/html
last-modified: Wed, 08 Jul 2020 02:03:29 GMT
accept-ranges: bytes
etag: "ef94df9cb54d61:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 15 Jul 2020 02:19:16 GMT
content-length: 703

$ curl -X GET -Ik http://remote.hammertech.us
curl: (7) Failed to connect to remote.hammertech.us port 80: Connection refused

Let’s Encrypt HTTP validation always begins using port 80 HTTP. The “connection refused” is probably related to the fact that you’re not serving HTTP on port 80. You would need to enable that (even if it’s just a redirect to HTTPS).

2 Likes

Really appreciate the help, yes after requesting to our Network team to open port 80, it did successfully provided a cert.
Have a good day ahead!
TECH-JEFF

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.