How Does Let's Encrypt work with Adobe Experience Manager?

I'm trying to understand how the Let's Encrypt SSL service works with Adobe Experience Manager.

I'm a bit confused by the process of setting up Nginx and Cron to issue CSRs and automate the renewal process every 90 days (I understand I have to do this because Let's Encrypt only offers 90-day certs).

Will this automatic renewal process work with Adobe Experience Manager (AEM) servers? Is Let's Encrypt partnered with Adobe such that I should be reaching out to an Adobe contact or is this something I, as a UX developer, have to pick up and learn myself?

Thanks for any help pointing me in the right direction.

1 Like

Hi @tinateena, and welcome to the LE community forum :slight_smile:

It probably will.
But you have to break "the problem" down into "parts" to better understand "how" they can work together and solve the "riddle".
Part one: Obtain a globally signed certificate
Part two: Using a globally signed certificate with AEM / Securing AEM

For part one, you need to choose an ACME client that is right for your "environment".
Most important question on that: What O/S does the AEM run on?

For part two, you may get better help from the AEM user's guide [or website].

5 Likes

Thanks @rg305 :slightly_smiling_face:

I believe our instance of AEM is running in a Linux environment (CentOS version 3.10.0-1160.71.1.el7.x86_64). It requires the Java SE runtime. AEM also uses Apache Sling and OSGI.

I'm not sure which of the ACME Clients would be suitable given this information (perhaps CertBot?)

I found this AEM wizard for setting up SSL but I'm not sure I can use that in a terminal environment if I want to use Let's Encrypt and automate renewals.
https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/use-the-ssl-wizard.html?lang=en

1 Like

That wizard seems like a very manual solution.
You may need to find a CLI version of those "commands" and then you might be able to automate the use of renewed certs.

Getting the cert and renewing it are straightforward with CentOS.
And, yes, certbot would be a valid choice for such an ACME client.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.