Let's Encrypt Set Up

Initial setup process for Let's Encrypt

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

 What are the steps to set up Let's Encrypt on the LoadMaster?

 If you have an existing Virtual Service with a Real Server attached and you would like to convert it to one with SubVSs so that you can use this Virtual Service for the certificate validation challenge, follow the steps below:

1. Go to Virtual Services > View/Modify Services.

2. Click Modify on the relevant Virtual Service.

3. Expand the Real Servers section.

4. Take note of the existing Real Server details.

5. Delete any existing Real Servers.

6. In the Real Servers section, click Add SubVS. 

For Let's Encrypt validation, the LoadMaster MUST be capable of creating SubVS's in a VIP.

7. Click Modify on the SubVS that will host the real server.

8. Expand the Real Servers section.

9. Click Add New.

If a port 80 Redirect hasn't been created, this can be done within the 443 service:

Go to Advanced Properties > Add HTTP Redirector.

If there is a preexisting port 80 redirect service ensure the following is configured:

Advanced Properties > Not Available Redirection Handling > Redirect URL: https%h%s.

Once complete, register your Let's Encrypt Account by navigating to Certificated & Security > ACME Certificates > Register Let's Encrypt Account.

Once this is done you can request a new certificate by navigating to Certificated & Security > ACME Certificates > Request New Certificate.

The required fields would be the Certificate Identifier and Common Name.

The virtual service to be selected should be the port 80 redirector since Let's Encrypt utilizes port 80 for the HTTP challenge.

The certificate will be validated and can be assigned to the appropriate service within Certificates & Security > SSL Certificates.

https://support.kemptechnologies.com/hc/en-us/articles/5146851702413-Let-s-Encrypt

https://support.kemptechnologies.com/hc/en-us/articles/10621973373069-Wildcard-Let-s-Encrypt-certificates