• No matching documents

    Setting up Let's Encrypt

    Let's Encrypt is a certificate auto-renewal service which is provided free of charge and is trusted by all modern browsers.

    Prerequisites

    • Make sure you are running the most recent firmware version, in versions prior to 6.4.27 there are known issues with Let’s Encrypt.
    • The PABX hostname will need to be publicly resolvable.
    • Let's Encrypt requires access to both port 80 and port 443 of the PABX in order to issue the certificate.
    • Make sure that the admin email address is correctly set, this allows Let’s Encrypt to send notifications.

    Limitations

    • Let’s Encrypt requires port 80 and port 443 to be accessible over the internet, this may deter some organisations.
    • Some older handsets don’t recognise the Let’s Encrypt certificate if using secure provisioning.

    Setup

    1. Set a valid host name under system > global > network and click 'Update'.
    2. Add a DNS entry for the unit's host name that points to the external address.
    3. Add a firewall rule to allow HTTP and HTTPS access. (HTTP: 80 TCP, HTTPS: 443 TCP)
    4. Go to system > certificates, enter the details and click 'Save and Generate CSR'.
    5. Check 'Use Let's Encrypt for certificates?' this will popup a Let's Encrypt Terms of Service prompt. Click 'Accept' to start the certificate request process.
    6. Check the 'Let's Encrypt Status' is 'Succeeded and live'.